Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

When someone else's mistake is your problem

Read: 1159 Comments: 15 Rating: 43

It’s common knowledge that to carry out phishing attacks, cybercriminals use domain names similar to those of legitimate sites. But spelling errors occur in other places, too. For example, many Linux programs are executable scripts. They don't operate on their own but make use of other files. If the latter aren't present on a local hard drive, they can be downloaded from the Internet.

German security researcher Nikolai Tschacher demonstrated how easily malicious code can be spread via PyPi — a Python software repository—as well as via the NodeJS (Npmsjs.com) and Ruby (rubygems.org) repositories.

To test an attack's effectiveness, the researcher created 214 packages with all sorts of typos in their titles, including unregistered versions of standard library names (such as urlib2), and uploaded them into the repositories in late 2015 and early 2016.

As a result, he received 45,334 installation notifications from 17,289 unique IP addresses. It should be noted that 43.6% of the installations were performed with administrator privileges, including on servers that host the top-level domains .gov and .mil. Russia ranked sixth and Ukraine ranked seventeenth by the number of infections.

Victims of the attack used different operating systems: Linux (8,614), Windows (6,174), OS X (4,758), and other platforms (57).

geektimes.ru

Programs are written by people and people do make mistakes! Program code is never perfect. Moreover, script code is easy to modify by adding or inserting strings—sufficient permissions to access to the file are all one needs. In this respect, Linux is particularly dangerous. Many distributions are shipped with encryption utilities which are quite reliable and don't have vulnerabilities. To create an encryption ransomware program, an attacker merely needs to write a script that would use the utility – this is exactly what has happened recently.

Dr.Web recommends

  • Alas, any program can have a vulnerability. Therefore, an anti-virus is always necessary.
  • Do not install software you don't need.
  • Remove unused utilities because each of them can potentially be used to attack your machine.
  • Restrict program access permissions—criminals shouldn't be able to change them.
  • Monitor what network addresses your programs connect to. Giving them too much latitude can be harmful!

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments