1. Forum
  2. FidoNet
  3. alt.comp.os.windows-11

  • DAEMON Tools vs daemontools

    From Lawrence D?Oliveiro@3:633/10 to All on Tuesday, May 05, 2026 22:35:00
    ?Widely used Daemon Tools disk app backdoored in monthlong
    supply-chain attack? <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Kaspersky, the security firm reporting the supply-chain attack,
    said it began on April 8 and remained active as of the time its
    post went live. Installers that are signed by the developer?s
    official digital certificate and downloaded from its website
    infect Daemon Tools executables, causing the malware to run at
    boot time. Kaspersky didn?t explicitly say so, but based on
    technical details, the infected versions appear to be only those
    that run on Windows. Versions 12.5.0.2421 through 12.5.0.2434 are
    affected. Neither Kaspersky nor developer AVB could be contacted
    immediately for additional details.

    Checking my Debian repo, I find a set of related packages named
    ?daemontools?. But it seems clear to me this ?daemontools? has nothing
    to do with the ?DAEMON Tools? product that is the subject of this
    security alert. To start with, the version numbers are quite
    different.

    Also, the latter is Windows-only <https://www.daemon-tools.cc/support/faq#system_requirements>, while
    the former makes it quite clear <https://cr.yp.to/daemontools.html>
    that it is ?for managing UNIX services?.

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From Paul@3:633/10 to All on Tuesday, May 05, 2026 19:22:46
    On Tue, 5/5/2026 6:35 PM, Lawrence D?Oliveiro wrote:
    ?Widely used Daemon Tools disk app backdoored in monthlong
    supply-chain attack? <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Kaspersky, the security firm reporting the supply-chain attack,
    said it began on April 8 and remained active as of the time its
    post went live. Installers that are signed by the developer?s
    official digital certificate and downloaded from its website
    infect Daemon Tools executables, causing the malware to run at
    boot time. Kaspersky didn?t explicitly say so, but based on
    technical details, the infected versions appear to be only those
    that run on Windows. Versions 12.5.0.2421 through 12.5.0.2434 are
    affected. Neither Kaspersky nor developer AVB could be contacted
    immediately for additional details.

    Checking my Debian repo, I find a set of related packages named ?daemontools?. But it seems clear to me this ?daemontools? has nothing
    to do with the ?DAEMON Tools? product that is the subject of this
    security alert. To start with, the version numbers are quite
    different.

    Also, the latter is Windows-only <https://www.daemon-tools.cc/support/faq#system_requirements>, while
    the former makes it quite clear <https://cr.yp.to/daemontools.html>
    that it is ?for managing UNIX services?.


    The windows one is described here.

    https://en.wikipedia.org/wiki/Daemon_Tools

    Paul

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From jayjwa@3:633/10 to All on Wednesday, May 06, 2026 12:24:47
    Lawrence D?Oliveiro <ldo@nz.invalid> writes:

    ?Widely used Daemon Tools disk app backdoored in monthlong
    supply-chain attack? <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Looks like they are talking about Windows stuff. https://www.kaspersky.com/about/press-releases/kaspersky-identifies-ongoing-supply-chain-attack-on-official-daemon-tools-website-distributing-backdoor-malware

    Specifically, attackers tampered with legitimate application binaries
    to execute malicious code at process startup and leveraged a legitimate >Windows service to maintain persistence on the host.

    This one:
    https://en.wikipedia.org/wiki/Daemon_Tools

    Not this one:
    https://en.wikipedia.org/wiki/Daemontools

    Why the Windows one uses the term "daemon" when it has nothing to do
    with daemons I don't know.

    --
    PGP Key ID: 781C A3E2 C6ED 70A6 B356 7AF5 B510 542E D460 5CAE
    "The Internet should always be the Wild West!"

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From John Ames@3:633/10 to All on Wednesday, May 06, 2026 09:40:43
    On Wed, 06 May 2026 12:24:47 -0400
    jayjwa <jayjwa@atr2.ath.cx.invalid> wrote:

    Why the Windows one uses the term "daemon" when it has nothing to do
    with daemons I don't know.

    L337 points, basically. It was 2005, all the kewl k1dz were doing it :/


    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)