Zero-Day Windows exploit "AtomBombing"
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Zero-Day Windows exploit "AtomBombing"
I just read this article, link below. I'm not even going to try to explain it, as it's mostly over my head. If what this article reports is true, it seems we are in for some bad times. One person who commented asked about all the ATMs running Windows . . . I wonder if from now on I'm just going to have to go inside the bank to get cash. But another comment said this: "That smells like overblown sensationalism . . . ." So to all the computer experts who frequent this forum, is this something we all have to worry about, or is it just "sensationalism"?
http://www.ghacks.net/2016/10/29/atombo ... s-exploit/
http://www.ghacks.net/2016/10/29/atombo ... s-exploit/
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
-
- Level 20
- Posts: 12341
- Joined: Sun Aug 09, 2015 10:00 am
Re: Zero-Day Windows exploit "AtomBombing"
If this is true, are all the windows systems doomed , as there can not be any antivirus for these
To counter this, does MS have to changes the design of the systems? Lets wait for a statement from MS.
To counter this, does MS have to changes the design of the systems? Lets wait for a statement from MS.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
- Portreve
- Level 13
- Posts: 4870
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: Zero-Day Windows exploit "AtomBombing"
I guess a good question to also be raised is, "How do other operating systems, such as GNU+Linux, GNU+Linux-based Android OS, iOS, and Mac OS X, handle this sort of basic operating system functionality?" I'm not necessarily saying it's identical, but obviously there's a chance that there's a different-but-equivalent way these OSs handle it, and that in principle could be exploited as well.
On the other hand, if other OS makers have a better, not exploitable way of doing this, then this should be proclaimed loudly from the hills.
On the other hand, if other OS makers have a better, not exploitable way of doing this, then this should be proclaimed loudly from the hills.
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
-
- Level 6
- Posts: 1282
- Joined: Mon Nov 24, 2014 9:17 am
- Location: Chrząszczyżewoszyce, powiat Łękołody
Re: Zero-Day Windows exploit "AtomBombing"
1. There is a virus, trojan.Schultz wrote:I just read this article, link below. I'm not even going to try to explain it, as it's mostly over my head. If what this article reports is true, it seems we are in for some bad times. [/url]
1.1. Microsoft never able to patch malicious code execution. Malicious code is not different from the good code.
2. Fight against viruses, trojans is deal of antivirus software.
3. Zero-day virus is virus not detected before today.
4. Antivirus softwares will fight tomorrow.
So, take it easy.
Windows assumes I'm stupid but Linux demands proof of it
Re: Zero-Day Windows exploit "AtomBombing"
https://breakingmalware.com/injection-t ... r-windows/
This is about as big as it gets.
And I do not for one second believe that this exploit is *new*. For a long time there has been some rumblings about boogers latching on to Win services. And defying any and all scanners and heuristics.
You might be able to tailor heuristics for it now, but there would likely be alot of false positives especially from Win itself, which would be using undocumented system calls.
Think about it. What better way to deprecate the Win desktop and march people into the cloud than proving that all their machines are irreversibly infected.
Or for that matter bring the unwashed masses flooding into Linux, where they can safely use their Win programs on VMs or running on Wine. (Or so they would tend to believe).
Recently all three of my Win boxes have slowed to a snail pace, with me having to do a hard shut down on *all* of them.
I assume that this came from some stupid online garbage site from the local community college, where wife needed to allow boogers in - against warnings - to take quizzes.
Explorer taking up to around 600Mb, thrashing the disk, as well as svchost acting oddly. I know how to hunt boogers. But this is like hunting ghosts.
Fortunately 2 of the 3 machines boot into Linux. Soon to be 3 of 3.
Hopefully some greybeard will pop in with some ideas.
Especially as while those system calls cannot affect Linux, they can presumably affect programs in Wine.
Best advice form this end: No online banking or entering of credit card #'s on any Win machines or M$ programs under any platform.
And dont keep any valuable data in any 'Active Directories'.
Now with the big 'secret' out, every script kiddie in this quadrant of the galaxy will be using it - and only a matter of time where they truly get to the malicious stage (right now its stealing financial info...).
