Programming question for a story idea.
Moderator: Thanas
- Lord Revan
- Emperor's Hand
- Posts: 12238
- Joined: 2004-05-20 02:23pm
- Location: Zone:classified
Programming question for a story idea.
I was wondering for a story how realistic would it be for someone to sneak a computer virus as an official OS patch, as in trying to sneak a virus into a system by making it think it was downloading an official update even in truth it was downloading the virus. Would this be "not worth the cost" even for a state actor?
I may be an idiot, but I'm a tolerated idiot
"I think you completely missed the point of sigs. They're supposed to be completely homegrown in the fertile hydroponics lab of your mind, dried in your closet, rolled, and smoked...
Oh wait, that's marijuana..."Einhander Sn0m4n
"I think you completely missed the point of sigs. They're supposed to be completely homegrown in the fertile hydroponics lab of your mind, dried in your closet, rolled, and smoked...
Oh wait, that's marijuana..."Einhander Sn0m4n
Re: Programming question for a story idea.
It would be far easier to get insider information about a security loophole, likely one due to be patched shortly, and use that as an attack vector.
- DaZergRock54444
- Padawan Learner
- Posts: 215
- Joined: 2010-02-08 05:30pm
- Location: Behind a counter. Which one, I couldn't tell...
Re: Programming question for a story idea.
Pretty sure that most sensible OS vendors have their update servers locked down such that unless the company was compromised not much is getting in. Similar issue with telling the target system to download your "patch", since that'd be so close to the root config that changing it for malicious intent means that you're either a such master of social engineering that you can convince Barb the tech illiterate secretary to ignore all of the "Warning! Do Not Touch!" popups on such a setting or have already massively compromised the system anyway. Altering the patch in transit will trip the signature validator, so that's out.
TL;DR: Jub is right, gain some sort of information regarding an existing vulnerability and exploit the hell out of it. It's how WannaCry happened.
TL;DR: Jub is right, gain some sort of information regarding an existing vulnerability and exploit the hell out of it. It's how WannaCry happened.
Instead of foodservice equipment, let's play with large format projectors.
Re: Programming question for a story idea.
Were you watching the old TV Show REBOOT?Lord Revan wrote: ↑2020-06-12 06:39pm I was wondering for a story how realistic would it be for someone to sneak a computer virus as an official OS patch, as in trying to sneak a virus into a system by making it think it was downloading an official update even in truth it was downloading the virus. Would this be "not worth the cost" even for a state actor?
And yeah, as discussed, not likely to happen without major internal compromise within the company.
Of course, that doesn't prevent someone from making a LINUX variant and adding hidden coding.
I've been asked why I still follow a few of the people I know on Facebook with 'interesting political habits and view points'.
It's so when they comment on or approve of something, I know what pages to block/what not to vote for.
It's so when they comment on or approve of something, I know what pages to block/what not to vote for.
- Ace Pace
- Hardware Lover
- Posts: 8456
- Joined: 2002-07-07 03:04am
- Location: Wasting time instead of money
- Contact:
Re: Programming question for a story idea.
Easy, happens in Linux world. Random example.Lord Revan wrote: ↑2020-06-12 06:39pm I was wondering for a story how realistic would it be for someone to sneak a computer virus as an official OS patch, as in trying to sneak a virus into a system by making it think it was downloading an official update even in truth it was downloading the virus. Would this be "not worth the cost" even for a state actor?
In Windows, this last seriously happened in 2012, Flame used it for lateral movement but could have used it in an internet scale attack (given DNS compromise).
The Curveball vulnerability from 2020 could also have (nearly!) allowed attackers to spoof Windows patches (but Flame made them super paranoid and they mitigated it)
Brotherhood of the Bear | HAB | Mess | SDnet archivist |