this post was submitted on 22 Nov 2023
253 points (97.4% liked)

Technology

59219 readers
3314 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] mvirts@lemmy.world 151 points 11 months ago (8 children)

"the malware is written in the Visual Basic Scripting language." is where I stopped 😹 lol at least we know the Russians are suffering.

[–] EmergMemeHologram@startrek.website 83 points 11 months ago (3 children)

This is like when I assumed my high school IT department was so good that I'd never be able to get past their content restrictions, but then renaming Halo CE to "explorer.exe" let me play all the games I wanted.

[–] June@lemm.ee 8 points 11 months ago

I had FF3 broken up into a few files and renamed and disbursed through the school network so I’d just pull them all into a local file at the computer I was working at in the lab and play during class. I thought I was the shit.

[–] sour@kbin.social 5 points 11 months ago* (last edited 11 months ago)

norton family:

[–] digger@lemmy.ca 2 points 11 months ago

Renaming it to "winword.exe" was my go-to.

[–] tsonfeir@lemm.ee 30 points 11 months ago (1 children)

To be fair, it’s pretty smart to exploit the flaws in VB to make malware.

[–] TWeaK@lemm.ee 40 points 11 months ago (1 children)

To be fair, it’s pretty smart to exploit the flaws in Microsoft to make malware.

[–] tsonfeir@lemm.ee 5 points 11 months ago

Haha touché

[–] elbarto777@lemmy.world 7 points 11 months ago (1 children)

Are they? Because if the worm is successfully spreading... 🤷

It's funny, though..

[–] Kusimulkku@lemm.ee 3 points 11 months ago (1 children)

They're Russians. There's no situation where they aren't suffering.

[–] Anomalous_Llama@lemmy.world 2 points 11 months ago

They’ve been exporting their suffering to Ukraine the last few years as well.

[–] Numberone@startrek.website 5 points 11 months ago (1 children)

As a non programmer, isn't visual basic for Excell scripts?

[–] deur@feddit.nl 8 points 11 months ago

No you can run any .vbs script standalone

load more comments (4 replies)
[–] soulfirethewolf@lemdro.id 50 points 11 months ago

if you're cold, they're cold

put them in the computer at your work

[–] TWeaK@lemm.ee 24 points 11 months ago (4 children)

Meanwhile if you load Baofeng software from a few years ago antivirus software today will ping out. It never used to ping out, such is the nature of zero days.

Meanwhile Israel has been selling weapons grade hacking technology for decades, they've been directly linked to the assassination of Jamal Khashoggi as well as the Mexican cartels.

Meanwhile Argentina happens to be the hub for zero day exploits, with a bunch of hackers inventing their own shit and selling directly to state actors or whoever will pay.


The only way you can remain secure is to regularly install a fresh OS. Change my mind.

[–] Agent641@lemmy.world 41 points 11 months ago (2 children)

The only way to be truly secure is to throw your computer into the sea and return, naked and fearless, into the forest from whence we came.

[–] bhamlin@lemmy.world 2 points 11 months ago (3 children)

But what about the bears?!?

[–] Agent641@lemmy.world 6 points 11 months ago (2 children)

What part of 'fearless' dont you understand?

[–] ikidd@lemmy.world 1 points 11 months ago

I've got naked down pat.

[–] Remmock@kbin.social 1 points 11 months ago

I got that nickname because I used to wear No Fear shirts in High School.

[–] Valmond@lemmy.mindoki.com 2 points 11 months ago

They can come too.

[–] Thranduil@lemmy.world 1 points 11 months ago

Are they moon bears or saturn bears?

[–] MonkeMischief@lemmy.today 1 points 11 months ago

This is just return to monke but more poetic... ... I'm here for it.

... Except for the bugs. I'd rather deal with software bugs than jungle bugs...

[–] metallic_z3r0@infosec.pub 26 points 11 months ago (1 children)

Change my mind.

Sure. Even regularly installing a new OS doesn't necessarily keep you secure if someone wanted to discreetly install malware on your device. In addition to firmware-level rootkits that re-install themselves on fresh OSs (even platform-agnostic ones), it's possible that someone might interdict whatever hardware is bought and implant it with additional small hardware that compromises it in some way.

[–] db2@sopuli.xyz 5 points 11 months ago

They don't even need to work that hard, just compromise the ME/PSP and do whatever.

[–] Pons_Aelius@kbin.social 12 points 11 months ago (1 children)

Change my mind.

In the end, if you are not of interest to a nation state hacker (or a member of a drug cartel) you have nothing to fear from the things you listed.

But that won;t change your mind.

