Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

That wouldn't be good enough. -- Larry Wall in <199710131621.JAA14907@wall.org>


computers / comp.os.linux.misc / Linux Executables Deployed as Stealth Windows Loaders

SubjectAuthor
* Linux Executables Deployed as Stealth Windows LoadersAndrei Z.
`* Re: Linux Executables Deployed as Stealth Windows LoadersSolutionsViaDIY
 +- Re: Linux Executables Deployed as Stealth Windows LoadersDavid W. Hodgins
 `* Re: Linux Executables Deployed as Stealth Windows LoadersAndrei Z.
  `- Re: Linux Executables Deployed as Stealth Windows LoadersSevenOverSix

1
Linux Executables Deployed as Stealth Windows Loaders

<si7iim$1pb2$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=5984&group=comp.os.linux.misc#5984

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!aioe.org!8nyBOrNruJ2z9fsiSFcGvQ.user.46.165.242.75.POSTED!not-for-mail
From: no-em...@invalid.invalid (Andrei Z.)
Newsgroups: comp.os.linux.misc
Subject: Linux Executables Deployed as Stealth Windows Loaders
Date: Sun, 19 Sep 2021 17:47:50 +0300
Organization: Aioe.org NNTP Server
Message-ID: <si7iim$1pb2$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="58722"; posting-host="8nyBOrNruJ2z9fsiSFcGvQ.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.14.0
X-Mozilla-News-Host: news://nntp.aioe.org:119
Content-Language: en-GB
X-Notice: Filtered by postfilter v. 0.9.2
 by: Andrei Z. - Sun, 19 Sep 2021 14:47 UTC

No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables
Deployed as Stealth Windows Loaders

https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/

Re: Linux Executables Deployed as Stealth Windows Loaders

<2jrekg9thekhkrmo72uol4q9q34ld88u4v@4ax.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=5985&group=comp.os.linux.misc#5985

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!aioe.org!2qhFFaGSfHHQOdH8nZzRAA.user.46.165.242.75.POSTED!not-for-mail
From: NoSpamJu...@NoSpam.com (SolutionsViaDIY)
Newsgroups: comp.os.linux.misc
Subject: Re: Linux Executables Deployed as Stealth Windows Loaders
Date: Sun, 19 Sep 2021 13:08:01 -0400
Organization: Aioe.org NNTP Server
Message-ID: <2jrekg9thekhkrmo72uol4q9q34ld88u4v@4ax.com>
References: <si7iim$1pb2$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="62463"; posting-host="2qhFFaGSfHHQOdH8nZzRAA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Newsreader: Forte Agent 1.91/32.564
X-Antivirus: Avast (VPS 210919-2, 9/19/2021), Outbound message
X-Antivirus-Status: Clean
X-Notice: Filtered by postfilter v. 0.9.2
 by: SolutionsViaDIY - Sun, 19 Sep 2021 17:08 UTC

On Sun, 19 Sep 2021 17:47:50 +0300, "Andrei Z."
<no-email@invalid.invalid> wrote:

>No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables
>Deployed as Stealth Windows Loaders
>
>https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/

For those of us who are not techies, what does this mean, exactly? I
read the article but not sure I understand completely. Does it mean
we think we're installing Linux but we're getting nasty Windows,
instead??? Unless it's specifically this Windows Subsystem for Linux
(WSL) which can't be accidentally installed as Linux by mistake?

Sorry, I'm really not a techie ... (And in case of yes to the above
[???], how can a layperson know the difference?)

--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Linux Executables Deployed as Stealth Windows Loaders

<op.09y9a6jka3w0dxdave@hodgins.homeip.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=5986&group=comp.os.linux.misc#5986

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dwhodg...@nomail.afraid.org (David W. Hodgins)
Newsgroups: comp.os.linux.misc
Subject: Re: Linux Executables Deployed as Stealth Windows Loaders
Date: Sun, 19 Sep 2021 13:24:32 -0400
Organization: A noiseless patient Spider
Lines: 28
Message-ID: <op.09y9a6jka3w0dxdave@hodgins.homeip.net>
References: <si7iim$1pb2$1@gioia.aioe.org>
<2jrekg9thekhkrmo72uol4q9q34ld88u4v@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="17d5019687e118323269e6e4314ab8b8";
logging-data="26771"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/D8qlrYSl+Udxr5f3xOgKFLhz2/quYU8k="
User-Agent: Opera Mail/12.16 (Linux)
Cancel-Lock: sha1:KjD1ebClwJLkEeBQmyaEqDkbcEY=
 by: David W. Hodgins - Sun, 19 Sep 2021 17:24 UTC

On Sun, 19 Sep 2021 13:08:01 -0400, SolutionsViaDIY <NoSpamJunkMailAtAll@nospam.com> wrote:

> On Sun, 19 Sep 2021 17:47:50 +0300, "Andrei Z."
> <no-email@invalid.invalid> wrote:
>
>> No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables
>> Deployed as Stealth Windows Loaders
>>
>> https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
>
>
> For those of us who are not techies, what does this mean, exactly? I
> read the article but not sure I understand completely. Does it mean
> we think we're installing Linux but we're getting nasty Windows,
> instead??? Unless it's specifically this Windows Subsystem for Linux
> (WSL) which can't be accidentally installed as Linux by mistake?
>
> Sorry, I'm really not a techie ... (And in case of yes to the above
> [???], how can a layperson know the difference?)

