back to article FireEye calls Shim-anigans: Bank-raiding hackers switch tactics

A group of money-grabbing cybercrooks have switched up their tactics in a pretty interesting way, we're told. Buckle up and let us explain. FIN7, whose stock in trade is targeting financial institutions through phishing emails, previously relied on a malicious Windows service to plant the Carbanak backdoor on targeted systems …

  1. Anonymous Coward
    Anonymous Coward

    And yet, they keep using it.


    Enough said.

  2. Kraggy

    So yet another example of a fatuous O/S design element .. API hooking .. is exploitable.

    It's sad for the PC world that professional software developers weren't involved in designing Windows and that IBM lost out to Microsoft in the NT vs OS/2 fight.

    It's noteworthy that 'legacy' mainframe systems never contained such ridiculous architectures, leastwise not when I was working on them a couple of decades ago.

    1. Anonymous Coward
      Anonymous Coward

      Yep, that's Unix for you (Windows nowadays is just a fancy GUI on Unix). I reckon Apple's IOS will have the same issues since yes, they also built their GUI on a Unix system.

      AC because of all the down votes I'm about to get saying Unix is insecure !!!

    2. Anonymous Coward
      Anonymous Coward

      This kind of abusable functionality is not something that's unique to Windows.

      This would be the equivalent of installing custom exits or SVCs on OS/390 or z/OS.

      Or adding stuff to the config on Linux.

      OS/2 has similar mechanisms as well...

  3. Mike Moyle Silver badge

    "The switch in the group's approach from its previous reliance on spear-phishing to a more DevOps-slanted approach..."

    So, will FIN7 be presenting at your CLL conference this year?

  4. cbars Silver badge

    Surely 'we' know enough by now

    I've heard of secure programs, which are mathematically proven as such. I assume this is done by awesome boffins who are able to execute/validate every possible code path and input variation to check for unintended behaviour.

    It would be a mammoth task, but surely it's do-able to write an operating system that cannot be broken. Fine, the applications can be broken/crashed/intercepted whatever - but cant we have an OS that can demonstrably separate applications so they cannot interfere with one another? A browser can access the internet, send data to a printer - but those are separate applications and that action cannot result in new code being executed by the machine..... can't we? argh!

    Dynamic code execution (macros/javascript) must happen within the confines of the parent application permissions, get killed when it does, and can't go off and install a persistent keylogger in the firmware.

    A change occurred in an applications code due to some data input? Hmm, that doesn't seem right as the user hadn't initiated an update for that application > quarantine and alert user (obviously this could only happen with hardware compromise, like rowhammer)

    What's that? Your app re-writes its own code as part of normal operations? Not in this world mate, jog on.


    Wakes up from dream

    1. -tim

      Re: Surely 'we' know enough by now

      The core concept of a Von Neumann architecture computer is the ability to use the same memory for code and data and the OS simply looks at a user program as data that it can point to with a program counter. The alternative Harvard architecture machines are ever decreasing as today they are being phased out of GPUs which leaves them only in FPGA and some odd hacks of chip cards.

      Multics which preceded Unix had shared libraries and dynamic linking. The ability to easily insert shim code in Unix dates back to its the early days of the shared library and the evil LD_LIBRARY_PATH variable which showed up in early versions of the portable C compiler which dates to the mid 1970s. There isn't anything that says you have to use but your compiler would prefer it add it in.

  5. tedleaf

    Bugger it all,let's go back to the abacus and bullion as currency,it can't be any more insecure than the mess that so called "experts" have managed to foist on the world..

    We might even get a useful side effect in that we might get stock markets back to doing and working as they were meant to in the first place..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020