document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8937 from paperzhang/master

Browse Source 
Cryptocurrency Malware 翻译完毕
This commit is contained in:
Xingyu.Wang 2018-05-27 16:16:16 +08:00 committed by GitHub
commit 9629cc7256
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 107 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
sources/tech/20180517 What You Need to Know About Cryptocurrency Malware Found on Ubuntus Snap Store.md
View File

@ -1,107 +0,0 @@
What You Need to Know About Cryptocurrency Malware Found on Ubuntus Snap Store
======
Recently, it was discovered that a couple of apps in the Ubuntu Snaps store contained cryptocurrency mining software. Canonical swiftly removed the offending apps, but several questions are left unanswered.
### Discovery of Crypto Miner on Snap Store
![Crypto Miner Malware on Ubuntu Snap Store][1]
On May 11, a user named [tarwirdur][2] opened a new issue on the [snapcraft.io repository][3]. In the issue, he noted that a snap entitled 2048buntu created by Nicolas Tomb contained a cryptocurrency miner. He asked how he could “complain about the application” for security reasons. tarwirdur later posted to say that all the others snaps created by Nicolas Tomb also contained cryptocurrency miners.
It appears that the snaps used systemd to automatically launch the code at boot and run it in the background with the user none the wiser.
{For those unfamiliar with the terminology, a cryptocurrency miner is a piece of software that uses a computers main processor or graphics processor to “mine” digital currency. “Mining” usually involves solving a mathematical equation. In this case, if you were running the 2048buntu game, the game used additional processing power for cryptocurrency mining.}
The Snapcraft team responded by quickly removing all apps created by the offender. They also started an investigation.
### The Man Behind the Mask Speaks
On May 13, a Disqus user named Nicolas Tomb [posted a comment][4] on OMGUbuntus coverage of the news. In this comment, he stated that he added the cryptocurrency miner to monetize the snaps. He apologized for his actions and promised to send any funds that had been mined to the Ubuntu foundation.
We cant say for sure if this comment was posted by the same Nicolas Tomb since the Disqus account was just recently created and only has one comment associated with it. For now, well assume that it is.
### Canonical Makes a Statement
On May 15, Canonical issued a statement on the situation. Entitled [“Trust and security in the Snap Store”][5], the post starts out by restating the situation. They add that the snaps have been [reissued with the cryptocurrency mining code removed][6].
Canonical then attempts to examine the motives of Nicolas Tomb. They note that he told them he did it in an attempt to monetize the apps (as stated above) and stopped doing it when confronted. They also note that “mining cryptocurrency is not illegal or unethical by itself”. They are however unhappy about the fact that he did not disclose the cryptocurrency miner in the snap description.
From there Canonical moves to the subject of reviewing software. According to the post, the Snap Store uses a quality control system similar to iOS, Android, and Windows: “automated checkpoints that packages must go through before they are accepted, and manual reviews by a human when specific issues are flagged”.
However, Canonical says “its impossible for a large scale repository to only accept software after every individual file has been reviewed in detail”. Therefore, they need to trust the source, not the content. After all, that is what the current Ubuntu repo system is based on.
Canonical follows this up by talking about the future of snaps. They acknowledge that the current system is not perfect. They are continually working to improve it. They have “very interesting security features in the works that will improve the safety of the system and also the experience of people handling software deployments in servers and desktops”.
One of the features they are working on is the ability to see if a publisher is verified. Other improvements include: “upstreaming of all the AppArmor kernel patches” and other under-the-hood fixes.
### Thoughts on the Snap store malware
Based on all that Ive read, Ive got a few thoughts and questions of my own.
#### How Long Was This Running?
First of all, how long have these mining snaps been available on the Snap Store? Since they have all been removed, we dont have that data. I was able to grab an image of the 2048buntu page from the Google cache, but it doesnt show much of anything. Depending on how long it ran, how many systems it got installed on, and what cryptocurrency was being mined, we could either be talks about a little bit of money or a pile. A further question is: would Canonical have been able to catch this in the future?
#### Was it Really a Malware?
A lot of news sites are reporting this as a malware infection. I think I might have even seen this incident referred to as Linuxs first malware. Im not sure that term is accurate. Dictionary.com defines [malware][7] as: “software intended to damage a computer, mobile device, computer system, or computer network, or to take partial control over its operation”.
The snaps in question did not damage or take control of the computers involved. it also did not infect other computers. It couldnt have because all snaps are sandboxed. At the most, they leached processor power, thats about it. So, I wouldnt call it malware.
