Comments

You must log in or register to comment.

[deleted] t1_it6dkcc wrote

“Detectable back door gets detected” *

106

noorbeast t1_it6fcis wrote

Do not open a file from an unknown source, security 101.

70

nightwing12 t1_it700z6 wrote

I’ve realized the only more bullshit domain of compsci than machine learning is cyber security. Both fields full of liars and snake oil.

−33

Ganrokh t1_it767qu wrote

Our IT department just added a Gmail addon yesterday where if our work Gmail receives a suspicious email, we can click a fishhook icon that auto-forwards it to them. It's even easier now!

10

BurningPenguin t1_it7gbaz wrote

If it's an email that is really hard to tell if it's spam or not, it's fine. But i'm getting regularly questions about mails that should be painfully obvious. Especially since those mails aren't unknown to the users in question. The usual crap about "expired password" or "check this totally legit onedrive website hosted on google drive, which i crafted in 2 minutes".

And since my boss doesn't want to adjust the spam filter, so that certain subject lines are filtered, i have to explain the same shit over and over again. Adding a button to make it easier to forward potentially infected emails would make it even more annoying. We're still using Office 2016 btw.

1

drysart t1_it80kx6 wrote

This is the most garbage article I've ever seen in a while.

Not only does it describe extremely typical malware as "fully undetectable", but the behavior described is about as straightforward and naive (and thus, easily detectable) as possible. There's absolutely nothing unique or clever about the behavior it describes; it sounds like it's describing Baby's First Malware.

If you strip the specific filename out of the article and instead replace it with "named to look like a normal Windows process", then the rest of the article's text accurately describes literally thousands of different pieces of malware: run a script from a Word macro, dump a script file into an out-of-the-way directory, name it so it looks like some normal process, then run it to create a remote shell.

13

TDMNS t1_it81koh wrote

For some reason, it doesn't even sound like news, to be honest.

−4

happyscrappy t1_it83at7 wrote

This is not a Windows backdoor. It's malware people are being tricked into installing.

1

JohnnyPeanutII t1_it882pt wrote

The problem is that users should be educated about identifying spam instead of relying on IT to assess every email. An easy little button opens the very real possibility of users abusing the ever-loving shit out of it. Which is fine; a ticket is a ticket. But if I'm assessing your emails all day long, don't get pissy when your 2-minute support task sits in the queue for 13 months if you're lucky.

1

OffgridRadio t1_it91zuq wrote

How... ever.. in the name of stupid... what... I can't... so dumb...

WHY IS A WORD DOCUMENT EVEN _CAPABLE_ OF LAUNCHING A POWERSHELL COMMAND?

Absolute idiocy.

1

synapseattack t1_ita02b9 wrote

I'm sorry. But there is not anything special about that kinda stupid. It is actually surprisingly common in my opinion. To me this is my parents. My sisters. My grandparents and many many others. Most don't know wtf a macro is and won't bother looking it up before clicking "ok".

4

OffgridRadio t1_ita4gvk wrote

Yes but this particular exploit and related exploits for office/outlook are literally now in every corporate end-user IT security training. It is literally a ubiquitous problem.

In 25 years in IT I have never seen a legitimate use for a user-level command script launched from a word document.

1

designer-pad t1_ita5qwh wrote

I see your point. I’d challenge Microsoft to show a legitimate use case or scrap that feature. Their must be something there. Maybe they are leaving the door open for some business automation? (No shit, right?) It seams to me that some of Microsoft’s ideas include looking at applications already out there and thinking of ways to allow their products to do the same thing. So Enterprise Microsoft Customers can automate processes in a way that lets them avoid licensing other software. Usually its probably more a pain in the ass and takes a lot of time to find a way to automate everything using Microsoft Office, but if the stars align (Engineers with some down time, and the end project wont be frustrating) it could be worth it to keep the option open.

Have you heard of many stories of this being exploited in the wild? Why not just disable Macros with Group Policy?

1

OffgridRadio t1_ita6dzz wrote

Well as you said Macros are legit useful, I built a career on a foundation of automating dull work. Don't need to remove them entirely just don't need to expose operating system level commands to it!

1

BurningPenguin t1_itar67z wrote

Exactly this. Of course, I do encourage people to call me if they need something or have questions. This way, they won't do stupid shit just because they're afraid to ask. That's also the reason they prefer to give me a call, because I don't scold them, like the other guy does.

But it can get annoying, if I have to tell them the same stuff over and over again. I do write information and updates about things in our intranet page. Including recent occurring spam mails, how to recognize them and how to deal with it. But apparently not everyone is reading that.

0

OffgridRadio t1_itcuia5 wrote

Right now one. Our CEO has gone mad? and is crying about how we have to be in an office. I already moved lol. So maybe soon, many!

The contract side of what I do makes 10x as much. My boss and I talk about it a lot. We like our jobs and want to stay but we aren't afraid of the company getting weird.

1