Several antivirus vendors have spoken
Posted: Sun Feb 09, 2025 4:11 am
According to the experts, the method they developed allows any malware to be launched undetected in Windows 10, which opens up certain prospects for attackers until an effective mechanism for protecting PCs with Windows 10 and WSL is developed. This method is called bashware, since it uses the bash command shell, through which Linux applications are launched.
to Motherboard about the situation. Symantec has assured that its protection can detect malware created using WSL. Kaspersky Lab has said that it will make the necessary changes to its products in 2018.
According to Check Point engineers Gal Elbaz and Dvir Atias, the creators of antivirus software did not pay much attention to WSL because they believed that this subsystem should be activated manually. Since the ability to run Linux applications on Windows is mainly needed by developers, a relatively small number of users enable it. As Microsoft itself reports, to do this, you need to activate the developer mode, install the component, reboot the device, and then deploy WSL.
Bashware automates these steps and lebanon mobile database the new feature automatically. To enable developer mode, it is enough to change a few registry sections. This can be done in the background, unnoticed by the user. As for the reboot, the hacker can either wait until the victim turns off the computer, or initiate a critical error that will cause the OS to reboot. Then bashware downloads the necessary environment, created on the basis of Ubuntu, and launches malware in it. WSL drivers can be downloaded to the computer manually and without rebooting, this method is currently being improved.
to Motherboard about the situation. Symantec has assured that its protection can detect malware created using WSL. Kaspersky Lab has said that it will make the necessary changes to its products in 2018.
According to Check Point engineers Gal Elbaz and Dvir Atias, the creators of antivirus software did not pay much attention to WSL because they believed that this subsystem should be activated manually. Since the ability to run Linux applications on Windows is mainly needed by developers, a relatively small number of users enable it. As Microsoft itself reports, to do this, you need to activate the developer mode, install the component, reboot the device, and then deploy WSL.
Bashware automates these steps and lebanon mobile database the new feature automatically. To enable developer mode, it is enough to change a few registry sections. This can be done in the background, unnoticed by the user. As for the reboot, the hacker can either wait until the victim turns off the computer, or initiate a critical error that will cause the OS to reboot. Then bashware downloads the necessary environment, created on the basis of Ubuntu, and launches malware in it. WSL drivers can be downloaded to the computer manually and without rebooting, this method is currently being improved.