Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday October 31 2015, @05:17PM   Printer-friendly
from the what's-in-your-system? dept.

South Korean organizations are being targeted in attacks with a new stealthy backdoor program that gives attackers full access to infected computers.

The malware has been dubbed Duuzer and while it's not exclusively used against targets in South Korea, it does seem that the hacker group behind it have a preference for that country's manufacturing industry, according to security firm Symantec.

Duuzer was designed to work on both 32-bit and 64-bit Windows versions and opens a back door through which attackers can gather system information; create, list and kill processes; access, modify and delete files; execute commands and more.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Saturday October 31 2015, @06:25PM

    by Anonymous Coward on Saturday October 31 2015, @06:25PM (#256947)

    because of all the distros' different configurations

    In practice you'd only have to target the Debian-likes. With them you've already got approx. 50% of Linux market share, both on desktop [redmonk.com] and server [w3techs.com].

    Not to mention the entire Linux ecosystem is tending toward greater standardization, for the most part by the efforts of a mysterious German developer (which I won't mention to avoid flame wars).

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 3, Informative) by frojack on Saturday October 31 2015, @08:31PM

    by frojack (1554) on Saturday October 31 2015, @08:31PM (#256983) Journal

    Actually he was talking about a static-linked binary. Such a thing has everything it needs to run, and need not rely on anything other than what the kernel provides for access to hardware. No external libraries.

    Such a binary would run on any kernal-compatible linux regardles of distro. Such packages are not all that unusual.

    But it would STILL be insufficient to do the type of damage that the typical Windows exploit could do, or to spread by itself without some form of phishing attack tricking users into installing it as root, AND setting permissions. There have been some demonstration examples over the years but the predictions of the Dread Linux Virus simply hasn't materialized in the real world, or was quickly dealt with.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 4, Insightful) by HiThere on Sunday November 01 2015, @01:42AM

      by HiThere (866) Subscriber Badge on Sunday November 01 2015, @01:42AM (#257071) Journal

      I'm not sure about that. I've never tried, but it looks to me as if you wouldn't need root access in most systems. Just patch PATH to use /home/$USER/bin before /usr/bin, and you're most of the way there. And that's already not uncommon on developer machines. That gives you access to anything in the home directory, which in single user systems is usually everything you need. And the ways around this are all grossly inconvenient. (AKA "Why aren't browsers sandboxed?")

      Mind you, it would be rather easy to harden dedicated systems against this approach. Just don't allow the execution of any file from user space, and mount the systems partition read only. But did I mention the inconvenience of protecting against this attack?

      I think the real mistake was allowing tar/unzip/etc. to unpack files as already executable. But it was just so inconvenient to require that they be manually made executable. (Also, shell scripts don't need to be executable, so someone just has to run a shell script once.)

      Now if it were just easy to flip a switch saying "no files in userspace can be executable" that would protect you from direct attacks, though not from shell, python, ruby, perl, ... scripts....so those would need to be modifies to not be indirectly executable from user space. Which would leave custom languages...

      Each change reduces the attack surface, and makes the system more inconvenient to use. But perhaps it would be reasonable to require that system directories always come before user directories in the path.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.