This is about as big as it gets.
And I do not for one second believe that this exploit is *new*. For a long time there has been some rumblings about boogers latching on to Win services. And defying any and all scanners and heuristics.
You might be able to tailor heuristics for it now, but there would likely be alot of false positives especially from Win itself, which would be using undocumented system calls.
Think about it. What better way to deprecate the Win desktop and march people into the cloud than proving that all their machines are irreversibly infected.
Or for that matter bring the unwashed masses flooding into Linux, where they can safely use their Win programs on VMs or running on Wine. (Or so they would tend to believe).
Recently all three of my Win boxes have slowed to a snail pace, with me having to do a hard shut down on *all* of them.
I assume that this came from some stupid online garbage site from the local community college, where wife needed to allow boogers in - against warnings - to take quizzes.
Explorer taking up to around 600Mb, thrashing the disk, as well as svchost acting oddly. I know how to hunt boogers. But this is like hunting ghosts.
Fortunately 2 of the 3 machines boot into Linux. Soon to be 3 of 3.
Hopefully some greybeard will pop in with some ideas.
Especially as while those system calls cannot affect Linux, they can presumably affect programs in Wine.
Best advice form this end: No online banking or entering of credit card #'s on any Win machines or M$ programs under any platform.
And dont keep any valuable data in any 'Active Directories'.
Now with the big 'secret' out, every script kiddie in this quadrant of the galaxy will be using it - and only a matter of time where they truly get to the malicious stage (right now its stealing financial info...).
Re: Zero-Day Windows exploit "AtomBombing"
What a nonsense. Not long time ago leading anti-virus software companies admitted about one third of viruses goes undetected. Anti-virus is second line of defense. First line is a strong OS without thousands of security holes - something MS Windows is not.2. Fight against viruses, trojans is deal of antivirus software.
Master Foo Discourses on GUI.
First Linux 1997. Last Windows 2004.
First Linux 1997. Last Windows 2004.
Re: Zero-Day Windows exploit "AtomBombing"
The brief summary, "Windows is insecure, by design."Schultz wrote:I just read this article, link below. I'm not even going to try to explain it, as it's mostly over my head. If what this article reports is true, it seems we are in for some bad times. One person who commented asked about all the ATMs running Windows . . . I wonder if from now on I'm just going to have to go inside the bank to get cash. But another comment said this: "That smells like overblown sensationalism . . . ." So to all the computer experts who frequent this forum, is this something we all have to worry about, or is it just "sensationalism"?
http://www.ghacks.net/2016/10/29/atombo ... s-exploit/
Knowledgeable Linux supporters have warned us of this reality for years. Yet their warnings are often lost in a cacophony of pro-windows blather. Security is, after all, hard. Even Linux supporters must be vigilant.
Re: Zero-Day Windows exploit "AtomBombing"
I have to call BS here.BigEasy wrote:4. Antivirus softwares will fight tomorrow.
Most of you are blowing smoke and spreading FUD.
Lose the ATMs or overhaul the structure.
I for one am tired of speculation.
Fear and ignorance are the enemies here.
But A/V will 'fight' anything is laughable (nothing personal)
And my toaster can scan for viruses, but it, like ClamAV,
it doesn't clean anything.
</personal_opinion>
Re: Zero-Day Windows exploit "AtomBombing"
The fact that the Win Firewall was software reprogrammable told me everything I needed to know.Dr G wrote:The brief summary, "Windows is insecure, by design."Schultz wrote:I just read this article, link below. I'm not even going to try to explain it, as it's mostly over my head. If what this article reports is true, it seems we are in for some bad times. One person who commented asked about all the ATMs running Windows . . . I wonder if from now on I'm just going to have to go inside the bank to get cash. But another comment said this: "That smells like overblown sensationalism . . . ." So to all the computer experts who frequent this forum, is this something we all have to worry about, or is it just "sensationalism"?
http://www.ghacks.net/2016/10/29/atombo ... s-exploit/
Knowledgeable Linux supporters have warned us of this reality for years. Yet their warnings are often lost in a cacophony of pro-windows blather. Security is, after all, hard. Even Linux supporters must be vigilant.
