Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Security IT Technology

Microsoft Warns About Astaroth Malware Campaign (zdnet.com) 72

The Microsoft security team has issued a warning today about ongoing malware campaigns that are distributing the Astaroth malware using fileless and living-off-the-land techniques that make it harder for traditional antivirus solutions to spot the ongoing attacks. From a report: The attacks were detected by the team behind Windows Defender ATP, the commercial version of the company's Windows Defender free antivirus. Andrea Lelli, a member of the Windows Defender ATP team said alarms bells sounded at Microsoft's offices when they detected a huge and sudden spike in usage of the Windows Management Instrumentation Command-line (WMIC) tool. This is a legitimate tool that ships with all modern versions of Windows, but the sudden spike in usage suggested a pattern specific to malware campaigns. When Microsoft looked closer, it discovered a malware campaign that consisted of a massive spam operation that was sending out emails with a link to a website hosting a .LNK shortcut file.
This discussion has been archived. No new comments can be posted.

Microsoft Warns About Astaroth Malware Campaign

Comments Filter:
  • by Anonymous Coward

    Bottom line: redmond still sucks at writing software. News at 11.

    • by Mashiki ( 184564 )

      Read the original source instead of the not even synopsis level material pumped out by zdnet. This has much more information [microsoft.com], and will likely be more useful especially if you're in the various IT related areas. It's actually rather interesting, because not only is the malware obfuscating what it's attempting to do. But it's trying to look legitimate while it prepares, installs and executes it's payload.

      Looking, and seeming legitimate is the same method you use when trying to go through human-layer securi

  • Disturbing. (Score:5, Insightful)

    by Major_Disorder ( 5019363 ) on Monday July 08, 2019 @03:24PM (#58892632)
    So MS knows what software you are running, and what links it might be following? While this use of the information is worthwhile, I shudder to think of the invasion of privacy.
    • by Anonymous Coward

      This is from the ATP team. The ATP product is not free and is not on all machines. Perhaps they only know about their installed base that is paying them to track these things?

    • ummm yeah. If you pay someone to monitor your devices (i.e. ATP) then I would actually be pretty pissed if they couldn't see this, it is the whole fucking point of buying the service.
  • by Anonymous Coward on Monday July 08, 2019 @03:38PM (#58892706)

    They can't secure their OS but they can sell an antivirus package that can? This is truly a clown world...

    • Spoken like someone who doesn't use windows - the product for the last 10+ years comes with Anti-Virus out of the box.

    • by vbdasc ( 146051 )

      No, actually it's quite logical, IMHO. They sell an OS with all functionality enabled, and then they sell their AV product which cripples the OS, disabling and/or slowing down one or another functionality, in exchange for some protection. You choose what to buy. Some people just don't need a crippled OS.

    • Yeah it is a clown world. Clowns who don't seem to understand that anti-malware and OS functions are necessarily different and independent. MS could stop malware tomorrow and secure their OS, but no thanks I don't want a walled garden complete with being unable to do privileged tasks on my own computer.

      So I accept the fact that I run an OS that allows the user to remain in control, even if that control is more than enough rope with which to hang themselves.

    • by AmiMoJo ( 196126 )

      You have a choice:

      An OS that lets you do mostly what you want but requires you to be vigilant because people will try to trick you into doing what they want, or exploit flaws in the software you run to attack your computer.

      OR

      An OS that is heavily locked down, where you can only take actions sanctioned by the developer. Very secure but also very limited.

      Take your pick.

  • Rule #1 to live by: Don't click on anything in an email, from any source.

  • If they had built a reasonably secure system, how many people that today are lawfully employed would be out of a job?
  • Using a computer today is like pissing in the middle of the street.

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...