WSL Windows Malware Steals Browser Cookies, Deploys Remote Access Trojan

Posted in Deception, GNU/Linux, Microsoft, Security, Windows at 5:46 pm by Guest Editorial Team

Guest post by Ryan, reprinted with permission from the original

WSL Windows malware steals browser cookies, deploys Remote Access Trojan.

Microsoft has spent a lot of time and money trying to Embrace, Extend, and Exterminate GNU/Linux. First, they decried it a cancer and Communism.

Then they released seed money for a failing company called SCO to raise all kinds of hell with vexatious litigation, which was the subject of an entire blog following the incident for many years, called Groklaw.

Then they realized that the reason professionals don’t like Windows is that it’s not very technically sound and isn’t powerful enough to actually use for many important tasks.

In fact, even more than a decade ago when I was making my own custom Linux kernels to use on top of Ubuntu, the default number of processors supported by their kernel was 512, and in Windows today, although it supports more than 64 processors today, it becomes such a scheduling disaster, that if you need to run such a system, you probably don’t want to use Windows.

I pared down the Linux kernel because I was just using it on my quad core PC and backporting some graphics code and stuff.

The fundamental reasoning behind the Windows Subsystem for Linux is deeply flawed and shows that Microsoft fundamentally misunderstands the problem that they claim it solves, and maybe they’ve just lost their marbles and don’t realize what decade this is and that they can’t keep trotting out the obsolete Windows battlewagon that’s had its day and isn’t looking so good.

They’ve even lost Paul Thurrott, whose sole income appears to be praising Microsoft on his blog. He’s been writing articles on everything from bashing how pushy their browser Edge is to pointing out what a dog their developer kit for their latest half-assed ARM transition is.

Seriously, they’re trying this again, and it’s barely powerful enough to overcome Windows and run at all (you can look at what people are saying about it running slowly all over the place….too many to list here), so I suppose you can basically forget about x86 software. Some splogs promise Windows on ARM will be “different this time”, but Microsoft seems to be screwing it up the exact same way Windows RT went.

Nobody wanted them because they were wimpy on the specs and didn’t have a strong showing of compatible software.

But back to WSL. Why would anyone use it?

Well, Microsoft’s original botched attempt (retconned as WSL1) was essentially to pay some clowns they have to write a crappy Microsoft approximation of a Linux kernel without really understanding how the Linux kernel worked, and that went as well as it sounds.

So they started over and redid “WSL2” as a real Linux kernel (and a very old one, at that) running on their Hyper-V system. And so it’s basically a virtual machine with integration into the host.

The upsides are that it performs a bit better (but nowhere near as well as GNU/Linux operating systems running natively on the hardware in question) and is more compatible.

The downside is, well, when you implement a “Linux” VM on top of Windows, you don’t give Windows the strengths of “Linux”.

You make a “Linux” system that has the failings of Windows. Namely, that Windows has lousy performance on just about any computer and is absolutely overflowing with malware.

Microsoft is also taking the opportunity to “extend” “Linux” so that applications can use Windows-only technologies that are NOT Linux-compatible.

In this way, it’s basically a rehash of the Microsoft “Java” VM, where they gutted it of all of the cross-platform JAVA stuff and shoved in things that only worked on Windows. But they’ve sharpened their knives a little and they’re doing it in a way where people will not sue them this time.

Whether they comply with the software licenses or not is, at this point, irrelevant, in many cases, because they’ve bought off the foundations that manage major open source infrastructure (and in some cases, rather cheaply. Less than $50,000 got them the Raspberry Pi Foundation cramming Microsoft programs into your Pi…..).

You can’t kill the devil while he’s the one that’s paying the bills.

Microsoft knows this.

So WSL and Influence Peddling are just Phase III of their attack on open source software. This time they say they’re going to “kill us with kindness”. But the emphasis should be on the killing part. Broadly, I group their previous two attempts as trying to pretend it doesn’t exist with the occasional bucket ‘o FUD (Phase I) and then seeding SCO’s meritless lawsuits with a $20 million bailout to a bankrupt company for a “Unixware” license they almost certainly didn’t use anywhere. (Phase II)

Although WSL is a massive new liability for Windows users, as all of these WSL viruses are coming around, Microsoft is trying to “make hay while the sun is shining” from the fact that they’ve added attack surface to their own OS and created a new security nightmare for their own customers, by painting WSL malware as “Linux” and “open source”.

I’ve been using GNU/Linux regularly since Vista came out and chased me away from Windows, but longer than that, and I’ve always felt creeped out when I was running Windows, mainly because there’s so much malware, and not much security other than lip service and theater, and the fact that “SmartScreen” and “Defender”, and “Telemetry” are built-in malware and keyloggers, but I have not felt creeped out when I was running GNU/Linux.

Most of the security problems facing Windows users simply do not affect GNU/Linux unless the user goes through some great effort to install malware through some actions that are both unwise and cautioned against, and as for the “you wake up and it’s just there and all your files are encrypted” issues with Windows, which keep occurring, that also tends not to happen to GNU/Linux for a multitude of reasons.

I’d imagine the fact that there’s 10 times less code in a fully functional GNU/Linux OS, which even comes complete with a freaking office suite that isn’t some idiotic trialware has something to do with that, but it’s also that it’s well documented that open source software has less bugs in general and patches roll out to the users for the critical stuff a lot faster too, and the official package managers check to see that the software you want isn’t tampered with or corrupt, before they install it.

And with Windows, a lot of people go and brick the update system (on purpose) because they never know what broken updates are coming down the pipe, or if their computer will even reboot when it gets done installing them. It happens so often that every month there’s articles about Microsoft pulling back broken updates, in addition to the usual security mess.

Why would anyone trust this company to do something like WSL?

In closing, I’d like to thank Bleeping Computer for calling out Windows and WSL in this. It’s something that just doesn’t happen that often because Microsoft pays “journalists” good money to not have their products and their company associated with the problems they create.

The particular RAT malware that this article talks about displays a pop-up eventually, in Turkish, on the Windows desktop, which translates to “you’re screwed and there’s not much you can do.”.

Well, I hope you have backups.

You can recover from them while you’re installing a different operating system. And then it shouldn’t happen again.

You can do something about this malware today.

You can switch to a robust operating system that is hardened against these kinds of attacks.

But none of those operating systems are from Microsoft.

Windows on ARM is some sort of pipe dream that someone at Microsoft keeps having.

“Wouldn’t it be nice if we could start over on hardware that’s not a complete disaster and get good power efficiency, and not be tied down by this legacy crap?”.

Nice for them maybe, but once you detach Windows from legacy software, there’s no longer any point in running it, and Intel is an inseparable part of that legacy.

The problem for Microsoft is that users are voting with their feet and leaving in droves. Everyone from Statcounter to Pornhub can tell you that.

Calling Windows the future of operating systems is like calling Sears the future of retail.

Another Way to See Latest Gemini Activities

Posted in Site News at 5:30 pm by Dr. Roy Schestowitz

Video download link | md5sum 163a583485caf9b4839fea3d011d9add
Gemini Zeitgeist
Creative Commons Attribution-No Derivative Works 4.0

Summary: Zeitgeist for the ‘planetary system’ of Gemini capsules isn’t a new challenge but an ongoing effort; we’ve had another go at it

WE have only just created this new Gemini page, which will be updated every 3 hours and display new updates (such as posts or photos) from Geminispace.

Search engines in Geminispace are under-developed and lack depth. Moreover, sorting results by time of publication is not possible, which means that syndication (not standardised) becomes desirable if not essential. In an effort to keep things tidy we keep enhancing our so-called ‘Planet’. The above shows an aggregation of up to 72 hours, with results grouped or clustered for easier digestion by theme/type. Updates are moreover announced in IRC and the latest commits can be found in Git.

Links 29/05/2022: 4MLinux 39.1, Invalidity of Some US Software Patents

Posted in News Roundup at 1:58 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Kernel Space

      • Linux Plumbers Conference: Microconferences at Linux Plumbers Conference: Service Management and systemd

        Linux Plumbers Conference 2022 is pleased to host the Service Management and systemd Microconference.

        The focus of this microconference will be on topics related to the current
        state of host-level service management and ideas for the future.

        Most of the topics will be aroind the systemd ecosystem as the most widely adoped service manager. The Service Management and systemd microconference also welcomes proposals that are not specific to systemd so we can discover and share new ideas on how to improve service management in general.

      • inttf-kernel – Clear Linux kernel for Fedora 36 users – If Not True Then False

        This is a project I’ve been working on lately. Build Clear Linux kernel for Fedora users. All Clear Linux patches and almost full kernel config are working currently. Only minor changes to get modprobe, hostname, fbdev, etc. working on Fedora. This is currently still at testing stage and not recommend on any production environment(s). Also remember backup all important data!

      • Paul E. McKenneyStupid RCU Tricks: How Read-Intensive is The Kernel’s Use of RCU?

        RCU is a specialized synchronization mechanism, and is typically used where there are far more readers (rcu_read_lock(), rcu_read_unlock(), rcu_dereference(), and so on) than there are updaters (synchronize_rcu(), call_rcu(), rcu_assign_pointer(), and so on). But does the Linux kernel really make heavier use of RCU’s read-side primitives than of its update-side primitives?

        One way to determine this would be to use something like ftrace to record all the calls to these functions. This works, but trace messages can be lost, especially when applied to frequently invoked functions. Also, dumping out the trace buffer can perturb the syatem. Another approach is to modify the kernel source code to count these function invocations in a cache-friendly manner, then come up with some way to dump this to userspace. This works, but I am lazy. Yet another approach is to ask the tracing folks for advice.

        This last is what I actually did, and because the tracing person I happened to ask happened to be Andrii Nakryiko, I learned quite a bit about BPF in general and the bpftrace command in particular. If you don’t happen to have Andrii on hand, you can do quite well with Appendix A and Appendix B of Brendan Gregg’s “BPF Performance Tools”. You will of course need to install bpftrace itself, which is reasonably straightforward on many Linux distributions.

      • WCCF TechIntel adds Arc GPU, Rocky Linux, & multi-GPU functionality support to oneVPL 2022.1

        Intel recently updated the oneAPI Video Processing Library, also known as oneVPL, to version 2022.1. The new update changes Intel’s focus on VA-API and Media SDK to the current standard of oneAPI acceleration.

    • Applications

      • HackadayAnnotate PDFs On Linux With PDFrankenstein | Hackaday

        On Windows and Mac machines, it’s not too troublesome to add text or drawings (such as signatures) to PDF files, but [Mansour Behabadi] found that on Linux machines, there didn’t seem to be a satisfying way or a simple tool. Being an enterprising hacker, [Mansour] set out to fill that gap, and the way it works under the hood is delightfully hacky, indeed.

        The main thing standing in the way of creating such a tool is that the PDF format is a complex and twisty thing. Making a general-purpose PDF editing tool capable of inserting hyperlinks, notes, images, or drawings isn’t exactly a weekend project. But [Mansour] didn’t let that stop him; he leveraged the fact that tools already exist on Linux that can read and create PDF files, and tied them all together into what was at one point “a horrific patchwork of tools” which inspired the name pdfrankenstein.

      • PulseAudio 16.0 Released with Bluetooth Battery Level Reporting

        PulseAudio 16.0 release brings a handful of changes across its components.

      • LinuxiacPulseAudio 16 Released with Bluetooth Battery Level Reporting Support

        The freedesktop.org project announced the release of the PulseAudio 16.0 sound server with some new features. So let’s take a look at what’s new and enhanced.

        PulseAudio is a general-purpose sound server designed to act as a bridge between your programs and hardware devices that support ALSA or OSS. Furthermore, if Avahi is enabled, it can provide simple network streaming across local devices.

        Although PipeWire has grown in popularity in recent years and is currently the primary choice for a sound server in many Linux distributions, PulseAudio is not yet out of the game and is still evolving. And its most recent release, PulseAudio 16, proves this.

      • Linux Links12 Best Free and Open Source Linux PDF Viewers

        Fortunately, there are some excellent open source alternatives to Adobe Acrobat Reader DC. The software featured in this article offer more than displaying PDF files; many are versatile document viewers.

        Here’s our verdict on the PDF viewers. We only include open source software here.

    • Instructionals/Technical

      • Ubuntu HandbookHow to Enable WebP Image File Support in Ubuntu 22.04 | 20.04

        Got some photo images in .webp file format? Here’s how to open them with system default image viewer (and other GTK apps), and generate image thumbnail in File manager in Ubuntu 22.04 & Ubuntu 20.04

        Webp is an image file format developed by Google. It supports both lossy and lossless compression, as well as animation and alpha transparency. The file format has smaller size while keeping good image quality.

        You may view the WebP images in Linux via many applications, such as Firefox, Chrome and gThumb. But, that’s not enough! Files (aka nautilus file manager) does not show image thumbnail for webp, and image annotation tools may not open and save images in that file format.

        So, this open-source library is present to deal with WebP support for GTK applications.

      • Linux CapableHow to Install/Enable EPEL/EPEL Next on AlmaLinux 9
      • ID RootHow To Change Timezone on Ubuntu 22.04 LTS

        In this tutorial, we will show you how to change the timezone on Ubuntu 22.04 LTS. For those of you who didn’t know, Ubuntu server users, the time zone by default is not set. However, desktop users with an active Internet connection may automatically set up this. Providing correct Timezone information is essential for performing different system-related tasks. Also, when you set up automatic corn jobs that depend upon the Timezone of your system, providing inaccurate information can cause problems.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step change of the timezone on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

      • Make Use OfHow to Easily Create QR Codes on Linux

        A QR code is a type of barcode that stores information and is read using a digital device, including smartphones. If you’ve been to convenience stores or cafés, you’d have probably seen QR codes there for receiving payments or sharing Wi-Fi passwords, among other things.

        But that’s not all. QR codes have other useful applications in today’s world. For instance, you can use QR codes to share access to your home Wi-Fi with guests or to share your contact card.

        Follow along as we explain how to create QR codes on Linux using qrencode.

      • How to setup an Nginx reverse proxy server example

        Most enterprise architectures use a single, reverse proxy server to handle all incoming requests.

        The proxy server then inspects each HTTP request and identifies which backend system, be it an Apache, Tomcat, Express or NodeJS server, should handle the request.

        The reverse proxy then forwards the request to that server, allows the request to be processed, obtains a response from that backend server, and then send the response back to the client.

        That is the function an Nginx server configured as a reverse proxy would serve.

    • Games

    • Desktop Environments/WMs

  • Distributions and Operating Systems

  • Leftovers

    • Defence/Aggression

      • Daniel PocockDaniel Pocock: Surviving a crowd crush at Dublin airport

        On Saturday, Dublin airport officials were in the news promising to resolve the problems at the airport. Yet on Sunday things only got worse, dramatically, airport security and police overwhelmed by a crowd.

        The airport has become so dysfunctional that there are crowds outside on the road, reminiscent of the scenes outside Kabul airport when America abandoned Afghanistan.

    • Monopolies

      • Patents

        • Board of Appeal agrees that the description amendment requirement lacks legal basis (T 1444/20)

          Following the excitement over T 1989/18, there has been a second Board of Appeal decision finding a lack of legal basis for the requirement to amend the description in line with the claims. The decision in T 1444/20 found that it was not necessary for the applicant to delete claim-like clauses and redundant subject matter from the description, given that the claims were clear without need for recourse to the description. The decision in T 1444/20 however, follows a flurry of Board of Appeal decisions that contradicted T 1989/18 and did find legal basis for the requirement to amend the description in Article 84 EPC. Where does this all leave applicants faced with onerous description amendment requests in Examination?

        • LexologyOnerous EPO Guideline for description amendments remain [Ed: The Boards of Appeal are still kangaroo courts in the EPO]

          In January 2022 we reported on decision T 1989/18, published in December 2021, which found there to be no legal basis for refusing an application on…

        • Equitable IP’s Optic153 adverse judgment granted

          On May 23, 2022, the PTAB entered adverse judgment with respect to claims 1, 16, 19, 21, and 22 (all challenged claims) of U.S. Patent 6,115,174, owned by Optic153 LLC, an Equitable IP entity, in IPR2021-00932 filed by Unified Patents. After the PTAB instituted trial, Optic153 filed a statutory disclaimer with the USPTO disclaiming the challenged claims. The PTAB treated Optic153′s disclaimer as a request for adverse judgment as to the challenged claims and granted the request.

      • Software Patents

        • $3,000 awarded for Gridley IP prior art

          Unified is pleased to announce PATROLL crowdsourcing contest winners, Mani Manikandan and Kartikeya Srivastava, who split a cash prize of $3,000 for their prior art submissions for U.S. Patent 8,676,668. The patent is owned by by Gridley IP LLC, an IP Edge entity. The ’668 patent generally relates to mapping population activity by discerning a location, speed, and direction of wireless mobile devices within a geographic region. It has been asserted against Waitr, Route4Me, WorkWave, Instacart, Doordash, NeighborFavor, Cabconnect, Zum Services, HopSkipDrive, SuperShuttle, and Flywheel Software based on their respective delivery and ridesharing services and apps.

        • Lauri Valjakka prior art found, $2,000 awarded

          Unified is pleased to announce PATROLL crowdsourcing contest winner, Ramesh Varadharaj, who was awarded a cash prize of $2,000 for his prior art submission for U.S. Patent 8,495,167. The patent is owned by Lauri Valjakka, an NPE. The ’167 patent generally relates to data communication networks and has been asserted against Apple, Google, Sony, Microsoft, Netflix, Cisco, Amazon, and Akamai Technologies.

        • $3,000 for Dynamic IP Deals entity Escapex IP prior art

          The ’113 patent relates to generating artist-specified dynamic albums.

        • Mirror Imaging patent likely invalid

          The ‘275 patent is generally related to financial document retrieval and storage systems and has been asserted against Bank of America, Wells Fargo, JP Morgan Chase, Citigroup, Capital One, PNC Bank, BancorpSouth Bank, and others.

        • $12,000 for Atlantic IP Services sub, Ollnova Technologies, prior art

          On May 25, 2022, Unified added 4 new PATROLL contests, with a $3,000 cash prize for each, seeking prior art on the list below. The patents are owned by Ollnova Technologies Limited, an NPE and Atlantic IP Services subsidiary. The contests will all end on September 16, 2022. Please visit PATROLL for more information or click on each link below.

      • Trademarks

        • Precedential No. 14: TTAB Allows Amendment to Applicant’s Goods, Dismisses 2(d) Opposition to LUX ENHANCER

          The Board has re-designated as precedential its March 22, 2022 decision denying Opposer Conopco’s motion to re-open its discovery and trial periods, granting applicant’s motion to narrow its identification of goods, and dismissing this Section 2(d) opposition to registration of LUX ENHANCER for certain hair care products in view of Conopco’s registered mark LUX (Stylized) for “soap and body cleansing wash.” Conopco, Inc. v. Transom Symphony OpCo, LLC DBA Beauty Quest Group, Opposition No. 91256368 (Redesignated May 23, 2022) [precedential].

When You Piss Off Your Core Audience

Posted in Marketing, Microsoft at 11:34 am by Dr. Roy Schestowitz

Phoronix homepage

Summary: With a total of 5 comments today (a lot less than it used to be), as shown above, maybe it’s time to better understand that sponsored coverage and Microsoft news isn’t what people typically came to the site for

Video: Antonio ‘F’ Campinos in His Very Own Words

Posted in Europe, Patents at 10:48 am by Dr. Roy Schestowitz

Video download link | md5sum d26c51fcea3c9a0de4af4dd32b6837d0
Antonio F Campinos
Creative Commons Attribution-No Derivative Works 4.0

Summary: A year-old video of the EPO’s kakistocrat in chief shows potentially offensive language difficulties (the videos are unaltered; must be seen to be believed!)

EARLIER this month something exceptionally bad happened because the self-described "Mr. Nice Guy" became outwardly rude and vulgar. He clearly violated the Code of Conduct of the Office (no worries! He’s immune!) and no longer attacked people just “politely” (like plundering staff using official paperwork… like a boss).