#### Nothing Like a Loophole
The one defense that Nicolas Tomb uses is that the Snap Store didnt have any rules against cryptocurrency mining when he uploaded the snaps. {I can bet you that they are rectifying that problem right now.} They didnt have that rule for the simple reason that no one had done it before. If Tomb was trying to do things correctly, he should have asked if this kind of behavior was allowed. The fact that he didnt seems to point to the fact that he knew they would probably say no. At the very least, they would have told him to put it in the description.
![][8]
#### Something Looks Hinkey
As I said before, I got a screenshot of the 2048buntu page from Google cache. Just looking at it raises several red flags. First, there is almost no real description. This is all it says “Game like 2048. This game is clone popular game 2048 with ubuntu colors.” Wow. {Thatll bring in the suckers.} When I read something as empty as that, I get nervous.
Another thing to notice is the size of it. Version 1.0 of the 2048buntu snap weighs almost 140 MB. Why would a game this simple need that much space? There are browser versions written in Javascript that probably use less than a quarter of that. There other snaps of 2048 games on the Snap Store and none of them has half the file size.
Then, you have the license. This is a clone of a popular game using Ubuntu colors. How can it be considered proprietary? Im sure that legit devs in the audience would have uploaded it with a FOSS (Free and Open Source Software) license just because of the content.
These factors alone should have made this snap, in particular, stand out and call for a review.
#### Who is Nicolas Tomb?
After first reading about this, I decided to see what I could find out about the guy who started this mess. When I searched for Nicolas Tomb, I found nothing, zip, nada, zilch. All I found were a bunch of news articles about the cryptocurrency mining snaps and information about taking a trip to the tomb of St. Nicolas. There is no sign of Nicolas Tomb on Twitter or Github either. This seems like a name created just to upload these snaps.
This also leads to a point in the Canonical blog post about verifying publishers. The last time I looked, quite a few snaps were not published by the maintainers of the applications. This makes me nervous. I would be more willing to trust a snap of say Firefox if it was published by Mozilla, instead of Leonard Borsch. If its too much work for the application maintainer to also take care of the snap, there should be a way for the maintainer to put their stamp of approval on the snap for their program. Something like Firefox snap published by Fredrick Ham, approved by Mozilla Foundation. Just something to give the user more confidence in what they are downloading.
#### Snap Store Definitely has Room to Improve
It seems to me that one of the first features that the Snap Store team should have implemented was a way to report suspicious snaps. tarwirdur had to find the sites Github page. The average user would not have thought of that. If the Snap Store cant review every line of code, enabling the users to reports problems is the next best thing. Even rating system would not be a bad addition. Im sure there would have been a couple people who would have given 2048buntu a low rating for using too many system resources.
#### Conclusion
From all the I have seen, I think that someone created a number of simple apps, embedded a cryptocurrency miner in each, and uploaded them to the Snap Store with the goal of raking in piles of money. Once they got caught, they claimed it was only to monetize the snaps. If that was true, they would have mentioned it in the snap description. Hidden crypto miners are nothing [new][9]. They are generally a method of computing power theft.
