[PLUG] Hiding Windows malware in WSL and running it with WINE

JP Vossen on 13 Sep 2017 18:39:41 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Hiding Windows malware in WSL and running it with WINE

From: JP Vossen <jp@jpsdomain.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Hiding Windows malware in WSL and running it with WINE
Date: Wed, 13 Sep 2017 21:39:35 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

https://motherboard.vice.com/en_us/article/xwwexa/windows-10s-built-in-linux-shell-could-be-abused-to-hide-malware-researchers-say
...

What's interesting about Bashware is that attackers don't have to writemalware programs for Linux in order to run them through WSL on Windows.Thanks to a program called Wine, they can use the technique to directlyhide known Windows malware.

...

The good news is that in order to use Bashware, attackers need toalready have administrator privileges on their victims' computers.

...

Wow,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] Why Can't Programmers.. Program?
Next by Date: Re: [PLUG] Why Can't Programmers.. Program?
Previous by thread: Re: [PLUG] Internet access in Berwyn slows to a crawl as the day wears on ...
Next by thread: [PLUG] Rachel Rawlings talk "icinga2bot, a python-based chatops plugin" presented 2017-08-02 @ PLUG Central
Index(es):
- Date
- Thread