Researchers Catch Microsoft Zero-Day Used To Install Government Spyware

An anonymous reader quotes a report from Motherboard: Government hackers were using a previously-unknown vulnerability in Microsoft's .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world. The hackers sent a malicious Word RTF document to a "Russian speaker," according to Ben Read, FireEye's manager of cyber espionage research. The document was programmed to take advantage of the recently-patched vulnerability to install FinSpy, spyware designed by FinFisher. The spyware masqueraded as an image file called "left.jpg," according to FireEye.

..."to governments around the world"...

[turkeydance]

yep. yours, too, and to all the places you'll go.

Re:Purpose of using Zero Day moniker?

[ls671]

Interesting, is it a zero-day or a backdoor?

Re: Purpose of using Zero Day moniker?

[Anonymous Coward]

Also, if MS put out a patch today then it wasn't a zero day until today.

Zero day = the manufacturer doesn't know about it at all. Not how many days has a patch been available.

If it's a backdoor then it was never a zero day as the manufacturer always knew it was there.

Re: Purpose of using Zero Day moniker?

[Monster_user]

Microsoft knew about it for far further back than today. To patch an exploit, it first has to be reported. Then it has to be reported by a reputable source, with information on how to recreate it, in order to prove there is a flaw that can be exploited. Then the developers have to come up with a solution to the exploit, and then spend man hours coding the remedy into a patch. The patch must then be tested to make sure it doesn't break existing functionality. If it breaks anything then a judgement call re

Re:

[courteaudotbiz]

It's not a backdoor nor a vulnerability. It's a government feature that was discovered and MS locked the feature. Now the 3 letters agencies will have to revert to their other features to get into people's computers.

Re:

[ls671]

Come on Courteau! Yourself and I know that In Canada, they are called; 4 letter agencies. Thanks for adapting to the American way still...

Re:

[Jerry]

It used to be that when a Linux developer found a security hole its presence, proof of concept script and patch would be announced and posted the same day the hole was discovered. I.E., "Zero Days" between discovery, announcement and patch. The Linux user could confirm their installation weakness, or not, by running the proof of concept script.

Microsoft destroyed that meaning in its ecosystem by threatening whitehats with lawsuits of they revealed the holes they discovered in Microsoft software to anyon

Re:

[JoePete]

Actually, the origin of the term "zero day" was just that - how many days a particular piece of software had been available. It came from the days when "warez" could be found for download. Obviously, the zero days were most prized since they were new releases. How the term has been appropriated, misused and confused since is another thing. It would be far more accurate and informative to refer to something as an "unpatched vulnerability" rather than jargon that is either poorly understood or spawns debate.

NORTH KOREA or THE NSA

[Anonymous Coward]

Who has caused the most damage for American citizens?

NORTH KOREA or THE NSA?

Re:NORTH KOREA or THE NSA

[Opportunist]

This is pretty much why I can't help but snicker every time someone says "But the Russians...". The harm "the Russians" can do to you are minimal compared to what your very own government can.

Re: NORTH KOREA or THE NSA

[Anonymous Coward]

The NSA doesn't care about elections. They will get funded no matter who is elected.

There was, however, a concerted effort by the media to skew election polling results so they could keep saying the other guys are losing. They were wrong BTW. The media is always full of shit. Especially how badly they're covering EquiFUCKED, trying to do everything they can to not blame Equifuckers...

Re:

[Opportunist]

Like it would be any different for the average person if the other branch of The Party ruled.

Re:NORTH KOREA or THE NSA

[Ol Olsoc]

This is pretty much why I can't help but snicker every time someone says "But the Russians...". The harm "the Russians" can do to you are minimal compared to what your very own government can.

I wonder if we might be able to concentrate on more than one issue at a time.

Re:

[Anonymous Coward]

I wonder if we might be able to concentrate on more than one issue at a time.

Given that the whole point of the "Russia hacked the elections" thing is to distract people from more important things, it seems that the answer is "No."

Re:

[Ol Olsoc]

I wonder if we might be able to concentrate on more than one issue at a time.

Given that the whole point of the "Russia hacked the elections" thing is to distract people from more important things, it seems that the answer is "No."

Well, I can't be certain of course, but I'd wait a few months her for further news before the conspiracies are closed.

Re:

[Opportunist]

So? Nothing a few nukes can't fix.

And the fun part about the US' nukes is that the average person has no control over them. That's what you still need your army for.

Re:

[Opportunist]

Unlikely. He doesn't like faggy fawning of people over him.

Re:

[Opportunist]

Hey, if you put a ball on the penalty point, don't be surprised if someone kicks it.

Re:

[Opportunist]

Again, you live in the delusion that the other side of The Party does anything different. Care to show me the difference between 2000-2008 and 2008-2016 in US politics?

Re:NORTH KOREA or THE NSA

[Plus1Entropy]

I think that's a bit disingenuous. Both things are threats to our liberty, in different ways and to different degrees. Just because I am concerned about Russia interfering in our elections doesn't mean that I am not concerned about the rise of the surveillance state.

Re:

[Anonymous Coward]

p>How do we begin to fix it? Vote in the Democratic primary (The Rethuglicans are lost) and vote for the candidate most likely to actually work toward cutting down the surveillance state. And NEVER vote for a Rethuglican. Vote a straight Democratic ticket in EVERY general election, not just the Presidential ones.

A better way to fix it is to break the chains binding you to a particular party. The "us versus them" mentality is a distraction. It has been carefully cultivated by both parties in varying degrees, blinding people to the fact that neither the Democrat nor Republican parties represent the average person, regardless whether you believe they did at some point in the past.

We are mice voting for white versus black cats.

Re:

[Opportunist]

Holy shit, someone gets it.

Re:

[rholtzjr]

Thank you for pointing out the obvious that so many people have been missing for the past (shoot, I lost count) years. Divide and conquer has always been a tried and true method in ANY type of conflict.

Re:

[rtb61]

Good PR schtick but the reality is the whole world is concerned about the US hacking their elections, from extortion, to colour revolutions, coups against democracies to turn them into autocracies who will ruthlessly exploit their citizens at the behest of US corporations, to out and out invasion and mass murder of the population. Now all of these are proven facts and histories and not some bullshit about Russia spending $100,000 buying advertisements or foreign citizens reporting the crimes of the US gover

Re:

[Plus1Entropy]

PR schtick? Fuck you.

Re:

[Opportunist]

Thanks, but no thanks. Freedom-wise they're even worse than the US, and that's already a place I try to avoid.

Re:

[grep -v '.*' *]

"Oh, them? It never changes," she said. "It's always: location, location, location."

Re:

[Marlin Schwanke]

Who has caused the most damage for American citizens?

NORTH KOREA or THE NSA?

Or state-sponsored hackers, fighting an undeclared cyber-war? 99% of the American citizenry were enjoying their usual lives, un-molested, prior to said hackers, oh, and of course, "patriotic" leakers, sharing our state secrets and many of our own cyber-war weapons with our "friends" at Wiki-Leaks. Dear Julian, having absolutely no compunctions, if it increases his importance and fluffs his, umm, ego has done quite a bit of damage. Did was really need him to out the basis for the recent ransom-ware attack

Re:

[Macfox]

The concept of transparency and accountability must be new to you.

The NSA was checking everyone's front door, so they could gain access "if" they ever needed to, but claiming they have your interest at heart.

Re:

[Marlin Schwanke]

The question was, “Who has caused the most damage for American citizens?” The NSA’s activities are certainly objectionable but how much real damage have they done to American citizens?

Re:

[Macfox]

So far Kim has done Jack all, but thrown a few insults and made threats. The NSA in its irresponsible handling of sensitive data and munitions has cost the Americans much more indirectly.