[–] thesmokingman@programming.dev 5 points 11 months ago (2 children)

Your incorrect assumption is that only cartels and nation states are using said software. Weaponized versions of this stuff are making their way to consumer levels where you just need to piss off the wrong person online. I don’t worry about the US government targeting me beyond normal levels; I worry about employers deploying spyware.

load more comments (2 replies)
[–] thesmokingman@programming.dev 4 points 11 months ago

Unless you’re rotating accounts and not posting anything on the internet ever, going so far as to use an in-memory OS like Tails won’t protect you.

[–] A_A@lemmy.world 18 points 11 months ago (1 children)

(...) computer worm designed to spread from computer to computer through USB drives.

[–] 7u5k3n@lemmy.world 31 points 11 months ago (3 children)

It absolutely works. My company spends a ton of time and resources in an attempt to prevent folks from plugging in random USB drives. Classes to user restrictions. Amazing how some folk are.

[–] nakal@kbin.social 9 points 11 months ago (2 children)

Of course, but OP wanted to implicate that this worm stays local in a network. You need an USB stick to carry it over.

[–] Mouselemming@sh.itjust.works 11 points 11 months ago (1 children)

I'm pretty sure the word you want is "imply." Although what the Russians are doing with corrupt USBs is a crime, OP isn't implicated in it.

[–] nakal@kbin.social 2 points 11 months ago

Thanks for the lesson.. haha

[–] A_A@lemmy.world 2 points 11 months ago

This is just about right :
in fact I wanted to know how we are exposed (or not exposed) to this. ...to know what we have to do to limit exposure.

[–] Abnorc@lemm.ee 3 points 11 months ago (1 children)

The company just doesn’t want me know what’s in these usb drives, surely.

[–] 7u5k3n@lemmy.world 1 points 11 months ago

Absurd! They could be missing out on so much potential profit!

[–] Valmond@lemmy.mindoki.com 2 points 11 months ago (1 children)

Have you tried super glue? :-D

[–] 7u5k3n@lemmy.world 2 points 11 months ago

Lmfao I'll pass that along.

[–] TWeaK@lemm.ee 9 points 11 months ago (1 children)

Also, would this be the same group that hacked the Socchi Winter Olympics, soon after Russia was banned? The one that the US indicted and labelled as a "petulant child"?

[–] thesmokingman@programming.dev 5 points 11 months ago (1 children)

No. Attribution wasn’t clear for Olympic Destroyer; it’s doubtful we’ll we ever know the specific APT responsible. Signals intelligence was used to guess at Russian attribution so we at least have a pretty good idea which country launched it.

[–] TWeaK@lemm.ee 3 points 11 months ago (1 children)

https://americanmilitarynews.com/2020/10/2447380/

Maybe the attribution isn't 100% (as would be expected with how the attacker masked themselves using techniques from every major nation state hacker) but Russian hackers were indeed indicted for it.

[–] thesmokingman@programming.dev 3 points 11 months ago (1 children)

Correct. That’s what I called out with my second link. Your question was whether Gamaredon did Olympic Destroyer.

[–] TWeaK@lemm.ee 3 points 11 months ago (1 children)

Ah I get what you're saying. Would be more helpful if lemmy presented more than one comment in context when replying.

[–] thesmokingman@programming.dev 3 points 11 months ago (1 children)

I thought it was a really valuable question! There are several Russian APTs and you made me question my understanding of the attack. I had to reread some stuff to make sure I could answer you properly.

[–] TWeaK@lemm.ee 2 points 11 months ago

I mean I was mainly joking and shoehorning in another story I knew a bit more about, but thank you for the other links for me to read :)

[–] autotldr@lemmings.world 5 points 11 months ago

This is the best summary I could come up with:


A group of Russian-state hackers known for almost exclusively targeting Ukranian entities has branched out in recent months either accidentally or purposely by allowing USB-based espionage malware to infect a variety of organizations in other countries.

“Gamaredon continues to focus on [a] wide variety [of] Ukrainian targets, but due to the nature of the USB worm, we see indications of possible infection in various countries like USA, Vietnam, Chile, Poland and Germany,” Check Point researchers reported recently.

The image above, tracking submissions of LitterDrifter to the Alphabet-owned VirusTotal service, indicates that the Gamaredon malware may be infecting targets well outside the borders of Ukraine.

The data suggests that the number of infections in the US, Vietnam, Chile, Poland, and Germany combined may be roughly half of those hitting organizations inside Ukraine.

The core essence of the Spreader module lies in recursively accessing subfolders in each drive and creating LNK decoy shortcuts, alongside a hidden copy of the “trash.dll” file.

“Comprised of two primary components—-a spreading module and a C2 module—it’s clear that LitterDrifter was designed to support a large-scale collection operation,” Check Point researchers wrote.


The original article contains 744 words, the summary contains 185 words. Saved 75%. I'm a bot and I'm open source!

load more comments
view more: next ›