Slashdot Mirror

← Back to Stories (view on slashdot.org)

'StrongPity' Malware Infects Users Through Legitimate WinRAR and TrueCrypt Installers (neowin.net)

Posted by msmash on from the security-blues dept.

Kaspersky Labs has revealed a new strain of malware -- named 'StrongPity' which targets users looking for two popular applications - WinRaR and TrueCrypt. The malware contains components that not only has the ability to give attackers complete control on the victim's computer, but also steal disk contents and download other software that the cybercriminals need. From a Neowin report: To be able to gather victims, the attackers have built special fake websites that supposedly host the two programs. One instance that was discovered by the researchers is that the criminals transposed two letters in a domain name, in order to fool the potential victim into thinking that the program was a legitimate WinRAR installer website.

13 of 105 comments (clear)

  1. Title smells like bullshit by truedfx · · Score: 5, Insightful

    "through legitimate WinRAR and TrueCrypt installers"? By what logic are those installers legitimate?

    1. Re:Title smells like bullshit by omnichad · · Score: 2

      Bad writing, but I'm sure the meaning is that it also legitimately installs the actual intended software. Might even be the exact same installer but with a modified payload.

    2. Re:Title smells like bullshit by richy+freeway · · Score: 2

      Isn't that precisely how malware has been spreading since day one?

    3. Re:Title smells like bullshit by Lumpy · · Score: 2

      not legitimate... It is horrible writing and freaking fearmongering FUD crap that is the norm for slashdot now days.

      These are MODIFIED installers, the article needs to be corrected

      --
      Do not look at laser with remaining good eye.
  2. Legitimate by dejitaru · · Score: 3, Insightful

    If it's malware infected, it's not legitimate.

  3. Actual source by Anonymous Coward · · Score: 5, Informative

    Nothing like an ad-infested news page with referral program links to the original source. Here is the actual article, with a sanitized URL:

    http://usa.kaspersky.com/about-us/press-center/press-releases/2016/Kaspersky_Lab_Reveals_Advanced_Persistent_Threat_StrongPity

  4. Why is this here? by thegarbz · · Score: 3, Insightful

    Hasn't this been done 1000 times before? What's new here? Why is this newsworthy?

    1. Re:Why is this here? by green1 · · Score: 4, Informative

      The headline stated something rare (legitimate installers of popular programs being infested by malware)

      Of course the headline was nothing to do with reality, the article, or even the summary, which is all about the every day occurrence of fake installers being used to try to trick people in to installing malware, which is not new at all.

  5. Re:Wait.. by SumDog · · Score: 2

    7zip is open source and I'm pretty sure it handles rar/zip/gzip too.

  6. Re:On ./ by campuscodi · · Score: 2

    I'll just leave this here: "The owner of dotslash.org is offering it for sale for an asking price of 10000 USD!"

  7. Re:Wait.. by NotAPK · · Score: 3, Interesting

    7-zip decompresses RAR files, and makes 7z (LMZA and LMZA2) files which are smaller, "better"* (support multi threaded compression/decompression and AES encryption) and is multi-platform and open source. Absolutely no reason why it shouldn't be your compression format of choice.

  8. Re:What about TrueCrypt... by HBI · · Score: 2

    I saw something about the "tired of supporting it" bs, but the assumption at the time was that it was a warrant canary of sorts.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  9. Re:What about TrueCrypt... by Kjella · · Score: 2

    Why are people still using something that the authors of same apparently think is compromised?

    Because if they really found a serious bug they'd either patch it or tell people where it is and why it needs fixing. The whole "there's a problem here, but I won't tell you what it is", "trust Microsoft, switch to Bitlocker" and so on was just screaming "there's something we can't tell you". It's designed to ruin their credibility so that nobody would trust another Truecrypt release. Why would they do that? The only logical explanation I can think of is that somebody was trying to force them to add a backdoor and this was their way to permanently refuse. That makes the 7.1a the last good version, not one you should throw away. And nobody's found this alleged compromise, so what... they found something extremely cleverly hidden backdoor but decided to not give the slightest hint? Nothing they said makes any sense, which I think was exactly the point. It's nonsense and shouldn't be trusted at all.

    --
    Live today, because you never know what tomorrow brings