Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

Somebody Tried To Convince a Raspberry Pi Exec To Install Malware On Its Devices (softpedia.com) 119

An anonymous reader writes: Liz Upton, Director of Communications for the Raspberry Pi Foundation, has just published an email where someone was asking how much would it cost them for the Foundation to install malware on its devices in the form of a .EXE file. The email sender was asking for a PPI [price per install] quote.
This discussion has been archived. No new comments can be posted.

Somebody Tried To Convince a Raspberry Pi Exec To Install Malware On Its Devices

Comments Filter:
  • That's just stupid on so many layers.

    • Re: Okay... (Score:1, Insightful)

      by Anonymous Coward

      Is it? Newer Linux distros typically come with systemd, which many users consider to be malware because it's unwanted and can have a very negative impact. So it's not like Linux is any better in reality, I'm sad to say.

      • Re: Okay... (Score:5, Insightful)

        by NotInfinitumLabs ( 1150639 ) on Friday December 25, 2015 @09:27PM (#51184477)

        Is it? Newer Linux distros typically come with systemd, which many users consider to be malware because it's unwanted and can have a very negative impact. So it's not like Linux is any better in reality, I'm sad to say.

        Holy shit, why can't people shut up about systemd? You people seem to bring it up at EVERY single opportunity, even if it's REMOTELY related.

        • Re: Okay... (Score:1, Troll)

          by slazzy ( 864185 )
          I just had a gigantic poop on the toilet and it reminded me of systemd.
        • Re: Okay... (Score:5, Insightful)

          by Lost Race ( 681080 ) on Saturday December 26, 2015 @01:11AM (#51185093)

          Since you brought it up....

          Complaints about systemd are like complaints about the TSA -- richly deserved, but kind of pointless, because that shit is just not going away (until it gets superceded by something even worse).

        • Re: (Score:3, Informative)

          by Skylinux ( 942824 )

          Just making sure you don't forget how bad that shit is. Works OK'ish when everything works but damn what a pain in the ass to debug when a service fails to start ..... for some reason.

          All our servers have switched to BSD. Should have done this a lot sooner since BSD just makes sense when you have worked with a various Linux distros over the years .... LSB was a good idea but no one gave a fuck.

          • Works OK'ish when everything works but damn what a pain in the ass to debug when a service fails to start

            So, totally different to GRUB?

            Says I, about to have to go into the depths of GRUB.

      • Layer 1: RPi runs Linux. Good luck with the exe.
        Layer 2. RPi comes without any internal storage to install this on. They'd need to include it in SD images
        Layer 3. RPi is a tinkerer's machine, the malware wouldn't survive a day.
        Layer 4: "The exe creates a desktop shortcut to our website" - you need .exe for that?
        Layer 5: even if it does - most RPis are run headless. And many of these with screens run without network ...there are more if you think about it.

        • Layer 1 has been done. THe "install now" icon on a live CD, the Store in Ubuntu, etc. Heck, just mkdir /etc/skel/Desktop and put the file there and call it a day....

          Layer 2 would be sticky, but yes, include it on their images. Quote the $BAD_COMPANY $10 to cover the cost of a SD card to include with the board on sale and $2 or more of profit.

          Layer 3 is the Truth and where it would stop even if it were included on a free SD card. Heck if I buy a new Dell laptop the first thing I do is image the hard dr

    • That's just stupid on so many layers.

      And that's where the problem with the story is: Who, especially a "black hat" would make such an approach or advise their "marketing" team to do so? I find it difficult to believe.

      Not saying it didn't happen, but I think it's suspect. It's possible that it's a "false flag". Or perhaps it's completely made up by someone at RaspberryPi? Why would they censor the name of the offending company? Wouldn't they want people to know who's doing this sort of thing?

      Too many questions to buy this completely.

      • Given that at least Lenovo installed such on new computers a while back I would not be surprised if many producers of computers did not get a lot of such proposals,

      • As someone who has followed RasPi since the beginning, I trust Liz Upton. She has always provided plain, unadorned truth to the best of her knowledge.

        If she says someone wanted to pay them to put shit in the ice cream, I believe her. That the approach was so bold suggests to me this was not an isolated event. What we old grumpy technologists need to do is hunt these creeps down and make sure no computer is ever loyal to them again.

