from the Linux-security-Microsoft-style dept.
Yes, of course there's now malware for Windows Subsystem for Linux
In 2017, more than a year after the introduction of WSL, Check Point researchers proposed a proof-of-concept attack called Bashware that used WSL to run malicious ELF and EXE payloads. Because WSL wasn't enabled by default and Windows 10 didn't ship with any preinstalled Linux distro, Bashware wasn't considered a particularly realistic threat at the time.
Four years later, WSL-based malware has arrived. The files function as loaders for a payload that's either embedded – possibly created using open-source tools like MSFVenom or Meterpreter – or fetched from a remote command-and-control server and is then inserted into a running process via Windows API calls.
"Threat actors always look for new attack surfaces," said Mike Benjamin, Lumen vice president of product security and head of Black Lotus Labs, in a statement. "While the use of WSL is generally limited to power users, those users often have escalated privileges in an organization. This creates blind spots as the industry continues to remove barriers between operating systems."
If there's a bright side to this anticipated development, it's that this initial WSL attack isn't particularly sophisticated, according to Black Lotus Labs. Nonetheless, the samples had a detection rate of one or zero in VirusTotal, indicating that the malicious ELFs would have been missed by most antivirus systems.
(Score: 5, Informative) by tavares on Monday September 20 2021, @02:24AM (1 child)
it's targeted by the hackers. Really, who thought that WSL would be different? Windows is a lucrative target, and until it's market share shrinks, it will remain a target.
(Score: 0) by Anonymous Coward on Monday September 20 2021, @03:08PM
If Windows had been built on a security model from the start it wouldn't be the lucrative target it is today. As it is, the OS was built on a deck of cards in a time when there was no internet or mutli-user capability. On the other hand, Linux servers run the infrastructure of most of the internet today. If the target were just about market share, they would have been toppled years ago.
(Score: 2, Interesting) by Anonymous Coward on Monday September 20 2021, @03:08AM (1 child)
The former implemented Linux on top of Windows system calls.
The latter implements a VM using Hyper-V.
I can imagine WSL 1 escaping a sandbox but WSL 2 should be a different kettle of fish re paravirtualization.
(Score: 4, Informative) by TheRaven on Monday September 20 2021, @08:48AM
sudo mod me up
(Score: 0) by Anonymous Coward on Monday September 20 2021, @03:10AM
I found my thrill
On Blueberry Hill
I hope WSL goes the way of Silverlight/Moonlight.
(Score: 5, Interesting) by Anonymous Coward on Monday September 20 2021, @03:30AM (9 children)
Seems to be a Windows vulnerability, Linux is only the messenger. The obvious solution, run pure linux. Problem solved. Do we have to keep repeating this over and over?
(Score: 0) by Anonymous Coward on Monday September 20 2021, @07:35AM
We only get to repeat this as long as Corporate keep drinking the standard issue KoolAid from Redmond. Given MS have a large cash warchest, no change anytime soon.
(Score: 2) by Rosco P. Coltrane on Monday September 20 2021, @07:45AM (7 children)
If you install a 4-point harness in a Lada, you're still driving a Lada.
(Score: 2) by Runaway1956 on Monday September 20 2021, @10:59AM (6 children)
Yeah, well, did you notice that I cut a hole in the hood (bonnet) and installed a custom air scoop?
(Score: 0) by Anonymous Coward on Monday September 20 2021, @04:47PM (5 children)
How do you get the Lada moving fast enough for that hood scoop to work? Downhill?
(Score: 0) by Anonymous Coward on Monday September 20 2021, @04:50PM
Push faster?
(Score: 2) by Dr Spin on Monday September 20 2021, @04:58PM (3 children)
The standard method is to fit a Cosworth engine to your Lada, but there are other engine suppliers
with engines that fit. (Jaguar V12 engines do not fit in a Lada Niva - I know - I tried!).
Warning: Opening your mouth may invalidate your brain!
(Score: 0) by Anonymous Coward on Monday September 20 2021, @06:45PM
Have you tried fitting a DFV?
(Score: 2) by Reziac on Tuesday September 21 2021, @02:27AM
Garage54 alert!!
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by turgid on Thursday September 23 2021, @08:44PM
What about a Mazda triple rotor Wankel engine?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Funny) by tangomargarine on Monday September 20 2021, @09:52AM
This reads as some kind of perverted "sup dawg" meme.
Sup dawg, we heard you like your monopolistic anti-competitive OSs, so we shipped you an open source alternative already installed with the monopolistic OS already installed that you didn't have a say in, so you can get...ummm...a better OS pre-installed when you get your Windows OS pre-installed.
And then they somehow blame Linux for the security vulnerability anyway.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"