The support team for 3CX, the VoIP/PBX software provider with more than 600,000 customers and 12 million daily users, was aware its desktop app was being flagged as malware but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack, a thread on the company's community forum shows.
"Is anyone else seeing this issue with other A/V vendors?" one company customer asked on March 22, in a post titled "Threat alerts from SentinelOne for desktop update initiated from desktop client." The customer was referring to an endpoint malware detection product from security firm SentinelOne. Included in the post were some of SentinelOne's suspicions: the detection of shellcode, code injection to other process memory space, and other trademarks of software exploitation.
(Score: 5, Insightful) by Rosco P. Coltrane on Thursday April 13, @09:58AM (2 children)
I can't count the number of totally legit tools I ported to Windows that triggered some overly-sensitive antivirus or other for some reason. Too many false positive and at some point, you just stop caring and tell people who open a tickets that yes, don't worry, the antivirus is being hysterical but it's okay, and please just add the executable to the antivirus' white list.
It's not impossible that those guys thought something similar before realizing that the antivirus was right for once.
(Score: 2) by RS3 on Thursday April 13, @04:15PM
Yeah, there are many false-positive results from many A/V softwares.
For years I've used VirusTotal [virustotal.com] and Jotti [jotti.org] to scan any unknown / "suspicious" file. It's interesting to see that often one or two will flag something that the rest pass as okay.
ClamAV flags many okay files, erring on the side of safety.
My current A/V will flag many Nirsoft utilities.
I've been many places with public WiFi that blocks Nirsoft and some other useful sites.
(Score: 2) by driverless on Saturday April 15, @06:19AM
Beat me to it. We've had some of our stuff flagged as malware, God knows why and it hit other stuff as well, by some random A/V product, and it was unflagged again after a few days when they realised they were causing problems and fixed their scanning. So waiting to see if the malware-flagging went away makes perfect sense.
(Score: 2) by Mojibake Tengu on Thursday April 13, @03:07PM (2 children)
Corporations usually demonstrate this kind of unbelievable incompetence whenever they receive an offer which can't be rejected.
Blaming North Korea always works as plausible. Not believing that one.
is the real fun.
Why operating system builders cannot be criminalized for just that?
Put a couple of dozens of Microsoft and Apple software project managers in jail (enabling espionage, sabotage, extensive damage to industry) and observe the things going much better quickly.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 3, Interesting) by RS3 on Thursday April 13, @04:31PM (1 child)
I'm not disagreeing with you at all, just offering a different perspective: how about jailing the business managers who choose to base their business on an insecure OS.
While I'm at it: how about companies who make accounting and business software that _only_ runs on insecure OSes?
(Score: 2) by Mojibake Tengu on Friday April 14, @05:41PM
No. It's the same as with cars, houses or elevators. You do not jail anyone for buying a sabotaged elevator or statically bad-founded house. You jail builders and architects.
Now that digital infrastructure became structurally critical to all society, it's time to request the same level of personal responsibility from software engineers as we do from other technologies engineers.
The age of software companies privileges must end.
I knew some architect who suicided when his tall building had recorded deviations.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design