      • Not saying it didn't happen, but I think it's suspect. It's possible that it's a "false flag"

        No, this is somewhat typical in Eastern countries, i.e. professional malware software companies pay system integrators to install crap on their systems. This letter itself looks like it was written by somebody from China (most of the spammers there learn English in chat sessions, i.e. selling gold in World of Warcraft, so they pick up a lot of the crap habits that people have in those places, hence this letter is full of shit speak, i.e. instead of "you" they say "u", or other things like often saying hehe

    • by Anonymous Coward

      Not really stupid.

      They asked because they know that, in the majority of people, everyone has a price.

      Greed is a powerful motivator. It is pretty much why we are where we are today. Why we can't trust anything, or anyone, to do the right thing.

      It's why I have to lock down any device I attach to my network. Isolate it, prevent it from probing or calling home.

      Greed.

      It's the reason this country exists today and will ultimately be the cause of its downfall.

    • by arglebargle_xiv ( 2212710 ) on Friday December 25, 2015 @08:38PM (#51184333)

      It's just a generic form-letter email that would have been sent to an auto-generated list of any number of systems integrators and anyone else that might possibly respond. That's how the bloatware that gets included in Windows PCs ends up on there, it could be describing SymantecNortonLenovoToshibaHuluNetflixCyberlinkDellSkype7ZipAccuweatherRealTek SuperEssentialClickOnMe [pcworld.com].

      In any case there's already a malware-installer [techcrunch.com] "EXE file that installs a desktop shortcut, that when clicked redirects users to a specific website" for the Raspberry Pi.

  • Do it. (Score:4, Insightful)

    by Jethro ( 14165 ) on Friday December 25, 2015 @02:34PM (#51182811) Homepage

    Hey, free money. Not like the PI has any permanent storage so they'd just have to stick the file on some chip somewhere, where it can't really be accessed. Not that an .exe would even be executable.

    Better yet - ship every Raspberry PI with an SD card labelled "Malware - Please execute immediately."

    • by meadow ( 1495769 )
      Why does she say it was malware? Perhaps that is the business model of the company and they just want to have their app/site or a link to it included on users desktops? If that alone makes it malware, then - excuse me - but just about every major company in Silicon Valley are huge malware distributors because that's all they do: Cram unwanted apps/sites down people's throats.

      I would even venture to guess that what this one company is doing is probably highly innocuous compared with the evil shit being i
  • by Anonymous Coward on Friday December 25, 2015 @02:44PM (#51182845)

    So after reading the email, I would have to say this headline is sensationalist, and overall bad reporting. So much so that im actually making this post, which i have never done on /.

    Nowhere are they asking them to install malware, or install it without the consumers consent. Essentially what they are asking is that their application be packaged with with the pi, and the user be asked to install the software. Basically the same thing most "freeware" on the internet does. He you want our app? What about this one and this one and this one to.

    Ive dealt with representatives from foreign companies before, and their command of the English language is about as excellent as google translate will allow. You have to use your brain a little when reading them, but its usually fairly easy to understand and don't leap to conclusions to create headlines like this.

    • Linda, is that you?
    • by hawguy ( 1600213 )

      So after reading the email, I would have to say this headline is sensationalist, and overall bad reporting. So much so that im actually making this post, which i have never done on /.

      Nowhere are they asking them to install malware, or install it without the consumers consent. Essentially what they are asking is that their application be packaged with with the pi, and the user be asked to install the software. Basically the same thing most "freeware" on the internet does. He you want our app? What about this one and this one and this one to.

      Ive dealt with representatives from foreign companies before, and their command of the English language is about as excellent as google translate will allow. You have to use your brain a little when reading them, but its usually fairly easy to understand and don't leap to conclusions to create headlines like this.

      That was my thought too -- this appears to be just like the bloatware that comes with every new PC (and phone). Annoying for sure, but it's a stretch to call it Malware unless the software does something more nefarious than installing a desktop shortcut.

    • That's called Crapware. It's not necessarily nefarious, just unwanted and unnecessary. If the developers are paying people to pre-install it, it's almost certainly crapware at the least or maybe even adware or other malware.

