Possible rasnsomware

[dtigue]

Last night I was running Ubuntu in Windows Subsystem for Linux and grabbed this file. As I'm trying to learn the go language. When I ran this program I immediately noticed a huge loss in speed on the terminal and when I checked the 'top' program I saw where there were tons of 'wget' commands running in the background. Specifically, 'wget -q -O- --tries=1 http://169.254.169.254'. I immediately started trying to kill the wget processes but new ones just kept popping up. This was on a brand new install of Ubuntu WSL, and I had not downloaded anything other than a few applications from the repositories that I have installed on multiple linux desktops and servers. So I know it didn't come from the repositories. It HAD to have been from this software. Also, after running this 'go' software I noticed it started pulling in more 'go' programs into the same folder. I wish I had more info on the names of those programs but I immediately deleted all the 'go' software and shutdown Ubuntu WSL, followed by deleting Ubuntu WSL. Lucky for me Windows Defender blocked this and immediately reported it to my corporate office.

[dtigue]

I hope I'm wrong about this but if that's the case then that tells me there is some application in the Ubuntu repositories that includes ransomware. I still would be a bit concerned about the fact that after running this software other go software was pulled in to my system.

[dtigue]

Ok, I think I'm gonna eat some crow here. I started browsing the code and I see that this code requires code from a couple other github go programs. So I followed the trail and have started looking through the code on those programs as well. So I'm not positive the issue is with this software but it may be from the software being pulled in through this software. Also, I assume it's possible that Windows Defender has falsely flagged it as RansomWare. I have sent off the logs to my Microsoft rep for our company and they will be looking into it. Just so you know, Windows Defender blocked it at exactly the same time that I started running this software, and it also said that the issue was coming from the Ubuntu Subsystem. So I believe I'm on the right track as to where the issue originated. I will let you know what the final word is from Microsoft while I continue to go through the code.