balexis - Slashdot User

Comment Re:A 2002 tactic is considered news today (Score 5, Interesting) 34

by balexis on Wednesday November 22, 2023 @09:31AM (#64023835) Attached to: USB Worm Unleashed By Russian State Hackers Spreads Worldwide

This particular attack has nothing to do with air-gapped networks, but you're right in that usb drives are used this way. In fact, they are the one and only communication method ever used to jump air-gaps in real attacks (at least that have been publicly reported). Plenty of other theoretical methods have been demonstrated though Dropping this exhaustive analysis here in case anyone's interested in this topic: https://www.welivesecurity.com...

Comment Re:A 2002 tactic is considered news today (Score 5, Informative) 34

by balexis on Wednesday November 22, 2023 @09:27AM (#64023825) Attached to: USB Worm Unleashed By Russian State Hackers Spreads Worldwide

The trick is that the spreader component infects newly inserted USB drives and creates shortcuts (.lnk) files with the same filename & icon of the legitimate files. End users don't end up opening "unknown files", they think they are opening files that they expected to be on the drive.

Comment Re:Mostly Pointless (Score 1) 207

by balexis on Wednesday April 10, 2019 @04:13PM (#58417356) Attached to: Google Chrome Wants To Block Some HTTP File Downloads

You should realize that people who systematically manually verify the hash of the files they download represent an infinitesimal proportion of all internet users.

Comment Re:uhh,, (Score 2) 207

by balexis on Wednesday April 10, 2019 @04:09PM (#58417332) Attached to: Google Chrome Wants To Block Some HTTP File Downloads

It may not be in your threat model, but it is to some Internet users. Have a look at this report for example: https://www.welivesecurity.com... The fact that other threat vectors are more likely to impact users does not mean that rarer cases should be ignored - they are not mutually exclusive.

Submission + - Malware Attack Infected 25,000 Linux/UNIX Servers (securityweek.com)

Submitted by wiredmikey on Tuesday March 18, 2014 @11:25AM

wiredmikey writes: Security researchers from ESET have uncovered a widespread attack campaign that has infected more than 25,000 Linux and UNIX servers around the world.

The servers are being hijacked by a backdoor Trojan as part of a campaign the researchers are calling 'Operation Windigo.' Once infected, victimized systems are leveraged to steal credentials, redirected web traffic to malicious sites and send as much as 35 million spam messages a day. "Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control," said Pierre-Marc Bureau, security intelligence program manager at ESET, in a statement.

There are many misconceptions around Linux security, and attacks are not something only Windows users need to worry about. The main threats facing Linux systems aren't zero-day vulnerabilities or malware, but things such as Trojanized applications, PHP backdoors, and malicious login attempts over SSH.

ESET recommends webmasters and system administrators check their systems to see if they are compromised, and has published a detailed report presenting the findings and instructions on how to remove the malicious code if it is present.

Slashdot Top Deals