Tag Archive for: Rust

This malware has been rewritten in the Rust programming language to make it harder to spot

/in


Phishing emails claiming to be from a delivery company are being used to deliver a new version of a form of malware which is used to deliver ransomware and other cyber attacks.

Buer malware first emerged in 2019 and is used by cyber criminals to gain a foothold on networks which they can exploit themselves, or to sell that access on to other attackers to deliver their own malware campaigns, most notably, ransomware attacks.

Now cybersecurity researchers at Proofpoint have uncovered a new variant of Buer which is written in an entirely different coding language to the original malware. It’s unusual for malware to be completely changed in this way, but it helps the new campaigns remain undetected in attacks against Windows systems.

The original Buer was written in C programming language, while the new variant is written in Rust programming language – leading researchers to name the new variant RustyBuer. “Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities,” said Proofpoint.

RustyBuer is commonly delivered via phishing emails designed to look as if they come from delivery company DHL, asking the user to download a Microsoft Word or Excel document which supposedly details information about a scheduled delivery.

SEE: Network security policy (TechRepublic Premium)

The delivery is in fact fake, but cyber criminals know that the Covid-19 pandemic has resulted in more people ordering more items online, so messages claiming to be from delivery companies have become a common trick to lure people into opening malicious messages and downloading harmful files.

In this instance, the malicious document asks users to enable macros – by asking them to enable editing – in order to allow the malware to run. The fake delivery notice claims that the user needs to do this because the document is ‘protected’ – even using the logos of several anti-virus providers in an effort to look more legitimate to the victim.

If macros are enabled, the RustyBuer is delivered to the system, providing the attackers with a backdoor into the network and the ability to compromise victims with other…

Source…

Mozilla-backed Rust language stabilizes at version 1.0

/in

New programming languages come and go. Most of them remain nothing more than academic toys or niche novelties. Rust, development of which is sponsored by Mozilla, might be one of the exceptions. The new language reached the 1.0 milestone today, marking the point at which its feature set is stabilized and developers can start to use it without having to worry too much about their code getting broken by a major change.

Rust is an attempt to offer the performance and control of a language like C or C++, while making it much harder to write the kind of security-compromising bugs that are abundant in those languages. Key to this is the language’s handling of memory and memory management.

Some of the biggest problems with C come from mishandling memory; predominantly reading or writing more data to a block of memory than the block of memory contains, reading or writing from blocks of memory that have been deallocated. Environments such as Java, .NET, and JavaScript handle these through a combination of bounds checking—ensuring that every attempt to read and write memory is constrained to the memory that has been allocated—and garbage collection—ensuring that memory is deallocated only once all the references to the memory (through which reads and writes are performed) are destroyed.

Read 7 remaining paragraphs | Comments


Ars Technica » Technology Lab