New malware uses Windows Subsystem for Linux (WSL) for stealthy attacks on Windows

Bleeping Computer ^ | September 16, 2021 | By Ionut Ilascu

[ShadowAce]

oops—I just posted it also

[ShadowAce]

[Openurmind]

I will ask to have mine pulled Ace... Yours still up?

[ShadowAce]

No—mine got pulled

[Openurmind]

OK, thank you! Sorry about that!

Thank you for the Ping! :)

[Gideon7]

Since WSL 2 basically is the Linux kernel tacked on to Windows it is going to be vulnerable to Linux viruses.

[Still Thinking]

So....you’re saying....when Microsoft does Linux, it ceases to be secure. Hmmm.....\

[Openurmind]

From what I understand it is not a “Linux Virus” that can even affect Linux. It is bad actors using Linux to exploit holes in what windows thinks is their own safe version of Linux experience to attack windows, not the Linux. Windows can’t even do Linux without still having holes in their windows software. lol

[Openurmind]

Lol... That is what it looks like. :)

[Myrddin]

It's easy to spin up a Linux VM using WSL2. If you do that, you need to spend the time to secure the new OS running inside WSL2. It presents a whole new attack surface and a platform for attacking the host. Toss in some Docker (podman) containers, and there is plenty of room for mischief.

[Openurmind]

I think it is wiser to just dual boot a Linux. :)

[Myrddin]

I currently have work that requires Docker containers on Windows and Linux with kubernetes connections. I'm running a dedicated Ubuntu VM to host a "minikube". The Windows side is a dedicated Windows Server 2019 DataCenter with Docker EE for the container. Getting the kubernetes worker node working on the Windows VM has been a problem. The code development platform is a Windows 10 Pro 20H2 VM with the latest Docker running over the WSL2 runtime, but only in Windows container mode. The kubernetes work is complicated by the VMware Workstation host for the VMs. The maintainers of the worker node script have a different target platform, so lots of tweaking is necessary get the scripts to work as intended.

Docker on WSL2 can either host Windows containers or Linux containers, but not both concurrently. The containers are going to end up in an AWS or Azure cloud whenever the customer makes a decision.

[Paal Gulli]

It takes someone with the technical brilliance of Bill Gate to make such a disaster out of Linux.

[MikelTackNailer]

I still can’t see the appeal of running Linux on Windows when dual-booting is relatively easy using the real deal (in over a dozen variants). Now we have a perfectly good reason to avoid this novelty altogether.

[dayglored]

> I still can’t see the appeal of running Linux on Windows...

Simple. Windows as a desktop environment is far more compatible with the business and engineering worlds than Linux. But Linux is far better for software development. So, for decades, Windows software developers have suffered with the Windows-based software development tools -- they're good, don't get me wrong, but they're not anywhere near as good as the standard Unix/POSIX/Linux toolsets.

So the reason to run Linux within Windows is that you get the best of both worlds -- simultaneously, which you don't get with dual/multi-boot. And if you have a Windows mindset, it's the way to go.

Personally, I have a POSIX mindset, so I do it the other way -- Linux is my desktop, and I have an RDP session always open to my Windows VM for the Windows business tools. The reason I do that is that IMO Linux has better multi-workspace handling, and I typically have 6-8 workspaces going concurrently. If I only needed one or two, I'd consider trying Windows for the desktop and Linux via the Subsystem.

[dayglored]

Linux on Windows... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to ShadowAce for the ping!

[Bikkuri]

Knowing Micro$uck, I am sure it was intentional.. :P

[Openurmind]

Well said. My source told me this...

“Microsoft rewrote Linux... the first thing that was going to happen (of course), is that it would get malware”