• redundantly 3 months ago

    This is incredible, I imagine this kind of work is being performed all of the time. I wonder how many other similar infections and botnets are being battled right now.

    • snailmailstare 3 months ago

      The article claims this is a malware that has been used since 2012 in general and from 2014 allegedly by China.. I wonder more if innovations or obfuscations were needed in the last ten years if this malware worked the whole time? Kind of the too little too late model of security.

      • hulitu 3 months ago

        > This is incredible,

        Is it though ? How easy is to reinstall the malware on those computers ?

      • mdhb 3 months ago

        I know this kind of operation was totally unthinkable only just a couple of years ago precisely because Americans have been known to hold very funny ideas about “freedom” sometimes but I’m really glad they got over that fear and took this kind of action.

      • bediger4000 3 months ago

        Weirdly, the article fails to note this is a Windows only malware.

        • BobaFloutist 3 months ago

          Do you think if Linux and Windows magically swapped their market position, there would continue to be far more malware targeting Windows than Linux, or do you think it might be possible that, much like every other kind of software, malware developers target the most common and popular platforms?

          • bediger4000 3 months ago

            Actually, I do. There's a lot of very bad design weirdness in Windows. Beginning with a multiple root filesystem. I know you don't have to use drive letters, but it's common. Magic device files, LP, CON AUX regularly trip people up. Having file names make them executable causes all kinds of problems, especially when the file browser hides that detail. Never documenting which file types make something executable has caused problems, too. The tradition of single user systems mixes data, config and executables. I'm told you can avoid this, but it's often not the default. Even things like Win32 call design. There's often buffers passed that have caused troubles when they're on page boundaries and segfaults happen. This got fixed, I think, but it's evidence of pitiful foundations.

            I do think Windows is something of a "dragon king" of malware due to its design.

            • dismalaf 3 months ago

              Linux is definitely a target, it runs the majority of, well, everything. The DoD uses Linux, defence contractors use Linux, infrastructure, most of the internet, etc... The idea that it isn't targeted because its "obscure" is silly, it's just more secure.

              Also, remember when Microsoft themselves were hacked multiple times by Russia? Or when a Russian spy was hired by Microsoft?

              Windows has historically been insecure, it could just be that Microsoft is bad at security...

              • orf 3 months ago

                The daily number of people who interact directly with Windows machines absolutely dwarfs the daily number of people who interact directly with Linux machines.

                Most malware campaigns target people.

                • dismalaf 3 months ago

                  Most malware campaigns are designed to extract money. Large corporations have multiple orders of magnitude more money than the average Windows user. If large corporations could be targeted as easily as Windows users, they'd be targeted 10/10 times.

                  The only reason there is to target individual Windows users is because it's easy.

                  • orf 3 months ago

                    Hate to break it to ya, but those large corporations are filled with the individual Windows users that campaigns target.

                    • dismalaf 3 months ago

                      That's true. I was thinking more about the large infrastructure focused companies, but you're right, ye olde average fortune 500 company likely has nothing but Windows PCs.

                • alp1n3_eth 2 months ago

                  With the different flavors of Linux, the varying configs, and uses, etc. it would be a less-likely target because it's overall much easier just to infect one of the numerous Windows computers or servers in a corp, then pivot to the other machines within the network from there.

                  Whether targeting public facing Windows servers, or the employees' own desktops, it's easy to see why Linux would be more of an afterthought. Windows devices massively out number the number of daily-use Windows devices, which also increases the opportunity for attack.

              • lukeweston1234 3 months ago

                I'm shocked that this occurred on Windows. What a secure and open platform with a history of prioritizing user safety.

              • JohnnyLarue 3 months ago

                "Deleted" "Chinese malware" Uh huh

                • Frederation 3 months ago

                  Winnie at it again. Someone stick him back into his honeypot and smack his fanny.