Other issues in this category (13)
When someone else's mistake is your problem
It’s common knowledge that to carry out phishing attacks, cybercriminals use domain names similar to those of legitimate sites. But spelling errors occur in other places, too. For example, many Linux programs are executable scripts. They don't operate on their own but make use of other files. If the latter aren't present on a local hard drive, they can be downloaded from the Internet.
German security researcher Nikolai Tschacher demonstrated how easily malicious code can be spread via PyPi — a Python software repository—as well as via the NodeJS (Npmsjs.com) and Ruby (rubygems.org) repositories.
To test an attack's effectiveness, the researcher created 214 packages with all sorts of typos in their titles, including unregistered versions of standard library names (such as urlib2), and uploaded them into the repositories in late 2015 and early 2016.
As a result, he received 45,334 installation notifications from 17,289 unique IP addresses. It should be noted that 43.6% of the installations were performed with administrator privileges, including on servers that host the top-level domains .gov and .mil. Russia ranked sixth and Ukraine ranked seventeenth by the number of infections.
Victims of the attack used different operating systems: Linux (8,614), Windows (6,174), OS X (4,758), and other platforms (57).
Programs are written by people and people do make mistakes! Program code is never perfect. Moreover, script code is easy to modify by adding or inserting strings—sufficient permissions to access to the file are all one needs. In this respect, Linux is particularly dangerous. Many distributions are shipped with encryption utilities which are quite reliable and don't have vulnerabilities. To create an encryption ransomware program, an attacker merely needs to write a script that would use the utility – this is exactly what has happened recently.
The Anti-virus Times recommends
- Alas, any program can have a vulnerability. Therefore, an anti-virus is always necessary.
- Do not install software you don't need.
- Remove unused utilities because each of them can potentially be used to attack your machine.
- Restrict program access permissions—criminals shouldn't be able to change them.
- Monitor what network addresses your programs connect to. Giving them too much latitude can be harmful!