So, there’s a trojanized version of PuTTy circulating around.

There’s this report here┬áposted by Cisco. If tl;dr then in a nutshell this is the case. Someone created a backdoored version of PuTTy. You can get infected if you search for PuTTy and download it from an untrusted mirror. Btw, someone can verify the integrity of the files through MD5, SHA-1 (Sidenote: both are known not be secure), SHA-256 and SHA-512.

The first question is “Why someone backdoor PuTTy?”. Well, at least in my book, it makes sense. Assume you have developed a malware. You want to infect users. Achieving scalability comes with a cost. You want to minimize this cost. As such, there are a few paths to choose. One easy path is attacking vulnerable CMSs through Google Dorks. Another path is infecting PuTTy or another client used to control servers. It just makes sense.

So, now that everyone understands why it makes sense to backdoor such a software, let’s move to things that don’t make sense. Microsoft allows you to enable a telnet client on your machine but not SSH. This doesn’t make sense at all. For those not familiar with telnet, telnet is like ssh but without the first s (SSH stands for Secure Shell). In other words, telnet is not secure against a variety of threats and attacks. So, my dear Microsoft, may I suggest you add an SSH client on your next Service Pack or OS?

The last part is file integrity. Now, regardless of the hashing algorithm, checking sums is at least not user-friendly. Either on Linux or Windows, checking file integrity through checksums is not friendly. Even the most automated versions of checking sums still spit out a lot of lines with FAILED status and let the user find the one that matches the one with the OK status. Maybe it’s time we develop a tool that it’s a bit more user-friendly.

Leave a Reply

Your email address will not be published. Required fields are marked *