Conversation

Notices

1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 17-Dec-2022 13:23:06 EST lnxw48a1
   https://github.com/nim-lang/Nim/issues/17820
   
   #Nim-lang (falsely?) detected as Trojan by Windows Defender. This has been going on for over a year.
   1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 17-Dec-2022 13:33:15 EST lnxw48a1

      in reply to
      https://www.theregister.com/2022/11/10/icexloader_malware_microsoft_users/ [www theregister com]
      
      And here's why the AV detects it. They don't have many samples written in #Nim, and most that they have are malware / trojans. But attackers are using more than just #Nim-lang. They're also using #GoLang, #DLang, and #Rust. This suggests that antivirus vendors need to get smarter.
      1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 17-Dec-2022 13:44:16 EST lnxw48a1

         in reply to
         Speaking of that, the 2022-December Windows updates include some developer certificate revocations. They were being used to sign malicious drivers. If you have not updated yet, it is #time_to_update.
         
         > "In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers," Microsoft wrote, adding that its "investigation revealed that several developer accounts for the Microsoft Partner Center were engaged in submitting malicious drivers to obtain a Microsoft signature."
         
         > The IT giant stressed there had been no compromise of its own network and systems; this was a case of rogue developers submitting bad drivers, and waiting for Microsoft to wrongly OK them, and then use the code in the wild against victims, we're told.
         
         #Win10 #Win11 #Windows_Update #malware #patch_tuesday