It's strictly the windows subsystem for linux. As usual, m$ puts out something
that sort of works on the market, with no concern for security.

Regards, Dave Hodgins

--
Change dwhodgins@nomail.afraid.org to davidwhodgins@teksavvy.com for
email replies.

Re: Linux Executables Deployed as Stealth Windows Loaders

<si7soh$u28$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=5987&group=comp.os.linux.misc#5987

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!aioe.org!8nyBOrNruJ2z9fsiSFcGvQ.user.46.165.242.75.POSTED!not-for-mail
From: no-em...@invalid.invalid (Andrei Z.)
Newsgroups: comp.os.linux.misc
Subject: Re: Linux Executables Deployed as Stealth Windows Loaders
Date: Sun, 19 Sep 2021 20:41:37 +0300
Organization: Aioe.org NNTP Server
Message-ID: <si7soh$u28$1@gioia.aioe.org>
References: <si7iim$1pb2$1@gioia.aioe.org>
<2jrekg9thekhkrmo72uol4q9q34ld88u4v@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="30792"; posting-host="8nyBOrNruJ2z9fsiSFcGvQ.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.14.0
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-GB
 by: Andrei Z. - Sun, 19 Sep 2021 17:41 UTC

SolutionsViaDIY wrote:
> On Sun, 19 Sep 2021 17:47:50 +0300, "Andrei Z."
> <no-email@invalid.invalid> wrote:
>
>> No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables
>> Deployed as Stealth Windows Loaders
>>
>> https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
>
>
> For those of us who are not techies, what does this mean, exactly? I
> read the article but not sure I understand completely. Does it mean
> we think we're installing Linux but we're getting nasty Windows,
> instead??? Unless it's specifically this Windows Subsystem for Linux
> (WSL) which can't be accidentally installed as Linux by mistake?
>
> Sorry, I'm really not a techie ... (And in case of yes to the above
> [???], how can a layperson know the difference?)
>
>
Researchers have recorded a new way to compromise computers running
Windows that uses malicious Linux binary files created for Windows
Subsystem for Linux (WSL).

Re: Linux Executables Deployed as Stealth Windows Loaders

<VeydnQBIVoiEN9f8nZ2dnUU7-S3NnZ2d@earthlink.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=5989&group=comp.os.linux.misc#5989

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!buffer2.nntp.dca1.giganews.com!buffer1.nntp.dca1.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Tue, 21 Sep 2021 22:59:21 -0500
Subject: Re: Linux Executables Deployed as Stealth Windows Loaders
Newsgroups: comp.os.linux.misc
References: <si7iim$1pb2$1@gioia.aioe.org>
<2jrekg9thekhkrmo72uol4q9q34ld88u4v@4ax.com> <si7soh$u28$1@gioia.aioe.org>
From: hae274c....@nowhere (SevenOverSix)
Date: Tue, 21 Sep 2021 23:59:20 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <si7soh$u28$1@gioia.aioe.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Message-ID: <VeydnQBIVoiEN9f8nZ2dnUU7-S3NnZ2d@earthlink.com>
Lines: 34
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 98.77.165.67
X-Trace: sv3-bz2URJx5hDSMgCR1lvH+I+PILZAJKP1jZ9sNiiuqQLl/xZQ2XujK91A+gnb5pQvqEmEXij5n529gA0c!oy42N8zTxRU/8Y70WVwm30GM0Oho0asEkVmsiYPkvkGHx+X/Vff0GJgzlIgQiZZvE7wG+RiPYEdx!Fv52j49Cj0BjkAWTW/0=
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 2632
 by: SevenOverSix - Wed, 22 Sep 2021 03:59 UTC

On 9/19/21 1:41 PM, Andrei Z. wrote:
> SolutionsViaDIY wrote:
>> On Sun, 19 Sep 2021 17:47:50 +0300, "Andrei Z."
>> <no-email@invalid.invalid> wrote:
>>
>>> No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables
>>> Deployed as Stealth Windows Loaders
>>>
>>> https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
>>>
>>
>>
>> For those of us who are not techies, what does this mean, exactly?  I
>> read the article but not sure I understand completely.  Does it mean
>> we think we're installing Linux but we're getting nasty Windows,
>> instead???  Unless it's specifically this Windows Subsystem for Linux
>> (WSL) which can't be accidentally installed as Linux by mistake?
>>
>> Sorry, I'm really not a techie ...  (And in case of yes to the above
>> [???], how can a layperson know the difference?)
>>
>>
> Researchers have recorded a new way to compromise computers running
> Windows that uses malicious Linux binary files created for Windows
> Subsystem for Linux (WSL).

I was looking into WSL/WSL2 just last week. Went with a Virtualbox
solution instead. Click icon, REAL Linux VM (mx19) starts. MUCH
better. Fine control.

Anything MS has touched since W98 should be considered "contaminated".

Oh, for fun, search the W2k registry for "NSA" :-)

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor