Microsoft Says 394,000 Windows Computers Infected By Lumma Malware Globally (cnbc.com) 29
An anonymous reader quotes a report from CNBC: Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe. The tech giant said in a blog post that its digital crimes unit discovered more than 394,000 Windows computers were infected by the Lumma malware worldwide between March 16 through May 16. The Lumma malware was a favorite hacking tool used by bad actors, Microsoft said in the post. Hackers used the malware to steal passwords, credit cards, bank accounts and cryptocurrency wallets.
Microsoft said its digital crimes unit was able to dismantle the web domains underpinning Lumma's infrastructure with the help of a court order from the U.S. District Court for the Northern District of Georgia. The U.S. Department of Justice then took control of Lumma's "central command structure" and squashed the online marketplaces where bad actors purchased the malware. The cybercrime control center of Japan "facilitated the suspension of locally based Lumma infrastructure," the blog post said. "Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims," Microsoft said in the post. "Moreover, more than 1,300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes." Cloudflare, Bitsight and Lumen also helped break down the Lumma malware ecosystem.
Microsoft said its digital crimes unit was able to dismantle the web domains underpinning Lumma's infrastructure with the help of a court order from the U.S. District Court for the Northern District of Georgia. The U.S. Department of Justice then took control of Lumma's "central command structure" and squashed the online marketplaces where bad actors purchased the malware. The cybercrime control center of Japan "facilitated the suspension of locally based Lumma infrastructure," the blog post said. "Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims," Microsoft said in the post. "Moreover, more than 1,300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes." Cloudflare, Bitsight and Lumen also helped break down the Lumma malware ecosystem.
Meanwhile, back in Redmond (Score:5, Interesting)
Re: (Score:3)
Indeed. Fortunately that will be quite illegal in the EU. I guess the EU will get a special version and the US users will just have to swallow that frog.
Re: (Score:3)
...update that registry setting...
Obviously most won't, but at least the option likely has to exist somewhere to configure it since corporate customers also won't allow such things to exist.
Re: (Score:3)
They're also killing off security updates for Windows 10 this year, insuring that thousands of more systems will be added to these botnets soon!
Maybe if MS products were not insecure crap.. (Score:5, Insightful)
We would not have that problem. But as an IT security expert, my impression is it is now harder to use Windows securely than Linux.
Re: (Score:3)
My last experience with Windows 11 informs me that it's just plain hard to use Windows at all, securely or otherwise. We've been using Debian with Gnome with some public-facing computers, and there have literally no issues at all.
Re: (Score:2)
Urgh. I have delayed the move to Win11 on the few computers I still need Windows on. Looks that was the right decision.
On the Debian side (or Devuan now on most of my machines), I have the same experience: You set it up, it works, it keeps working. Also, now 15 years with automatic updates every three days on all my Linux boxes (including one Gentoo, where automatic updates are not recommended), one problem total and that took 5 minutes to fix.
Re: (Score:2)
We would not have that problem. But as an IT security expert, my impression is it is now harder to use Windows securely than Linux.
My most recent job was with a Fortune 500 company (bottom half of that group) that due to a severance agreement that has a bit longer left to go, I can't name. It's not secret stuff. They just don't want me talking bad about them for a while. I wasn't an IT security guy per se, but I did Linux internal support for the company and that got me in touch with various parts of the company. My experience was exactly what you said, that we had way more security problems with Windows. The most serious hac
Re: (Score:2)
Interesting. I was mostly thinking private users, but that sounds like MS is doing pretty badly for commercial use as well.
Re: (Score:2)
It is true that Windows has always been insecure. And it's also true that Linux and Mac OS and iOS and Android are all insecure. So why does Windows get all the attention? Simple, that's where the money is.
Oh, and your house is insecure too, and your car, and everything else that has any kind of "security." It takes a robber less than 30 seconds to break into your house or car.
Why on earth does anyone think something as complex as a computer, could be "secure"?
Re: (Score:2)
Linux is out of the box a lot safer. Not having stupid defaults and not running a lot of crap out of the box helps a lot.
