Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft Uses Its Expertise In Malware To Help With Fileless Attack Detection On Linux

posted by Fnord666 on Wednesday February 26 2020, @04:29PM   Printer-friendly
from the will-it-detect-windows-installers? dept.

Arthur T Knackerbracket has found the following story:

Hey, Linux fans! Microsoft has got your back over fileless threats. Assuming you've bought into the whole Azure Security Center thing.

Hot on the heels of a similar release for Windows (if by "hot" you mean "nearly 18 months after") comes a preview aimed at detecting that breed of malware that inserts itself into memory before attempting to hide its tracks.

[...] Microsoft's detection feature scans the memory of all processes for the tell-tale footprint of a fileless toolkit, shrieking a warning in the Azure Security Center along with some details of the nasty. An admin can then decide what action to take (and what further investigation is needed).

The scan, according to the Windows giant, is not invasive and the "vast majority" take less than five seconds to run. More importantly for the those fearful of slurpage, memory analysis is performed on the host itself and the results only contain "security-relevant metadata and details of suspicious payloads".

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft Uses Its Expertise In Malware To Help With Fileless Attack Detection On Linux | Log In/Create an Account | Top | 25 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Funny) by ikanreed on Wednesday February 26 2020, @04:42PM (12 children)

    by ikanreed (3164) Subscriber Badge on Wednesday February 26 2020, @04:42PM (#962949) Journal

    That's a bit like saying the kids of anti-vaxxers have expertise in measles.

    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Interesting=1, Funny=2, Total=4
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2) by DannyB on Wednesday February 26 2020, @04:48PM (6 children)

    by DannyB (5839) Subscriber Badge on Wednesday February 26 2020, @04:48PM (#962953) Journal

    I thought that it meant "Expertise in Windows". Where Windows and Malware are interchangeable and equivalent terms.

    Don't get a PC that is infected with Windows.

    Linux is a many splendored thing.
    Linux is all you need.
    Linux lifts us up where we belong.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.

    • (Score: 5, Insightful) by Freeman on Wednesday February 26 2020, @04:51PM

      by Freeman (732) on Wednesday February 26 2020, @04:51PM (#962957) Journal

      Depends on what version of Linux you're using. So far, I'd say the anti-systemd OSes are doing pretty great. While the whole systemd thing seems to be dragging previously top distributions down.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"

    • (Score: 4, Insightful) by aristarchus on Wednesday February 26 2020, @07:19PM (1 child)

      by aristarchus (2645) on Wednesday February 26 2020, @07:19PM (#963023) Journal

      Unlike file-based attacks, fileless malware does not leverage traditional executable files. Fileless attacks abuse tools built-in to the operating system to carry out attacks. Essentially, Windows is turned against itself.

      https://www.cybereason.com/blog/fileless-malware [cybereason.com]

      *

      So, let me get this strait, a Windows solution, for linux, to Windows turning against itself?
      -

      I think it behooves every linux admin to refuse to run any software that protects Windows from itself, or any virus or malware scanners for Microsoft virii or malwares, and to serve as much of these "nasties" as feasible, to help end Windows as soon as possible. From orbit. It's the only way to be sure.

      • (Score: 2) by ilsa on Wednesday February 26 2020, @10:12PM

        by ilsa (6082) Subscriber Badge on Wednesday February 26 2020, @10:12PM (#963163)

        While I don't disagree with your sentiment, I feel I should point out that the article is Windows-centric, which is why it is phrased as it is.

        I don't see how fileless malware designed for Windows would work on linux well enough to propagate. But I don't have difficulty believing that there is linux equivalents to this class of malware, so I can see value in this kind of software.

    • (Score: 3, Funny) by Anonymous Coward on Wednesday February 26 2020, @09:18PM (2 children)

      by Anonymous Coward on Wednesday February 26 2020, @09:18PM (#963091)

      Tragic Joke:

      "What's the difference between Microsoft and Malware?"
      "You can't tell the difference either, eh?"

      • (Score: 0) by Anonymous Coward on Wednesday February 26 2020, @11:39PM (1 child)

        by Anonymous Coward on Wednesday February 26 2020, @11:39PM (#963217)

        One is butt-hurt that you pay for, the other one isn't!

        • (Score: 2) by Grishnakh on Thursday February 27 2020, @03:07AM

          by Grishnakh (2831) on Thursday February 27 2020, @03:07AM (#963297)

          Well, most Windows-based malware these days seems to be "ransomware", where they lock up your files and get you to send them BTC to decrypt them.

          So, more accurately, one is something you pay for up-front, the other is free at first, but charges you later.

  • (Score: 1, Funny) by Anonymous Coward on Wednesday February 26 2020, @06:09PM

    by Anonymous Coward on Wednesday February 26 2020, @06:09PM (#962986)

    "This is Linux calling, your computer have virus"

  • (Score: 2) by DeathMonkey on Wednesday February 26 2020, @06:23PM (1 child)

    by DeathMonkey (1380) on Wednesday February 26 2020, @06:23PM (#962994) Journal

    The ones that are still alive at least!

    • (Score: 2) by DannyB on Wednesday February 26 2020, @07:59PM

      by DannyB (5839) Subscriber Badge on Wednesday February 26 2020, @07:59PM (#963054) Journal

      The remaining ones might automatically become eligible to vote in certain precincts.

      --
      To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.

  • (Score: 2, Touché) by Anonymous Coward on Wednesday February 26 2020, @08:12PM

    by Anonymous Coward on Wednesday February 26 2020, @08:12PM (#963059)

    This is like inviting the Mob to audit your business accounts for 'security'...

  • (Score: -1, Troll) by Anonymous Coward on Wednesday February 26 2020, @10:06PM

    by Anonymous Coward on Wednesday February 26 2020, @10:06PM (#963153)

    stfu provaxxer shill.