SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
SoylentNews
South Korean organizations are being targeted in attacks with a new stealthy backdoor program that gives attackers full access to infected computers.
The malware has been dubbed Duuzer and while it's not exclusively used against targets in South Korea, it does seem that the hacker group behind it have a preference for that country's manufacturing industry, according to security firm Symantec.
Duuzer was designed to work on both 32-bit and 64-bit Windows versions and opens a back door through which attackers can gather system information; create, list and kill processes; access, modify and delete files; execute commands and more.
This discussion has been archived.
No new comments can be posted.
South Korean Manufacturing Industry Targeted With New Backdoor Program
|
Log In/Create an Account
| Top
| 16 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
* m2 stares at the monitor... it looks like a hamburger...
m2 - that's a bad sign
(Score: 0) by Anonymous Coward on Saturday October 31 2015, @06:01PM
If the OS weren't Windows it'd still get infected - just with something else designed for another target. There's money to be made, so people will find a way.
(Score: 3, Interesting) by Subsentient on Saturday October 31 2015, @06:11PM
As bad as windows is, and it's pretty bad, I tend to think we'd have malware problems just as severe on other platforms. OS X has terrible security, for example. Linux would take time, because of all the distros' different configurations, but that wouldn't take too long for someone to make a statically linked binary. Oh, you're on ARM? Then we'll start seeing malware in python, ruby, perl etc.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 1, Insightful) by Anonymous Coward on Saturday October 31 2015, @06:25PM
because of all the distros' different configurations
In practice you'd only have to target the Debian-likes. With them you've already got approx. 50% of Linux market share, both on desktop [redmonk.com] and server [w3techs.com].
Not to mention the entire Linux ecosystem is tending toward greater standardization, for the most part by the efforts of a mysterious German developer (which I won't mention to avoid flame wars).
(Score: 3, Informative) by frojack on Saturday October 31 2015, @08:31PM
Actually he was talking about a static-linked binary. Such a thing has everything it needs to run, and need not rely on anything other than what the kernel provides for access to hardware. No external libraries.
Such a binary would run on any kernal-compatible linux regardles of distro. Such packages are not all that unusual.
But it would STILL be insufficient to do the type of damage that the typical Windows exploit could do, or to spread by itself without some form of phishing attack tricking users into installing it as root, AND setting permissions. There have been some demonstration examples over the years but the predictions of the Dread Linux Virus simply hasn't materialized in the real world, or was quickly dealt with.
No, you are mistaken. I've always had this sig.
(Score: 4, Insightful) by HiThere on Sunday November 01 2015, @01:42AM
I'm not sure about that. I've never tried, but it looks to me as if you wouldn't need root access in most systems. Just patch PATH to use /home/$USER/bin before /usr/bin, and you're most of the way there. And that's already not uncommon on developer machines. That gives you access to anything in the home directory, which in single user systems is usually everything you need. And the ways around this are all grossly inconvenient. (AKA "Why aren't browsers sandboxed?")
Mind you, it would be rather easy to harden dedicated systems against this approach. Just don't allow the execution of any file from user space, and mount the systems partition read only. But did I mention the inconvenience of protecting against this attack?
I think the real mistake was allowing tar/unzip/etc. to unpack files as already executable. But it was just so inconvenient to require that they be manually made executable. (Also, shell scripts don't need to be executable, so someone just has to run a shell script once.)
Now if it were just easy to flip a switch saying "no files in userspace can be executable" that would protect you from direct attacks, though not from shell, python, ruby, perl, ... scripts....so those would need to be modifies to not be indirectly executable from user space. Which would leave custom languages...
Each change reduces the attack surface, and makes the system more inconvenient to use. But perhaps it would be reasonable to require that system directories always come before user directories in the path.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1, Insightful) by Anonymous Coward on Saturday October 31 2015, @06:39PM
A lot of windows malware is running entirely ring3, that's enough for basic keylogging, stealth and phoning home. In linux you could target the various user writeable init scripts and config files for much the same effect, if the attacker is after banking details ring3/userland is all they'll ever need anyway.
