1. Forum
  2. USENET
  3. alt.comp.os.windows-11

  • DAEMON Tools vs daemontools

    From Lawrence =?iso-8859-13?q?D=FFOliveiro?=@ldo@nz.invalid to comp.os.linux.misc,alt.comp.os.windows-11 on Tue May 5 22:35:00 2026
    From Newsgroup: alt.comp.os.windows-11

    rCLWidely used Daemon Tools disk app backdoored in monthlong
    supply-chain attackrCY <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Kaspersky, the security firm reporting the supply-chain attack,
    said it began on April 8 and remained active as of the time its
    post went live. Installers that are signed by the developerrCOs
    official digital certificate and downloaded from its website
    infect Daemon Tools executables, causing the malware to run at
    boot time. Kaspersky didnrCOt explicitly say so, but based on
    technical details, the infected versions appear to be only those
    that run on Windows. Versions 12.5.0.2421 through 12.5.0.2434 are
    affected. Neither Kaspersky nor developer AVB could be contacted
    immediately for additional details.

    Checking my Debian repo, I find a set of related packages named rCLdaemontoolsrCY. But it seems clear to me this rCLdaemontoolsrCY has nothing to do with the rCLDAEMON ToolsrCY product that is the subject of this
    security alert. To start with, the version numbers are quite
    different.

    Also, the latter is Windows-only <https://www.daemon-tools.cc/support/faq#system_requirements>, while
    the former makes it quite clear <https://cr.yp.to/daemontools.html>
    that it is rCLfor managing UNIX servicesrCY.
    --- Synchronet 3.21f-Linux NewsLink 1.2
  • From Paul@nospam@needed.invalid to comp.os.linux.misc,alt.comp.os.windows-11 on Tue May 5 19:22:46 2026
    From Newsgroup: alt.comp.os.windows-11

    On Tue, 5/5/2026 6:35 PM, Lawrence DrCOOliveiro wrote:
    rCLWidely used Daemon Tools disk app backdoored in monthlong
    supply-chain attackrCY <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Kaspersky, the security firm reporting the supply-chain attack,
    said it began on April 8 and remained active as of the time its
    post went live. Installers that are signed by the developerrCOs
    official digital certificate and downloaded from its website
    infect Daemon Tools executables, causing the malware to run at
    boot time. Kaspersky didnrCOt explicitly say so, but based on
    technical details, the infected versions appear to be only those
    that run on Windows. Versions 12.5.0.2421 through 12.5.0.2434 are
    affected. Neither Kaspersky nor developer AVB could be contacted
    immediately for additional details.

    Checking my Debian repo, I find a set of related packages named rCLdaemontoolsrCY. But it seems clear to me this rCLdaemontoolsrCY has nothing
    to do with the rCLDAEMON ToolsrCY product that is the subject of this security alert. To start with, the version numbers are quite
    different.

    Also, the latter is Windows-only <https://www.daemon-tools.cc/support/faq#system_requirements>, while
    the former makes it quite clear <https://cr.yp.to/daemontools.html>
    that it is rCLfor managing UNIX servicesrCY.


    The windows one is described here.

    https://en.wikipedia.org/wiki/Daemon_Tools

    Paul
    --- Synchronet 3.21f-Linux NewsLink 1.2
  • From jayjwa@jayjwa@atr2.ath.cx.invalid to comp.os.linux.misc,alt.comp.os.windows-11 on Wed May 6 12:24:47 2026
    From Newsgroup: alt.comp.os.windows-11

    Lawrence DrCOOliveiro <ldo@nz.invalid> writes:

    rCLWidely used Daemon Tools disk app backdoored in monthlong
    supply-chain attackrCY <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Looks like they are talking about Windows stuff. https://www.kaspersky.com/about/press-releases/kaspersky-identifies-ongoing-supply-chain-attack-on-official-daemon-tools-website-distributing-backdoor-malware

    Specifically, attackers tampered with legitimate application binaries
    to execute malicious code at process startup and leveraged a legitimate >Windows service to maintain persistence on the host.

    This one:
    https://en.wikipedia.org/wiki/Daemon_Tools

    Not this one:
    https://en.wikipedia.org/wiki/Daemontools

    Why the Windows one uses the term "daemon" when it has nothing to do
    with daemons I don't know.
    --
    PGP Key ID: 781C A3E2 C6ED 70A6 B356 7AF5 B510 542E D460 5CAE
    "The Internet should always be the Wild West!"
    --- Synchronet 3.21f-Linux NewsLink 1.2
  • From John Ames@commodorejohn@gmail.com to comp.os.linux.misc,alt.comp.os.windows-11 on Wed May 6 09:40:43 2026
    From Newsgroup: alt.comp.os.windows-11

    On Wed, 06 May 2026 12:24:47 -0400
    jayjwa <jayjwa@atr2.ath.cx.invalid> wrote:

    Why the Windows one uses the term "daemon" when it has nothing to do
    with daemons I don't know.

    L337 points, basically. It was 2005, all the kewl k1dz were doing it :/

    --- Synchronet 3.21f-Linux NewsLink 1.2