1. Forum
  2. Newsgroups
  3. comp.os.linux.misc

  • DAEMON Tools vs daemontools

    From Lawrence =?iso-8859-13?q?D=FFOliveiro?=@ldo@nz.invalid to comp.os.linux.misc,alt.comp.os.windows-11 on Tue May 5 22:35:00 2026
    From Newsgroup: comp.os.linux.misc

    “Widely used Daemon Tools disk app backdoored in monthlong
    supply-chain attack” <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Kaspersky, the security firm reporting the supply-chain attack,
    said it began on April 8 and remained active as of the time its
    post went live. Installers that are signed by the developer’s
    official digital certificate and downloaded from its website
    infect Daemon Tools executables, causing the malware to run at
    boot time. Kaspersky didn’t explicitly say so, but based on
    technical details, the infected versions appear to be only those
    that run on Windows. Versions 12.5.0.2421 through 12.5.0.2434 are
    affected. Neither Kaspersky nor developer AVB could be contacted
    immediately for additional details.

    Checking my Debian repo, I find a set of related packages named “daemontools”. But it seems clear to me this “daemontools” has nothing to do with the “DAEMON Tools” product that is the subject of this
    security alert. To start with, the version numbers are quite
    different.

    Also, the latter is Windows-only <https://www.daemon-tools.cc/support/faq#system_requirements>, while
    the former makes it quite clear <https://cr.yp.to/daemontools.html>
    that it is “for managing UNIX services”.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Paul@nospam@needed.invalid to comp.os.linux.misc,alt.comp.os.windows-11 on Tue May 5 19:22:46 2026
    From Newsgroup: comp.os.linux.misc

    On Tue, 5/5/2026 6:35 PM, Lawrence D’Oliveiro wrote:
    “Widely used Daemon Tools disk app backdoored in monthlong
    supply-chain attack” <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Kaspersky, the security firm reporting the supply-chain attack,
    said it began on April 8 and remained active as of the time its
    post went live. Installers that are signed by the developer’s
    official digital certificate and downloaded from its website
    infect Daemon Tools executables, causing the malware to run at
    boot time. Kaspersky didn’t explicitly say so, but based on
    technical details, the infected versions appear to be only those
    that run on Windows. Versions 12.5.0.2421 through 12.5.0.2434 are
    affected. Neither Kaspersky nor developer AVB could be contacted
    immediately for additional details.

    Checking my Debian repo, I find a set of related packages named “daemontools”. But it seems clear to me this “daemontools” has nothing
    to do with the “DAEMON Tools” product that is the subject of this security alert. To start with, the version numbers are quite
    different.

    Also, the latter is Windows-only <https://www.daemon-tools.cc/support/faq#system_requirements>, while
    the former makes it quite clear <https://cr.yp.to/daemontools.html>
    that it is “for managing UNIX services”.


    The windows one is described here.

    https://en.wikipedia.org/wiki/Daemon_Tools

    Paul
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From jayjwa@jayjwa@atr2.ath.cx.invalid to comp.os.linux.misc,alt.comp.os.windows-11 on Wed May 6 12:24:47 2026
    From Newsgroup: comp.os.linux.misc

    Lawrence D’Oliveiro <ldo@nz.invalid> writes:

    “Widely used Daemon Tools disk app backdoored in monthlong
    supply-chain attack” <https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/>:

    Looks like they are talking about Windows stuff. https://www.kaspersky.com/about/press-releases/kaspersky-identifies-ongoing-supply-chain-attack-on-official-daemon-tools-website-distributing-backdoor-malware

    Specifically, attackers tampered with legitimate application binaries
    to execute malicious code at process startup and leveraged a legitimate >Windows service to maintain persistence on the host.

    This one:
    https://en.wikipedia.org/wiki/Daemon_Tools

    Not this one:
    https://en.wikipedia.org/wiki/Daemontools

    Why the Windows one uses the term "daemon" when it has nothing to do
    with daemons I don't know.
    --
    PGP Key ID: 781C A3E2 C6ED 70A6 B356 7AF5 B510 542E D460 5CAE
    "The Internet should always be the Wild West!"
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From John Ames@commodorejohn@gmail.com to comp.os.linux.misc,alt.comp.os.windows-11 on Wed May 6 09:40:43 2026
    From Newsgroup: comp.os.linux.misc

    On Wed, 06 May 2026 12:24:47 -0400
    jayjwa <jayjwa@atr2.ath.cx.invalid> wrote:

    Why the Windows one uses the term "daemon" when it has nothing to do
    with daemons I don't know.

    L337 points, basically. It was 2005, all the kewl k1dz were doing it :/

    --- Synchronet 3.22a-Linux NewsLink 1.2