    • by Xenna ( 37238 ) on Friday December 25, 2015 @04:18PM (#51183309)

      Note that Liz Upton, the addressee, used the phrase malware herself. That's where the sensationalism started. Just blindly converting it into a Slashdot headline, that's the bad reporting part.

      Whatever happened to common sense...?

      • by Mr Z ( 6791 )

        Without seeing the linked site, it's hard to say what exactly the EXE was meant to accomplish. If it's some sleazoid V14GRA site, or Scan Your PC Now for Viruses site, it's pretty easy to call it malware.

        Some relevant information was redacted, unfortunately.

      • by AmiMoJo ( 196126 )

        It's suspicious but not definitively malware. They say they want to put a shortcut on the desktop, that's all. We don't know if it does anything else, or if the linked site is full if malware. It could be entirely innocent, so I don't think malware is correct at this stage.

    • by Anonymous Coward

      Hang on a sec. A poorly written email asking to install an .exe into your customer's systems? Yeah I'd assume it's malware also, especially with no source available.

      Which makes one wonder, how does Dell, etc. vet the crapware they put on their Windows systems? Do they insist on seeing the source?

    • by Vokkyt ( 739289 ) on Friday December 25, 2015 @04:41PM (#51183449)

      Though this may be me projecting my own prejudices with bundled software, nearly a decade of working in tech support has loosened my definition of malware to include basically any software put on the user's computer without the user's informed consent. Many bundled packages and suites behave in the exact same manner as actual malware and are just as difficult to remove, if not more so in some situations as anti-malware/AV software will not see this software as "malicious" and will not remove it automatically. Given that one of the foci of RaspberryPi's is to provide a cheap computer option for whatever needs, it simply would provide a misleading option to users like the bundled junk that often comes on cheap Windows based laptops.

      I am not purporting that this is what was meant by Ms. Upton, but it's not hard to see how she and basically most people could see the proposed software as "malware" to be bundled.

    • It's hard to conclude that this is not malware based off the email when you don't know who the company is or what they wanted to install.
      There is so much of this crap that requires malware tools to uninstall that comes bundled with other software. Toolbars, download assistants, things that make you an unknowing host in what is basically a torrent network.

      You don't need to include a third party exe in your installer just to throw a desktop shortcut to thirdpartycompany.com. I think it is a little na
  • Sure (Score:4, Interesting)

    by kimvette ( 919543 ) on Friday December 25, 2015 @02:50PM (#51182881) Homepage Journal

    Sure - install it on a Linux system and include in the documentation:

    "Hey! We helped subsidize the cost of your device by including malware on it. If you really, really want to run it, you can install wine but without installing that framework or some sort of Windows emulator it will not run so we felt it is a safe choice to include on the system. It is located in /tmp and will be cleaned up by a cron job after a week, and it isn't marked as executable so even if it were a Linux executable it would not run without your adjusting permissions anyhow, but we urge you out of principle to do an 'rm /tmp/scumbag-sucker-malware.exe' at your first opportunity."

    Offer it at a discounted price, and the malware-free version at the usual price. As a bonus dox the malware provider. ;)

  • by Anonymous Coward

    who's married to the Pi hardware designer, and who made tasteless and morbid jokes on her Twitter stream about Steve Jobs' and him dying from pancreatic cancer?

    • by Cederic ( 9623 )

      I didn't see those, could you share? It's cold and wet here, could do with a laugh.

  • Why the redaction? Sounds bogus

  • -rwxrw-rw- 1 pi pi 582 Apr 23 1999 Carved Stone.bmp
    drwxr-xr-x 2 pi pi 4096 Mar 9 2015 Desktop
    drwxrwxrwx 3 pi pi 4096 Sep 4 11:51 Devel
    -rwxr--r-- 1 pi pi 49 May 15 2015 golog
    drwxr-xr-x 3 pi pi 4096 Nov 8 22:40 indiecity
    drwxr-xr-x 4 504 staff 4096 Feb 11 2013 mcpi
    drwxrwxr-x 2 pi pi 4096 Mar 10 2013 python_games
    -rw-r--r-- 1 root root 254 Mar 15 2014 test.js
    drwxr-xr-x 3 pi pi 4096 Mar 9 2015 tmp
    -rw-r--r-- 1 pi pi

news: gotcha

Working...