[Cryptography] Is "drivers for foo" a major malware vector?
Ray Dillinger
bear at sonic.net
Mon Apr 18 19:13:33 EDT 2016
I don't know how I can be any clearer about this. What is the
cognitive barrier that is making the actual issue here go straight
past people?! Okay one more time for people who aren't paying
attention:
I was not looking for a device driver.
I do not want a device driver.
I do not need advice about where legitimate device drivers can be
found.
The device I am trying to replace was specifically designed to have
no requirement of any driver.
The manufacturer never made any such driver.
No such driver exists.
No such driver ever existed.
What I'm asking -- the real issue here -- is why nobody has
been saying anything at all about this enormous malware vector
operating right out in the open?! There are literally
*hundreds* of sites out there brazenly offering downloads of
software they do not have - which they cannot possibly have,
because there is no such software!
There is something which they are pretending is software
that some people will want. They have SOMETHING they want
people to download and install. With admin privilege, of
course!
It buggers my imagination that all of these hundreds of sites,
operating openly and with brazenly transparent lies, are
representatives of an entire industry spreading malware and
that NOBODY SO FAR HAS SAID ANYTHING ABOUT THEM!
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160418/ddb5c731/attachment.sig>
More information about the cryptography
mailing list