Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojanized, Info-Stealing PuTTY Version Lurking Online

Posted by timothy on from the at-your-command-prompt dept.

One of the best first steps in setting up a Windows machine is to install PuTTY on it, so you have a highly evolved secure shell at your command. An anonymous reader writes, though, with a note of caution if you're installing PuTTY from a source other than the project's own official page. A malicious version with information-stealing abilities has been found in the wild. According to the article: Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. "Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as 'root' access) which can give them complete control over the targeted system," the researchers explained. The Symantec report linked above also shows that (at least for this iteration) the malware version is easy to spot, by hitting the "About" information for the app.

8 of 216 comments (clear)

  1. Cygwin appreciation society! by MrKaos · · Score: 4, Interesting

    I've never really be that fond of putty, although I see where it is useful. Cygwin offers so much more having use of the shell on windows and ssh if you need to get into a system. Cygwin/X is even better when I need to get a gui. Add windowspager and Windows becomes a great presentation layer!

    Thank you Cygwin people!

    --
    My ism, it's full of beliefs.
  2. Re:Why? by Daniel+Hoffmann · · Score: 3, Interesting

    PuTTY also runs in linux, if you are doing a simple SSH access you can do it in any terminal easily, but PuTTY also does a lot of stuff that you need to be a command-line specialist to be able to do by hand. Plus it saves your configurations for later uses.

    Personally I always do tunneling through PuTTY

  3. Re:Why? by ledow · · Score: 5, Interesting

    CygWin is a damn nightmare, especially if you have other software that uses it.

    It suffers from enormous "DLL Hell" problems when it has multiple versions trying to load and if you use programs that use older versions of Cygwin, they don't necessarily run at all in co-existence with programs using newer versions. "Cygwin1.dll" exists is so many different versions that it's almost impossible to manage properly.

    I used to develop on Windows with Eclipse and Cygwin. I quickly moved to MinGW because silly things like random games, utilities, etc. that use it would interfere with the version I was developing against.

    If all you want is a real terminal on a GUI, Cygwin is total overkill. Not only that, if you use WinSCP as well, it will manage the keys for you properly between both programs so you don't even notice that you're using it.

    Use *nix, or use Windows and PuTTY. For sure, as a network admin, I wouldn't let put Cygwin near your computers but I'll happily pre-install PuTTY for you (zero install needed, certainly no pissing about with PATH and multiple versions of the DLL etc.).

  4. Re:Is it on the main download page? by danbob999 · · Score: 3, Interesting

    Because it would be impossible to add a trojan to cygwin or openssh?

  5. Re:Is it on the main download page? by jellomizer · · Score: 4, Interesting

    I am still trying to figure out why Microsoft hasn't packaged SSH based tools with windows.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  6. Re:Is it on the main download page? by tnk1 · · Score: 5, Interesting

    I am always struck by the fact that something in such widespread use as PuTTY is still downloaded from what looks like someone's public home directory.

    On the other hand, it is such an anomaly that I instantly recognize the site when I see it as the correct download site.

  7. Re:Is it on the main download page? by Shakrai · · Score: 3, Interesting

    Because SSH is mostly used to talk to Linux servers. Since when has Microsoft ever done anything to make Windows easier to use with other systems?

    All Windows shops still have switches and routers.....

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  8. Re:Is it on the main download page? by Jadecristal · · Score: 3, Interesting

    I know that there are checksums on the download page. We know how to use them. Other people don't.

    I don't understand WHY, after all this time, the author(s) continue to refuse to get a code-signing certificate and sign the executable files and the installer. I'm almost assuming that it's on principle somehow, because it's not that expensive and if a request was made I'd bet donations would take care of the cost in under a day.