Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Wednesday May 11 2022, @03:49PM   Printer-friendly
from the how-is-this-still-a-thing? dept.

Stealthy Raspberry Robin Worm Is Spreading Malware Via USB Drives:

[...] Threat intelligence group Red Canary is tracking a worm that it calls Raspberry Robin, and it's definitely malware, but the question of "why" is still, in fact, a big question. [...].

In the age of the Internet, most malware spreads through the web, and Raspberry Robin does indeed make use of the internet to download critical files, however, it actually seems to spread via infected USB drives. Using Windows' autoplay functionality, it executes a .LNK file, which is a link shortcut. From there, it starts the Windows command interpreter and uses the Microsoft Installer, msiexec.exe, to download a malicious DLL that it then installs to the system. The purpose of this isn't entirely clear yet, but it seems to be for persistence.

After that, the system makes numerous attempts to connect to remote hosts, usually TOR exit nodes. The thing is, it's not actually clear what it is doing or why, and furthermore, Red Canary doesn't don't know who is infecting the systems where Raspberry Robin is found. Said systems include machines inside the networks of various manufacturing and technology companies.

As described in the related Red Canary blog post, after a USB drive is inserted the UserAssist registry entry is updated and records execution of a ROT13-ciphered value referencing a LNK file on the USB drive with malicious code. As a somewhat ignorant Windows person I have to ask: wasn't this autorun-like feature "fixed" 20 years ago?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Wednesday May 11 2022, @05:19PM (7 children)

    by Anonymous Coward on Wednesday May 11 2022, @05:19PM (#1244106)

    Disagree.

    Secure by design software is the key.

    Otherwise, why do people here laugh and say everyone should use Linux so this security exploit wouldn't happen? Using your logic, we would be encouraging Windows AND Linux adoption, not a mass switch to Linux. That's not what I see around here.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Wednesday May 11 2022, @05:22PM

    by Anonymous Coward on Wednesday May 11 2022, @05:22PM (#1244109)

    There are many linux distros, it is diverse by default. If windows didn't exist someone would make a distro to fill that same niche.

  • (Score: 0, Interesting) by Anonymous Coward on Wednesday May 11 2022, @05:51PM (5 children)

    by Anonymous Coward on Wednesday May 11 2022, @05:51PM (#1244119)

    Secure by design software is the key.

    Cannot happen.
    You do not have bug-less libraries, nor compilers, nor interpreters, nor hardware itself.
    The trend to overcomplexify anything and everything has run its course, and is *still* running for a victory lap or ten.

    The only key is, and always has been, user awareness, but the same trend destroyed the foundation of it. How can one attribute one's device acting strangely to a malware action, when most of "legitimate" software installed on it, is itself with a side of malware, and only escapes being labeled as such because its makers are too big to fail, and/or chummy with the government?

    No, Pollyanna, this security ship has well and truly sailed.

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday May 11 2022, @07:07PM (2 children)

      by Anonymous Coward on Wednesday May 11 2022, @07:07PM (#1244139)

      Isn't that SELinux? I had problems on the few systems where I turned it on, with security message spam and not being able to do things I wanted to do. I'll admit that I never gave it a serious effort to figure out how to configure things so that I was happy with it, but that at least was an attempt at secure by design. Well, maybe not I suppose, in that the software you wanted to run was assumed to NOT be secure by design and it was trying to protect you from yourself, so maybe this point is moot (but I won't delete it because I'm this far in with the typing!).

      • (Score: 1, Insightful) by Anonymous Coward on Wednesday May 11 2022, @07:14PM (1 child)

        by Anonymous Coward on Wednesday May 11 2022, @07:14PM (#1244142)

        Most software is not designed to run in SELinux. As long as SELinux is an *option* and not *the universal standard*, running software under it will always be painful, and therefore almost nobody will use SELinux.

        • (Score: 2) by janrinok on Thursday May 12 2022, @07:34AM

          by janrinok (52) Subscriber Badge on Thursday May 12 2022, @07:34AM (#1244324) Journal

          I have to agree. But having used government systems which were protected with a correctly configured SELinux, it worked exactly as advertised.

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday May 11 2022, @07:11PM (1 child)

      by Anonymous Coward on Wednesday May 11 2022, @07:11PM (#1244140)

      I agree with a lot of what you say, but you are arguing in absolutes.

      My point is that software that was designed with security in mind will do more to improve overall security than just saying there ought to be multiple operating systems in use. If security is not a design consideration in those multiple operating systems, you have not done anything to increase overall security; all you have done is increase the diversity of security exploits.

      And to answer another commenter, different Linux distros do not represent diversity to any real extent. That's like saying you a diversified diet if you eat Original Cheetos -AND- Flamin' Hot Cheetos.

      • (Score: 0) by Anonymous Coward on Wednesday May 11 2022, @07:51PM

        by Anonymous Coward on Wednesday May 11 2022, @07:51PM (#1244154)

        In the real world, software is designed with INsecurity in mind, for its user must be controlled, herded, datamined, spied on, etc etc etc. And all the backdoors left in there for "authorized" parties, inevitably go on the black market, sooner rather than later.

        Unless that genie is stuffed back into its bottle, and the bottle back into the arsehole that shat it out, any "security" song and dance is but a stupid skit in the security theater, and the only thing it really does, is frustrating and hindering the user.
        You cannot fix the problem without fixing the corruption at its root. And good luck to you with fixing that corruption.