Turned off security center, updates, UAC on newer garbage - all smoke and mirrors to hide the fact that since Win is *by design* as leaky as a screen door on a submarine, any and all security MUST come from *outside* M$.
Mainly hardware firewalls, checking running services, a good software firewall - and fully armored browsers.
The latter did me in here, as I was forced to lower shields, to let in some stoooooopid school boogers.
Nary a word from the Comodo firewall, though.....
-
- Level 6
- Posts: 1282
- Joined: Mon Nov 24, 2014 9:17 am
- Location: Chrząszczyżewoszyce, powiat Łękołody
Re: Zero-Day Windows exploit "AtomBombing"
No. First line (if not single) exists between keyboard and chair. Hand up, please, who working in Windows under User (not Administrator) privilegies.AscLinux wrote:[First line is a strong OS without thousands of security holes - something MS Windows is not.
Well. Not much hands visible. So, what we are talking about after that? How does this relate to Windows?
Windows assumes I'm stupid but Linux demands proof of it
Re: Zero-Day Windows exploit "AtomBombing"
Nope. You can take all precautions in Windows and still get infected. This is how crappy this OS is. Cars without brakes and malfunctioning steering are illegal on public highways. Why is MS Windows allowed connect to the internet? It is clearly not strong enough for internet connection. When faced directly (without NAT router) the net the break-in time is around a minute after discovered.BigEasy wrote:No. First line (if not single) exists between keyboard and chair. Hand up, please, who working in Windows under User (not Administrator) privilegies.AscLinux wrote:[First line is a strong OS without thousands of security holes - something MS Windows is not.
Well. Not much hands visible. So, what we are talking about after that? How does this relate to Windows?
Fighting DDoS attacks and other cyberthreats costs billions every year. Where these attacks come from? Zombified Windows boxes!
Master Foo Discourses on GUI.
First Linux 1997. Last Windows 2004.
First Linux 1997. Last Windows 2004.
Re: Zero-Day Windows exploit "AtomBombing"
Its amazing how much time and effort and money people spend on M$ security when there is none, and none possible for a system that defaults to remote desktop functions. Win is designed to give Redmond control over *your* desktop not you.
But with the mediocre level of programming from M$, its simple for any decent malware programmer to use those back doors to take over also.
Strong passwords, user accounts, UAC, AV, encryption, Win Firewall - all lipstick on a pig and totally useless.
In fairness they did work on some of the older toolkits handed out for free on the Darknet, which relied on RATS creating their own programs to phone home with (even to the point of installing OpenVPN in one case), and some of the older encryptor signatures would be discovered over time. But its not the way things work now. As soon as the encryptors are discovered, they are changed. And the payloads are now publically available as Win system calls.
The only light i see at the end of the Win tunnel is the Russkies throwing a research institute behind ReactOS. They've already given it 'official' support.
But with the mediocre level of programming from M$, its simple for any decent malware programmer to use those back doors to take over also.
Strong passwords, user accounts, UAC, AV, encryption, Win Firewall - all lipstick on a pig and totally useless.
In fairness they did work on some of the older toolkits handed out for free on the Darknet, which relied on RATS creating their own programs to phone home with (even to the point of installing OpenVPN in one case), and some of the older encryptor signatures would be discovered over time. But its not the way things work now. As soon as the encryptors are discovered, they are changed. And the payloads are now publically available as Win system calls.
The only light i see at the end of the Win tunnel is the Russkies throwing a research institute behind ReactOS. They've already given it 'official' support.
- Portreve
- Level 13
- Posts: 4870
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: Zero-Day Windows exploit "AtomBombing"
Is this the thing that Google outted Microsoft on in one of their posts?
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Re: Zero-Day Windows exploit "AtomBombing"
Not sure where the original outing came from, I was under the impression it was Israeli. Could be wrong.Portreve wrote:Is this the thing that Google outted Microsoft on in one of their posts?
Makes sense for Google though. It had the motive - to get people to switch to its operating system.
Android on a desktop?