Re: (Score:1)
Linux is only safer because, with roughly 4% of the desktop market share, it's not an attractive target for malware developers. Even malware developers have to budget their time. If you have a choice of targeting an OS that covers more than 70% of the market, or less than 5%, you're going to spend your time on the OS that has the bigger impact. These days, malware is a business.
Linux as a server, is another story, because Linux servers outnumber Windows servers. As a result, Linux server malware accounts fo
Re: (Score:3)
No, Linux is not inherently safer than Windows.
It is. The problem is you do not have what it takes to actually evaluate the situation competently.
Re: (Score:2)
So teach me, O wise one, where did my logic and sources go wrong?
Do you dispute that Linux servers experience more malware than Windows servers?
Do you dispute that Windows provides much greater financial reward for malware developers who are targeting the desktop?
Do you have actual evidence that Windows is inherently more insecure than Linux? If so, you should be able to enumerate the ways.
The reality is, you don't have an argument, so instead you resort to attacking my knowledge and capabilities.
Re: (Score:2)
as an IT security expert
Blaming MS for end user behaviour tells me you know less about security than you do about Linux.
As an *actual*, credentialed, "security expert" - malware doesn't magically appear on the endpoint. It requires assistance from the mouth-breather using the endpoint. Every. Damn. Time.
No system is perfectyly secure and Linux has just as many problems... albeit it different ones with a significantly smaller user base.
But do keep spreading the FUD. It seems to make you happy.
Re: (Score:2)
Machines that can get infected by a drive-by or clicking on a link? Really?
I agree that no machine is safe against an idiot user that starts a program, ignores all warnings and then enters the admin/root password. (Trojan horse).
The only thing that works against that is to not give those people administrative access on the machine.
Linux is the most used operating system, just not on the desktop.
A
Re: (Score:2, Interesting)
Viruses on modern machines are still a Windows only party. Because Windows is set up so insecure out of the box.
Nope. It's about attack surface. Significantly more Windows users. Conflatiing this with "Windows is less secure" is delusional.
Machines that can get infected by a drive-by or clicking on a link? Really?
Linux has the exact same issues. What are you on about? Are you claiming this doesn't happen to Linux machines?
The only thing that works against that is to not give those people administrative access on the machine.
Admin access is not required. The attacker just needs a foot in the door then leverage local packages with known issues to elevate privelege. Again, possibel in both flavours of OS.
just not on the desktop.
We're taling about desktops. Server space has its own issues and - no - Linux is *not* magic
Re: (Score:2)
You have just outed yourself as a mindless Microsoft fanboi with no clue as to the actual state of reality. You might want to look up "Stockholm Syndrome".
Re: (Score:2)
Your wording ("mouthbreather") indicates you do not understand IT security or security or safety at all. You are expecting non-experts to have expert skills. All that can ever do is lead to failure.
Classical safety engineering directly shows how to do it: Make unsafe things hard to do and safe things easy. But no, you can still blow up your computer and your company with two easily done clicks for an email attachment or similar crap. Regarding safety engineering (and IT security engineering), Microsoft is a
Re: (Score:2)
As an *actual*, credentialed, "security expert" - malware doesn't magically appear on the endpoint. It requires assistance from the mouth-breather using the endpoint. Every. Damn. Time.
Well, no. Not every damn time. I'm appalled that an "actual credentialed security expert" utters such nonsense.
Most of times yes, but not every time.
Need to close the Win+R trick (Score:2)
Re:Need to close the Win+R trick (Score:4, Interesting)
Re: (Score:2)
Don't run as Administrator and you shall be fine, Win+R or not.
Can I Has Sinkhole? (Score:1)
Me use it good. Me promise.
Microsoft Cyber Police (Score:3)
The Microsoft Digital Crimes Unit: Microsoft are the cyber police?
Re:Microsoft Cyber Police (Score:4, Insightful)
You're assuming they detect the crimes rather than commit them.
Windows Recall Infects Windows 11 (Score:2)