Stories
Slash Boxes
Comments

SoylentNews is people

Windows Subsystem for Linux Targeted by Malware

posted by requerdanos on Monday September 20 2021, @02:15AM   Printer-friendly
from the Linux-security-Microsoft-style dept.

takyon writes:

Yes, of course there's now malware for Windows Subsystem for Linux

In 2017, more than a year after the introduction of WSL, Check Point researchers proposed a proof-of-concept attack called Bashware that used WSL to run malicious ELF and EXE payloads. Because WSL wasn't enabled by default and Windows 10 didn't ship with any preinstalled Linux distro, Bashware wasn't considered a particularly realistic threat at the time.

Four years later, WSL-based malware has arrived. The files function as loaders for a payload that's either embedded – possibly created using open-source tools like MSFVenom or Meterpreter – or fetched from a remote command-and-control server and is then inserted into a running process via Windows API calls.

"Threat actors always look for new attack surfaces," said Mike Benjamin, Lumen vice president of product security and head of Black Lotus Labs, in a statement. "While the use of WSL is generally limited to power users, those users often have escalated privileges in an organization. This creates blind spots as the industry continues to remove barriers between operating systems."

If there's a bright side to this anticipated development, it's that this initial WSL attack isn't particularly sophisticated, according to Black Lotus Labs. Nonetheless, the samples had a detection rate of one or zero in VirusTotal, indicating that the malicious ELFs would have been missed by most antivirus systems.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Windows Subsystem for Linux Targeted by Malware | Log In/Create an Account | Top | 16 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Dr Spin on Monday September 20 2021, @04:58PM (3 children)

    by Dr Spin (5239) on Monday September 20 2021, @04:58PM (#1179739)

    The standard method is to fit a Cosworth engine to your Lada, but there are other engine suppliers
    with engines that fit. (Jaguar V12 engines do not fit in a Lada Niva - I know - I tried!).

    --
    Warning: Opening your mouth may invalidate your brain!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Monday September 20 2021, @06:45PM

    by Anonymous Coward on Monday September 20 2021, @06:45PM (#1179791)

    Have you tried fitting a DFV?

  • (Score: 2) by Reziac on Tuesday September 21 2021, @02:27AM

    by Reziac (2489) on Tuesday September 21 2021, @02:27AM (#1179902) Homepage

    Garage54 alert!!

    --
    And there is no Alkibiades to come back and save us from ourselves.

  • (Score: 2) by turgid on Thursday September 23 2021, @08:44PM

    by turgid (4318) Subscriber Badge on Thursday September 23 2021, @08:44PM (#1180859) Journal

    What about a Mazda triple rotor Wankel engine?