Re:

[Marlin Schwanke]

You’re certainly correct that Kim hasn’t done anything overt as yet. But I guarantee you North Korea has had indirect impact on Americans, increased defense expenditures in the region come to mind. It is certainly true the NSA‘s activities have impacted Americans, and others worldwide, with the release of their hacking tools leading directly to ransomware attacks.

The point in my original post was that those ransomware attacks were less the fault of the NSA, and more the fault of the ha

Re:

[Macfox]

If you are going to build such munitions and store them, it's your responsibility to secure them.
Attributing blame on Assange isnt logical. Unknown hackers breached US security and had these tools. The responsible thing was to make the world know they're in the wild.

Software proprietors cause massive damage.

[jbn-o]

Who has caused the most damage for American citizens?

Software proprietors, regardless of nationality, current employment, or current residence. Brad Kuhn said it well in his blog post, "Software Freedom Doesn't Kill People, Your Security Through Obscurity Kills People [ebb.org]".

Re:

[Gravis Zero]

Who has caused the most damage for American citizens?

NORTH KOREA or THE NSA?

Microsoft.

Re:

Neither of them. The American citizens themselves, by electing Donald Trump as a president - and previously Bush Jr. and his regime, who probably caused the biggest damage to the US so far that any government has ever caused.

Not much of an exploit

[fustakrakich]

The guy still had to download and open the Word doc.

And I hope FireEye isn't trying to claim to be some kind of hero in this. The timing of their "revelation" is highly suspicious.

Re:

[Anonymous Coward]

I'm safe. I don't have Office.

I'm human, and I don't have office either.

how is life as a safe?

Re:

[fustakrakich]

And furthermore, anyone who doesn't believe in full public disclosure upon discovery is a *BLEEEEE..*

Re:

[Koby77]

Hasn't microsoft missed a patch tuesday in the past, causing a researcher to reveal a zero day because of a time limit policy on withholding the vulnerability from the public? I agree the timing is suspicious, but it may be that FireEye said "We're revealing it on 9/12/2017, so you better not miss patch tuesday, but if you do release then everything will be okay." I'm just pointing that out as a possibility; we may never know what is said behind the scenes.

We need a survey!

[Snotnose]

Questions: Are you surprised by this?

a) No
b) Yes
c) I'm a clueless asshat, can I read a story now?

The dark covenant

[lucm]

Those guys are playing with evil forces.

FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands.

RTF -> VBScript -> PowerShell -> Chtulhu awakens

Re:The dark covenant

[Mal-2]

Why is it that Windows & Linux are always getting hacked but you never hear about exploits for the Mac huh? What gives!?

Because you're not paying attention.
https://www.exploit-db.com/exploits/36692/ [exploit-db.com]

Re:

[Bite The Pillow]

That's why no one here RTFs Anything.

What Brian LaMacchia said about .NET security

[Anonymous Coward]

Brian Malacchia was one of the authors of .NET. I had the pleasant experience of hearing him speak at MIT about the upcoming "Trusted Computing" software. What made it fun was that Richard Stallman was in the room, which Brian was *not* expecting, and proceeded to call into question the entire "Microsoft holds the private keys, and revolcation keys for all your hardware and software" security model. Brian pointed out that if Microsoft ever did the pernicious tricks Richard Stallman was worried about, that he and ethical engineers like him would resign.

I managed to rivet the room by pointing out "just like you resigned from the .NET project for their violations of basic security"? The fact that he hopped from security from .NET to Trusted Computing, and .NET *had government backdoors built in*, is precisely why we should trust neither project. He *knew* it was flawed, and instead of resigning he just went to the next security project that has nothing to do with actual user security. It's about digital rights management, at every single level, and about giving Microsoft access to user's private keys in their own private and uncontrolled escrow storage.

Re:

[basecastula]

out of points. interesting

Re:

[crtreece]

I'm sure Microsoft is a huge hacker target. It'll be interesting when they get hacked and we find out the real extent of their snooping and data gathering, which is sure to include plenty of user credentials and encryption keys.

Please bash .NET runtime...

[MoarSauce123]

....the same way you do with Java. It's only fair.