It’s no secret that EPO President António Campinos speaks several languages (though he did try to conceal his dual nationality), but his English leaves much to be desired. And sure, he also does not speak German, unlike his staff, and he’s working in Germany. It’s just another Benoît Battistelli. He’s a misfit professionally, too. There’s a gross lack of experience and qualifications.

“There’s a gross lack of experience and qualifications.”Recently Campinos was throwing “f bombs” at staff, so the above talk he gave one year ago (Invidious instance) is kind of interesting. Here are a couple of examples in isolation (he does this at 18:20 and again at 19:54):

But Tony, we hardly even know each other!!

A minute and a half later:

Mind you, this is scripted. He could audition and/or redo it. But he did not. Twice.

“The EPO has an image/reputation problem because of kakistocrats, not because of the staff union.”This kakistocrat does a very poor job representing not just the EPO but also Europe. He’s very mechanical as he speaks and he moves his hands all over the place.

What’s seen above is part of a generally lousy talk. Much remains to be said about it. After that he is promoting European software patents under the guise of “Hey Hi” (AI), as usual, as we saw before. He also promotes illegal, unconstitutional "ViCo".

The EPO has an image/reputation problem because of kakistocrats, not because of the staff union.

[Meme] Illegally Forcing ‘Unification’ in Europe

Posted in Deception, Europe, Humour, Law, Patents at 9:33 am by Dr. Roy Schestowitz

Repeat the lies, every year…

I'm Curious; How does litigation EU-wide help SMEs? Nappa, don't chu understand?? I understand alright... you're lying to me

Summary: Do not be misled by words like “unified” or “unitary” (or “united”, “unity”, “harmony” etc.); what the EPO and Team UPC (law firms pushing the dead and legally invalid UPC proposal) strive to do isn’t just illegal for at least a handful of different and solid reasons, it is also unconstitutional in many nations; patent “invasion” or “occupation” better describes what’s happening here

The Travesty of the Web as a Disinformation Machine of Patent Litigation Maximalists

Posted in Deception, Europe, Patents at 8:50 am by Dr. Roy Schestowitz

Video download link | md5sum ca1223d60cadd8629be622c49d344641
UPC Web of Lies
Creative Commons Attribution-No Derivative Works 4.0

Summary: With journalism waning if not dying perhaps we should expect lobbyists and PR agencies to fill the vacuum; in the domain of patents we’re seeing the worst elements stealing the narrative and pushing illegal proposals without any parliamentary debates

THE above video, a long clip regarding the annotated screenshots published this morning, walks through some of the tactics of Team UPC (a tightly-knit cabal of litigation firms working to further their own financial agenda at the expense of everyone else). We’re asked to make many false assumptions, we’re being deliberately lied to, and people who call themselves “journalists” are in fact paid agents of propaganda, bankrolled by Team UPC.

“UPC is clearly not legal, but nothing stops Team UPC from doing what’s illegal. Who’s going to punish them? Politicians?”A proper, functioning society cannot coexist with this sort of abuse. In the same way EPO staff was oppressed by Benoît Battistelli (and now by his friend, António Campinos) we risk further oppression — even litigation — from megacorporations that aren’t inventive and aren’t European. This is exactly what Team UPC wants; litigation is its ‘bread and butter’.

Finally, as noted earlier, more people need to get involved. At the very least people can contact their elected officials and explain to them what’s going on. A lot of them got bamboozled by lobbyists and lobbying in the media. UPC is clearly not legal, but nothing stops Team UPC from doing what’s illegal. Who’s going to punish them? Politicians?

Patent litigation firms are people!
He was speaking out of his backlog

[Meme] Unitary and Harmonised Injustice

Posted in Courtroom, Europe, Law, Patents at 7:01 am by Dr. Roy Schestowitz

UPC 'Fair' Trial By ViCO
Reducing the standards of common patent courts to kangaroo courts controlled by EPO (with diplomatic immunity)

Summary: Lukashenko's business partners Benoît Battistelli and António Campinos want to take the law into their own hands, with criminals from Microsoft as business partners

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts