Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Saturday July 30 2016, @08:57AM   Printer-friendly
from the patch-your-software dept.

Arthur T Knackerbracket has found the following story:

A cyberespionage group known for targeting diplomatic and government institutions has branched out into many other industries, including aviation, broadcasting, and finance, researchers warn.

Known as Patchwork, or Dropping Elephant, the group stands out not only through its use of simple scripts and ready-made attack tools, but also through its interest in Chinese foreign relations.

The group's activities were documented earlier this month by researchers from Kaspersky Lab, who noted in their analysis that China's foreign relations efforts appear to represent the main interest of the attackers.

In a new report [ecmascript required] Monday, researchers from Symantec said that the group's recent attacks have also targeted companies and organizations from a broad range of industries: aviation, broadcasting, energy, financial, non-governmental organizations (NGO), pharmaceutical, public sector, publishing and software.

While most of Patchwork's past victims were based in China and Asia, almost half of the recent targets observed by Symantec were based in the U.S.

The group uses a legitimate mailing list provider to send newsletter-like emails to its intended targets. The rogue emails link to websites set up by the attackers with content related to China. Depending on the industry they operate in, victims receive links to websites with content relevant for their business.

The rogue websites have links to .pps (PowerPoint) or .doc (Word) files hosted on other domains. If downloaded and opened, these files attempt to exploit known vulnerabilities in Microsoft Office in order to execute rogue code on users' computers.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday July 30 2016, @11:11AM

    by Anonymous Coward on Saturday July 30 2016, @11:11AM (#381929)

    The rogue websites have links to .pps (PowerPoint) or .doc (Word) files hosted on other domains. If downloaded and opened, these files attempt to exploit known vulnerabilities in Microsoft Office in order to execute rogue code on users' computers.

    This is what bugs me so much. These are *supposed* to be just data. Just *how* does one get malware from just *looking* at something? Microsoft - the businessman's choice - has that one nailed.

    Just how many years have these products been vectors for computer infections? And they have not been fixed yet????

    I know what would fix this fast, but no one would stand for it: Have it be perfectly legal to reverse-engineer, fix, and redistribute a fixed version completely clear of copyright or patent.

    I am tired of software people getting the protection of keeping the source code secret while simultaneously being held harmless for what it does. However, even with Congress themselves being unable to trust even their own systems, they fail to pass any sort of legislation that would put teeth into these "Typhoid Mary" type operating systems and get them off the public nets, just as we would enforce that typhoid carriers not be allowed to work in public places.

  • (Score: 0) by Anonymous Coward on Saturday July 30 2016, @12:18PM

    by Anonymous Coward on Saturday July 30 2016, @12:18PM (#381933)

    People trust Microsoft because Bill Gates is the world's richest man, and every person who isn't the world's richest secretly wants to be the world's richest person.

    You, poor nobody, will never convince people to use your Hacked Office: Terrorist Edition

  • (Score: 0) by Anonymous Coward on Saturday July 30 2016, @05:38PM

    by Anonymous Coward on Saturday July 30 2016, @05:38PM (#381994)

    "Looking" means decoding and rendering at the very least, and both of those steps require code to parse supplied data. Since code+data mix in x86, bugs in the (minimal) decode and render steps can introduce data to codespace.

    You out your noobness by thinking that it's possible to reverse engineer and remove all the bugs from MS products. Millions of lines of code. Shoulders of giants (libraries). Go clean up Firefox if it's so easy.

    • (Score: 0) by Anonymous Coward on Saturday July 30 2016, @11:27PM

      by Anonymous Coward on Saturday July 30 2016, @11:27PM (#382097)

      Hey, have you hit on a defense against malware? What if we had Harvard architecture cpus with separate program and data memory, would that make it easier to keep the crap out? https://en.wikipedia.org/wiki/Harvard_architecture [wikipedia.org]

      It's not like memory is expensive anymore, I'd be happy to buy 2x the memory if it was easier to defend against attacks.