Re: Zero-Day Windows exploit "AtomBombing"
This isn't just a banking/financial problem. If this is true, what about health care providers that use Windows on their desktops? This would mean the privacy of 99% of all medical records is threatened. I know because it's what I do for a living. YOU and I may be smart enough to stop using Windows but if your doctor or dentist still does, you have no say in the matter of the safety of your medical records. All because Microsoft refuses to publicly acknowledge the flawed nature of their operating system.
In an earlier thread I said that Microsoft will not rewrite Windows. That would be tantamount to an admission and confession that Windows is a leaky as a colander. Do you think they are likely to admit anything now? They'll just claim there is a way to "patch" this. Nothing to see here; move along.
I am reminded of someone rearranging the deck chairs on the Titanic.
In an earlier thread I said that Microsoft will not rewrite Windows. That would be tantamount to an admission and confession that Windows is a leaky as a colander. Do you think they are likely to admit anything now? They'll just claim there is a way to "patch" this. Nothing to see here; move along.
I am reminded of someone rearranging the deck chairs on the Titanic.
-
- Level 6
- Posts: 1282
- Joined: Mon Nov 24, 2014 9:17 am
- Location: Chrząszczyżewoszyce, powiat Łękołody
Re: Zero-Day Windows exploit "AtomBombing"
No. If you take all precautions in Windows you will never beeen infected. But people never do even elementary things.AscLinux wrote:Nope. You can take all precautions in Windows and still get infected.
Not true and even not close. I have inernet connection directly to my computer network card. No NAT, just DIRECT connection for many years. No problem.When faced directly (without NAT router) the net the break-in time is around a minute after discovered.
Zombified users of Windows boxes.Fighting DDoS attacks and other cyberthreats costs billions every year. Where these attacks come from? Zombified Windows boxes!
Windows assumes I'm stupid but Linux demands proof of it
- Fred Barclay
- Level 12
- Posts: 4185
- Joined: Sat Sep 13, 2014 11:12 am
- Location: USA primarily
Re: Zero-Day Windows exploit "AtomBombing"
Not if the rumours of backdoors in Windows are true.BigEasy wrote: No. If you take all precautions in Windows you will never beeen infected.
Re: Zero-Day Windows exploit "AtomBombing"
^^ This, ladies and germs, qualifies as BS. Although I respect your right to your own opinions, no matter how blatantly they fly in the face of logic and reality, I will be no part of this discussion from now on.BigEasy wrote:No. If you take all precautions in Windows you will never beeen infected. But people never do even elementary things.AscLinux wrote:Nope. You can take all precautions in Windows and still get infected.
Not true and even not close. I have inernet connection directly to my computer network card. No NAT, just DIRECT connection for many years. No problem.When faced directly (without NAT router) the net the break-in time is around a minute after discovered.
Zombified users of Windows boxes.Fighting DDoS attacks and other cyberthreats costs billions every year. Where these attacks come from? Zombified Windows boxes!
Master Foo Discourses on GUI.
First Linux 1997. Last Windows 2004.
First Linux 1997. Last Windows 2004.
Re: Zero-Day Windows exploit "AtomBombing"
Fred Barclay wrote:Not if the rumours of backdoors in Windows are true.BigEasy wrote: No. If you take all precautions in Windows you will never beeen infected.
http://www.computerworld.com/article/25 ... pdate.html
And this a *OLD* news!
-
- Level 6
- Posts: 1282
- Joined: Mon Nov 24, 2014 9:17 am
- Location: Chrząszczyżewoszyce, powiat Łękołody
Re: Zero-Day Windows exploit "AtomBombing"
So what? Can I remind you case of faked Linux Mint installatin that took place right here ? I was simple as hell comparing to Microsoft's.
Same from me to you. This, ladies and germs, qualifies as BS. Although I respect your right to your own opinions, no matter how blatantly they fly in the face of logic and reality.AscLinux wrote:^^ This, ladies and germs, qualifies as BS. Although I respect your right to your own opinions, no matter how blatantly they fly in the face of logic and reality
Windows assumes I'm stupid but Linux demands proof of it