Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Windows

'StrongPity' Malware Infects Users Through Legitimate WinRAR and TrueCrypt Installers (neowin.net) 105

Kaspersky Labs has revealed a new strain of malware -- named 'StrongPity' which targets users looking for two popular applications - WinRaR and TrueCrypt. The malware contains components that not only has the ability to give attackers complete control on the victim's computer, but also steal disk contents and download other software that the cybercriminals need. From a Neowin report: To be able to gather victims, the attackers have built special fake websites that supposedly host the two programs. One instance that was discovered by the researchers is that the criminals transposed two letters in a domain name, in order to fool the potential victim into thinking that the program was a legitimate WinRAR installer website.
This discussion has been archived. No new comments can be posted.

'StrongPity' Malware Infects Users Through Legitimate WinRAR and TrueCrypt Installers

Comments Filter:
  • by truedfx ( 802492 ) on Tuesday October 11, 2016 @01:54PM (#53057043)
    "through legitimate WinRAR and TrueCrypt installers"? By what logic are those installers legitimate?
    • came here to post this
    • Bad writing, but I'm sure the meaning is that it also legitimately installs the actual intended software. Might even be the exact same installer but with a modified payload.

    • by SumDog ( 466607 )

      Yea, I was expecting to see something in the article where they somehow injected their malware without changing the MD5 or SHA sums and put them back in the official mirrors. That would have been way more impressive.

    • by Lumpy ( 12016 )

      not legitimate... It is horrible writing and freaking fearmongering FUD crap that is the norm for slashdot now days.

      These are MODIFIED installers, the article needs to be corrected

    • by AHuxley ( 892839 )
      The user seeks out the real crypto software solution.
      Looking at some site, the user then finds some site GUI with a swapped out download that offers poor crypto but has the look and feel of the real crypto software.
      "On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users" (October 3, 2016)
      https://securelist.com/blog/re... [securelist.com]
      "Adding in their creative waterholing and poisoned installer tactics, we describe the StrongPity APT as not only determined and well-resourced, but fairly
  • Legitimate (Score:4, Insightful)

    by dejitaru ( 4258167 ) on Tuesday October 11, 2016 @01:55PM (#53057045)
    If it's malware infected, it's not legitimate.
    • by green1 ( 322787 )

      In this case, you're right. But conversely, just because it's legitimate, does not mean it's malware free.

      Of course this makes for clickbait, because legitimate installers installing malware are rare, whereas fake installers installing malware is an every day occurrence.

  • by Anonymous Coward

    ... no. How could the malware being served qualify as a legitimate installer?

  • by Anonymous Coward

    someone just downloaded an .exe off a website and ran it.

    If I can get someone to do that, you don't need winrar as part of the equation anymore.

  • Actual source (Score:5, Informative)

    by Anonymous Coward on Tuesday October 11, 2016 @02:01PM (#53057089)

    Nothing like an ad-infested news page with referral program links to the original source. Here is the actual article, with a sanitized URL:

    http://usa.kaspersky.com/about-us/press-center/press-releases/2016/Kaspersky_Lab_Reveals_Advanced_Persistent_Threat_StrongPity [kaspersky.com]

    • I hate wrapper websites. And why does everyone share the website that just has a youtube video embedded with a dozen adds on it instead of sharing the youtube video?
  • Re: (Score:2, Insightful)

    Comment removed based on user account deletion
    • I thought it came out that the authors basically got sick of supporting it and went all scorched earth. That said people should have moved on from TrueCrypt when this was disclosed [vice.com] last year. The VeraCrypt project [codeplex.com] has that fix as well as taking care of what was found during the limited TrueCrypt audit.
    • by Kjella ( 173770 )

      Why are people still using something that the authors of same apparently think is compromised?

      Because if they really found a serious bug they'd either patch it or tell people where it is and why it needs fixing. The whole "there's a problem here, but I won't tell you what it is", "trust Microsoft, switch to Bitlocker" and so on was just screaming "there's something we can't tell you". It's designed to ruin their credibility so that nobody would trust another Truecrypt release. Why would they do that? The only logical explanation I can think of is that somebody was trying to force them to add a backd

  • by thegarbz ( 1787294 ) on Tuesday October 11, 2016 @02:10PM (#53057151)

    Hasn't this been done 1000 times before? What's new here? Why is this newsworthy?

    • They're going as far as creating lookalike web sites to host it. I haven't seen this exact thing before personally.

    • by green1 ( 322787 ) on Tuesday October 11, 2016 @02:19PM (#53057229)

      The headline stated something rare (legitimate installers of popular programs being infested by malware)

      Of course the headline was nothing to do with reality, the article, or even the summary, which is all about the every day occurrence of fake installers being used to try to trick people in to installing malware, which is not new at all.

    • by Anonymous Coward

      Why do people feel the need to post "why is this news?" comments? This actually may interest some people. Maybe _you_ already knew it, but there are new people on the site every day. It's pretty egotistical to think that only things that interest you is news. The better question is "why are you posting this?"

  • "The malware contains components that not only has the ability to give attackers complete control on the victim's computer"

    Msmash forgot to mention that this malware is only effective on Microsoft Windows. Go here [distrowatch.com] for an alternative to the Microsoft industry standard.
    • To be fair, not a lot of people install WinRAR on Linux.
    • by AHuxley ( 892839 )
      The "compromised" issues if finally been understood from the small developer to huge US brands crypto perspective and as junk international "standards".
      Other code might be security service friendly by design as a small front company, gov fronted start up or via developers who had to make deals or had cash offers made by govs or got trapped under a US NSL at work.
      Its hard to find good crypto that works. Look at the help the security services got over everyday crypto by big US brands under PRISM or VPV sec
  • 'StrongPity' Malware Infects Users Through Legitimate WinRAR and TrueCrypt Installers

    in order to fool the potential victim into thinking that the program was a legitimate WinRAR installer website.

    It certainly fooled whoever submitted the story.

    Now, will someone at Slashdot bother to fix it?

  • Why do people even download WinRAR? For the odd occasion I need to extract a WinRAR archive, the free and open source 7-zip [7-zip.org] works fine. It also handles a number of other formats, and is fast. (For example, it is MUCH faster at extracting ZIP archives than Windows Explorer).
  • This is supposedly a tech news site.
    There is no way that editing can accidentally be that shit. Malware in "Legitimate installer" - wow that is news. Click through to standard bullshit.

    Things like this are a good way to drive away the readership. Only reason I still visit is that the community is still large enough to have interesting discussions around the articles (although the trolling etc is getting worse as time goes on)

    (Just wish a few other alternatives would get more active communities)

  • First of all, the headline is misleading. For it to be true, you'd have to get infected somehow by installing genuine WinRAR and TrueCrypt software you downloaded from trusted (and trustworthy), genuine sources. Now THAT definitely WOULD be a story!

    But what do we have instead? Malware writers using typosquatting techniques to get people to install genuine looking software. Now, it's been a while that I've left the malware analysis business, but even back then, well over a decade ago, this would not have mad

I'd rather just believe that it's done by little elves running around.

Working...