(Score: 3, Insightful) by aristarchus on Saturday October 31 2015, @07:55PM
As bad as windows is, and it's pretty bad, I tend to think we'd have malware problems just as severe on other platforms. OS X has terrible security, for example.
Oh! The old "Don't hate me because I'm beautiful" line from Micro$erf shills! Microsoft is only vulnerable to malware because of its illegal monopoly, and Macs are only safer because there are so few of them! Has the advantage of being plausible, but it betrays a complete lack of understanding of operating system security.
Linux would take time, because of all the distros' different configurations, but that wouldn't take too long for someone to make a statically linked binary.
So many different distros, and all of them with completely incompatible binaries! No wonder no one uses Linux! Or is this merely an accusation that Linux depends on security through obscurity, like Micro$orft does? No, that is not the reason it would take longer. It would take longer, and be more difficult and not last long even if initially successful, because Linux is a Unix, an OS designed for a multi-user networked environment, and one where all users can have access to the code. These are structural differences from amateur commercial proprietary software, not differences in exposure due to number of installs.
(Score: 0, Disagree) by Anonymous Coward on Sunday November 01 2015, @05:35AM
Hah! You clearly know little about operating system security. Otherwise you would NOT consider Unix or Linux as operating systems that are difficult to break into in terms of security. Even Multics was aiming for something better.
Unix style security is crap- a user level exploit can do whatever the user can do. No big diff from Windows NT. These are operating systems built on the concept of Discretionary Access Controls. Only stuff like Mandatory Access Controls, SELinux and AppArmor, sandboxing changed things to allow stuff to be better.
But despite AppArmor etc from a malware author's point of view there is still very little difference in practice. A browser drive by on any of the major desktop OSes/distros will get you full user level access which is plenty enough. In fact IE's sandboxing might work even better than AppArmor (which is usually not enabled by default, and even if enabled the browser template might be too lax to protect you from some attacks).
The guy talking about different configurations is ignorant too- perl is built-in on most unix and unix-like platforms. I have a perl program (not malware but not very different in many ways- it reports to home base, gathers information etc) that runs _unchanged_ on AIX, OSX, Solaris, most Linux distros. Why the heck would you need a binary for most malware? Only if you are doing bitcoin mining I guess, but even for that case targeting more platforms for that is not a big problem.
The number of installs matter. Many do pwn server linux machines, linux router devices and android linux devices. They don't care so much about desktop ones. So you've got a blinkered view of the world if you think people can't pwn Linux as easily as they pwn Windows. They do, it's just your religious viewpoint prevents you from seeing or accepting it.
Your security vs most other hackers is not really different. The real difference in security between most Desktop Linux Distros and Windows is that with Windows, Microsoft has pwned you from the start. That is the main objection vs Windows in terms of security. And that can be a big objection for some.
(Score: 2) by aristarchus on Sunday November 01 2015, @08:49AM
So you've got a blinkered view of the world if you think people can't pwn Linux as easily as they pwn Windows. They do, it's just your religious viewpoint prevents you from seeing or accepting it.
Well, yeah, but who are you, oh Anonymous Coward? Religious view point? May you be touched by his Noodly Appendage, and have all your cheese grated for you. But user level access? On a router or other appliance? I think you misunderstand what is going on. Yes, user level access is great for taking over that user's account, but when you have a system like mine, and you have to hack the user 1,243 times? Not going to happen. We are talking about system level compromises here, backdoors with root access "from the factory". Oh, now I see. This is why it is so hard to buy a system with linux pre-installed: because it is so difficult to install a backdoor, and all that bloatware that is only available for Windows.
In conclusion, never said Linux could not be hacked, just that compared to Windows. . . . We'll leave it at that.
(Score: 3, Insightful) by frojack on Saturday October 31 2015, @08:03PM
I was going to suggest that this exploit, described with the following capabilities:
opens a back door through which attackers can gather system information; create, list and kill processes; access, modify and delete files; execute commands and more...
looks a LOT like Windows 10 itself.
But you've fallen for Bill Gate's bait, that windows is attacked simply because it is popular, not because it is easy.
Its amazing how much mileage he got out of that. Its been something like 15 years, and its still the pronouncement that just keeps just keeps giving.
No, you are mistaken. I've always had this sig.