I wish that Canonical already have features in place to combat this problem and I hope they appear quickly.
What do you think of the Snap Store malware episode? What would you do to improve it? Let us know in the comments below.
If you found this article interesting, please take a minute to share it on social media.
--------------------------------------------------------------------------------
via: https://itsfoss.com/snapstore-cryptocurrency-saga/
作者:[John Paul][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/john/
[1]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/05/ubuntu-snap-malware-800x450.jpeg
[2]:https://github.com/tarwirdur
[3]:https://github.com/canonical-websites/snapcraft.io/issues/651
[4]:https://disqus.com/home/discussion/omgubuntu/malware_found_on_the_ubuntu_snap_store/#comment-3899153046
[5]:https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
[6]:https://forum.snapcraft.io/t/action-against-snap-store-malware/5417/8
[7]:http://www.dictionary.com/browse/malware?s=t
[8]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/05/2048buntu.png
[9]:https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/

107
translated/tech/20180517 What You Need to Know About Cryptocurrency Malware Found on Ubuntus Snap Store.md Normal file
View File

@ -0,0 +1,107 @@
关于在 Ubuntu Snap 应用商店上发现的加密货币 ‘恶意软件’ 需要了解的内容
======
最近,有发现称一些 Ubuntu Snaps 应用商店上的应用包含加密货币挖矿程序。Canonical 公司迅速下架了这些违规的应用,但是留下了几个有待回答的问题。
### 在 Snap 应用商店上发现了加密矿工
![Crypto Miner Malware on Ubuntu Snap Store][1]
5月11号一位名叫 [tarwirdur][2] 的用户在 [snapcraft.io repository][3] 开了一个新的 issue ,他提到一个由 Nicolas Tomb 开发,叫做 2048buntu 的 snap 应用包含加密货币矿工。tarwirdur 询问他怎样才能因为安全原因“抱怨应用” 。tarwirdur 后来发表说其他由 Nicolas Tomb 开发的 snap 应用都包含加密货币矿工。
看起来 snap 应用使用了 systemd 在系统启动时自动地运行代码,并在用户不知情的情况下在后台运行。
{对那些不熟悉相关术语的人来说,加密货币矿工是一段占用计算机主处理器或者图形处理器来“挖掘”数字货币的程序。“挖矿”通常涉及到解决一个数学等式。在这种情况下,如果你在运行 2048buntu 游戏,这个游戏将会使用处理器额外的计算能力去进行加密货币的挖掘。}
Snapcraft 团队迅速地下架了所有由违规者开发的应用来做出回应。他们同时也开展了调查。
### 隐匿者发声
5月13号一位同名为 Nicolas Tomb 的 Disqus 用户在 OMGUbuntu 的新闻报道上发表了[评论][4],他在评论中称自己向 snap 应用中添加了加密货币矿工,从而获取收益。他为他的行为道歉,同时承诺将所有挖矿所得的收益送给 Ubuntu 基金会。
我们不能确认这个评论就是由 Nicolas Tomb 发表的,因为这个 Disqus 账户最近才被创建,也只有一条评论与之相关联。现在,我们假设是的。
### Canonical 公司发表了声明
5月15号Canonical 公司在这种情况下发表了一份声明。标题为 [“Trust and security in the Snap Store”][5],声明开头重申了当下的情况。他们也补充道[重新发布的 snap 应用中加密货币挖矿程序已经被删除了][6]。
Canonical 公司随后尝试检测 Nicolas Tomb 的动机。他们指出到他称自己这样做是为了通过应用赚钱(如上所诉),而在真的面对赚钱时就停止了。他们也指出“挖掘加密货币本身是不合法也是不道德的”。然而,他们对实际情况仍旧是不满意的,因为 Nicolas Tomb 没有在 snap 应用的描述中透露加密货币矿工。
随后 Canonical 公司将主题转移到审核软件上。根据这份申明Snap 应用商店将会采用一种类似 iOSAndroidWindows 的质量控制系统,这个系统将“自动化检查点,安装包必须在被接受前通过检查,同时在特殊问题被标记时会进行人工审核”。
然而Canonical 公司声称“对巨大而弹性的软件仓库来说,只接受每个单独文件都被仔细审核的软件是不可能的”。因此,他们需要相信软件源而不是基于源开发的应用。毕竟,软件源是现在 Ubuntu 软件仓库系统的基础。
Canonical 公司紧接着谈到了 snap 应用的未来。他们承认现在的系统是不完美的。他们也在不断工作进行改善。他们“在目前的工作中有非常有趣的安全功能,这些功能将会改善系统安全性同时提升人们在服务器或桌面上进行软件开发的体验”。
其中一个他们正在开发的功能是查看一个软件发布者是否已通过验证。Other improvements include: “upstreaming of all the AppArmor kernel patches” and other under-the-hood fixes.(不确定under-the-hood 指实现是不透明的,[quora回答](https://www.quora.com/What-does-under-the-hood-mean-in-programming) ,其他的改善包括:“所有 AppArmor 内核补丁的上游”和其他黑盒服务都被修复了。)
### 一些关于'Snap 应用商店恶意软件'的想法
基于我读过的所有内容,我产生了了一些想法和问题。
#### 这种挖矿软件运行多久了?
首先,这些挖矿软件存在于 Snap 应用商店多久了?因为它们已经被下架了,我们没有这样的数据。我可以通过 Google 快照抓取一些 2048buntu 页面的图片但这没有提供任何可用的信息。根据软件运行时间多少系统安装过什么加密货币被挖掘出了我们可以谈谈违规者获取的一点钱或一笔钱。一个更长远的问题是Canonical 公司将来有能力捕捉到这样的违规情况吗?
#### 这真的是一个恶意软件吗?
许多新闻网站将之报道为恶意软件感染。我想我甚至可以看到这个事件被称为 Linux 的第一个恶意软件。我不确定这个术语是否精确。Dictionary.com 这样定义 [恶意软件][7]:“意图损害计算机、移动设备、计算机系统或者计算机网络,或者对其运作进行部分控制的软件”。
有问题的 snap 应用并没有损害或者控制涉及到的计算机。它同样没有感染其他计算机。它也不能这样做,因为所有的 snap 应用位于沙盒之中。它们最多利用了处理器的计算能力,就是这样。所以,我不会称之为恶意软件。
