Malware

From APIDesign

(Difference between revisions)
Jump to: navigation, search

JaroslavTulach (Talk | contribs)
(New page: At the end of May 2020 the GitHub guys announced a Malware attacking developer machines via NetBeans Ant based projects. See [https://securitylab.github.com/research/octopus-sc...)
Next diff →

Revision as of 06:22, 1 June 2020

At the end of May 2020 the GitHub guys announced a Malware attacking developer machines via NetBeans Ant based projects. See The Octopus open source supply chain article.

Don't Blame the Editor!

I have to admit I am not sure I should be ashamed or happy? Helping spreading viruses isn't really something one should be proud of, but at the end NetBeans IDE itself is quite innocent here. The attack doesn't use the NetBeans code itself, it just modifies files written down by the IDE. It knows the layout of the files, it knows their structure and knows what to modify to spread itself. Blaming NetBeans for that is just like blaming your *Makefile* editor for saving files that get later modified and do a harm your computer. The problem isn't the IDE nor the editor, the problem is that the developer has allowed an untrusted code to run on own computer and modify local executable files.

Personal tools
buy