Father
Professional
- Messages
- 2,602
- Reaction score
- 785
- Points
- 113
The hackers plans have gone to waste, and now the developer community is fully prepared.
Binarly, a software security company, has developed a free online scanner to identify Linux files affected by the XZ Utils supply chain attack, designated CVE-2024-3094.
CVE-2024-3094 represents a supply chain compromise in XZ Utils — a set of data compression tools and libraries used in many major Linux distributions.
The discovery of malicious code in the latest version of the XZ Utils package occurred by Microsoft engineer Andres Freud during an investigation of slow SSH login in Debian Sid.
The malicious code was added by an anonymous member of the development community to XZ version 5.6.0 and persisted in 5.6.1, but most Linux distributions used an earlier, secure version of the library. It would take quite a long time for the infection to spread to all current distributions, but fortunately, the backdoor was discovered quite quickly.
In response to the identification of the backdoor, the US agency CISA suggested that all affected software vendors roll back XZ Utils in their builds to version 5.4.6 Stable, as well as inform potential victims of any malicious activity they detect.
Binarly notes that previous methods of dealing with the threat based on simple checks, such as matching byte strings, blocking file hashes, and YARA rules, can lead to false positives. The scanner developed by the company is designed to detect this type of backdoor in any file, using static analysis of binary files to determine the substitution of transitions in the GNU Indirect Function (IFUNC).
A special feature of malicious code is that it changes IFUNC calls to intercept execution, which allows you to insert malicious code. This mechanism is used by the found backdoor for initial control over code execution.
The Binarly scanner increases detection efficiency as it scans various points in the supply chain, not just limited to the XZ Utils project, and provides results with much greater accuracy.
The online scanner is already available on the xz.fail website. It allows users to upload their binaries for free verification without restrictions. In addition, Binarly has provided a free API for performing bulk checks for those who need it, which simplifies the process of detecting and protecting against a supply chain attack.
Binarly, a software security company, has developed a free online scanner to identify Linux files affected by the XZ Utils supply chain attack, designated CVE-2024-3094.
CVE-2024-3094 represents a supply chain compromise in XZ Utils — a set of data compression tools and libraries used in many major Linux distributions.
The discovery of malicious code in the latest version of the XZ Utils package occurred by Microsoft engineer Andres Freud during an investigation of slow SSH login in Debian Sid.
The malicious code was added by an anonymous member of the development community to XZ version 5.6.0 and persisted in 5.6.1, but most Linux distributions used an earlier, secure version of the library. It would take quite a long time for the infection to spread to all current distributions, but fortunately, the backdoor was discovered quite quickly.
In response to the identification of the backdoor, the US agency CISA suggested that all affected software vendors roll back XZ Utils in their builds to version 5.4.6 Stable, as well as inform potential victims of any malicious activity they detect.
Binarly notes that previous methods of dealing with the threat based on simple checks, such as matching byte strings, blocking file hashes, and YARA rules, can lead to false positives. The scanner developed by the company is designed to detect this type of backdoor in any file, using static analysis of binary files to determine the substitution of transitions in the GNU Indirect Function (IFUNC).
A special feature of malicious code is that it changes IFUNC calls to intercept execution, which allows you to insert malicious code. This mechanism is used by the found backdoor for initial control over code execution.
The Binarly scanner increases detection efficiency as it scans various points in the supply chain, not just limited to the XZ Utils project, and provides results with much greater accuracy.
The online scanner is already available on the xz.fail website. It allows users to upload their binaries for free verification without restrictions. In addition, Binarly has provided a free API for performing bulk checks for those who need it, which simplifies the process of detecting and protecting against a supply chain attack.