#### Nothing Like a Loophole(无孔不入?)
Nicolas Tomb 使用的一个辩解是在他上传应用的时候 Snap 应用商店没有任何反对加密货币挖矿的规则。{我敢向你打赌他们正在纠正这个错误。}他们之所以没有这样的规则,原因很简单,之前没有人做过这种事。如果 Tomb 想正确地做事,他应该提前询问是否允许这种行为。而事实是他似乎没有指出他知道 Canonical 公司可能会拒绝的事实。至少Canonical 公司会告诉他将这些写在软件的描述中。
![][8]
#### Something Looks Hinkey(不会翻译)
如我之前说的,我从 Google 快照获取了一个 2048buntu 的页面截图。仅仅看它就会感觉到一些危险的信号。首先截图中几乎没有真实的描述。它是这样描述的“类似2048的游戏。这个游戏用 ubuntu 主题克隆了流行的游戏 — 2048。”哇{这将会引来容易上当受骗的人。}当我读到类似空洞的描述时,我会多考虑下。
我注意到的另一件事是软件的大小。2048buntu 的 1.0 版本大小将近 140 MB。一个简单的游戏怎么需要这么多的空间有用 Javascript 写的浏览器版本大概只用了不到它的四分之一。其他 snap 应用商店的 2048 游戏的大小没有一个达到了这个软件的一半。
然后,你有许可证。这是一个使用了 Ubuntu 主题的流行游戏的克隆。它如何被认为是专有的?我确信,其他合法的开发者会因为内容而使用了 FOSS (自由开源软件)许可证来上传它。
单是这些因素就使得这个 snap 应用很特殊,并呼吁进行审核。
#### 谁是 Nicolas Tomb
当第一次读到这些之后,我决定看看我能否找出造成这一团混乱的人。当我搜索 Nicolas Tomb 的时候我什么都没找到zipnadazilch(感觉是错误,不太明白这几个单词在这里的意思)。所有我找到的只是一大堆关于加密货币挖矿 snap 应用的新闻和文章,以及去 tomb of St. Nicolas 旅游的信息。在 Twiter 和 Github 上都没有 Nicolas Tomb 的标志。看起来似乎是为了上传这些 snap 应用才创建的名称。
这同样引出了 Canonical 公司发表的申明中的一点,关于验证发布者。上一次我查看的时候,相当多的 snap 应用不是由应用的维护者发布的。这让我感到担忧。我更乐意相信 firefox 的 snap 应用是由 Mozilla 基金会发布的,而不是 Leonard Borsch。如果对应用维护者来说关注应用的 snap 版本太耗费精力,应该有办法让维护者在他们软件的 snap 版本上贴上批准的标签。就像是 Firefox 的 snap 版本由 Fredrick 发布,经 Mozilla 基金会批准。只是为了让用户对下载的内容更放心。
#### Snap 应用商店无疑有改善的空间
在我看来Snap 应用商店团队应该实现的第一个特性是报告可疑应用的方式。tarwirdur 必须找到该网站的 Github 页面。大多数用户不会想到这一点。如果 Snap 应用商店不能审核每一行代码,使用户能够报告问题是下一个最好的事情。即使评分系统也不会是一个坏的补充。我确信一定有部分人因为 2048buntu 使用了太多系统资源而给它很低的评分。
#### 结论
从我所见过的来说,我认为某个人开发了一些简单的应用,在每个应用中嵌入了加密货币矿工,之后将这些应用上传到 Snap 应用商店,想着捞一笔钱。一旦他们被抓了,他们就声称这仅仅为了通过应用程序获利。如果这是真的,他们应该已经在 snap 应用的描述中提到了。隐藏加密矿工并不是什么[新鲜事][9]。他们通常是一种盗取计算能力的方法。
我希望 Canonical 公司已经具备了解决这个问题的功能,盼望这些功能能很快出来。
你对 Snap 应用商店的‘恶意软件风波’有什么看法?你将如何改善这种情况?请在下面的评论中告诉我们。
如果你觉得这篇文章有趣,请花费一点时间将它分享到社交媒体上。
--------------------------------------------------------------------------------
via: https://itsfoss.com/snapstore-cryptocurrency-saga/
作者:[John Paul][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[paperzhang](https://github.com/paperzhang)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/john/
[1]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/05/ubuntu-snap-malware-800x450.jpeg
[2]:https://github.com/tarwirdur
[3]:https://github.com/canonical-websites/snapcraft.io/issues/651
[4]:https://disqus.com/home/discussion/omgubuntu/malware_found_on_the_ubuntu_snap_store/#comment-3899153046
[5]:https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
[6]:https://forum.snapcraft.io/t/action-against-snap-store-malware/5417/8
[7]:http://www.dictionary.com/browse/malware?s=t
[8]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/05/2048buntu.png
[9]:https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/