This is incredible, I imagine this kind of work is being performed all of the time. I wonder how many other similar infections and botnets are being battled right now.
The article claims this is a malware that has been used since 2012 in general and from 2014 allegedly by China.. I wonder more if innovations or obfuscations were needed in the last ten years if this malware worked the whole time? Kind of the too little too late model of security.
> This is incredible,
Is it though ? How easy is to reinstall the malware on those computers ?
I know this kind of operation was totally unthinkable only just a couple of years ago precisely because Americans have been known to hold very funny ideas about “freedom” sometimes but I’m really glad they got over that fear and took this kind of action.
https://www.theverge.com/2023/8/29/23851227/fbi-doj-qakbot-b...
https://www.theverge.com/2021/4/13/22382821/fbi-doj-hafnium-...
https://www.fbi.gov/news/stories/gameover-zeus-botnet-disrup...
https://www.europol.europa.eu/media-press/newsroom/news/andr...
And a whole lot more.
Whatchoo talkin’ bout, Willis?
I said only just a couple of years ago, I didn’t say this was the first time this has ever happened.
The pre-2020 examples you give there are NOT going into systems without authorization and modifying them. They used other techniques to disrupt the botnets.
The second link was four years ago.
The third link was 2014. They didn't fix the vulnerability for the computer owners, but they did take over the control of the malware on them without notifying them.
Same for the fourth link.
2011, they disabled these bot net agents without notifying system owners: https://krebsonsecurity.com/2011/04/u-s-government-takes-dow...
Point being, it wasn't unthinkable a couple of years ago.
Weirdly, the article fails to note this is a Windows only malware.
Do you think if Linux and Windows magically swapped their market position, there would continue to be far more malware targeting Windows than Linux, or do you think it might be possible that, much like every other kind of software, malware developers target the most common and popular platforms?
Actually, I do. There's a lot of very bad design weirdness in Windows. Beginning with a multiple root filesystem. I know you don't have to use drive letters, but it's common. Magic device files, LP, CON AUX regularly trip people up. Having file names make them executable causes all kinds of problems, especially when the file browser hides that detail. Never documenting which file types make something executable has caused problems, too. The tradition of single user systems mixes data, config and executables. I'm told you can avoid this, but it's often not the default. Even things like Win32 call design. There's often buffers passed that have caused troubles when they're on page boundaries and segfaults happen. This got fixed, I think, but it's evidence of pitiful foundations.
I do think Windows is something of a "dragon king" of malware due to its design.
Linux is definitely a target, it runs the majority of, well, everything. The DoD uses Linux, defence contractors use Linux, infrastructure, most of the internet, etc... The idea that it isn't targeted because its "obscure" is silly, it's just more secure.
Also, remember when Microsoft themselves were hacked multiple times by Russia? Or when a Russian spy was hired by Microsoft?
Windows has historically been insecure, it could just be that Microsoft is bad at security...
The daily number of people who interact directly with Windows machines absolutely dwarfs the daily number of people who interact directly with Linux machines.
Most malware campaigns target people.
Most malware campaigns are designed to extract money. Large corporations have multiple orders of magnitude more money than the average Windows user. If large corporations could be targeted as easily as Windows users, they'd be targeted 10/10 times.
The only reason there is to target individual Windows users is because it's easy.
Hate to break it to ya, but those large corporations are filled with the individual Windows users that campaigns target.
That's true. I was thinking more about the large infrastructure focused companies, but you're right, ye olde average fortune 500 company likely has nothing but Windows PCs.
With the different flavors of Linux, the varying configs, and uses, etc. it would be a less-likely target because it's overall much easier just to infect one of the numerous Windows computers or servers in a corp, then pivot to the other machines within the network from there.
Whether targeting public facing Windows servers, or the employees' own desktops, it's easy to see why Linux would be more of an afterthought. Windows devices massively out number the number of daily-use Windows devices, which also increases the opportunity for attack.
I'm shocked that this occurred on Windows. What a secure and open platform with a history of prioritizing user safety.
"Deleted" "Chinese malware" Uh huh
Winnie at it again. Someone stick him back into his honeypot and smack his fanny.