:: Re: [DNG] ..are we|Devuan safe from…
Top Page
This message is part of the following thread:
M-+-+\the complete thread tree sorted by date
M\M\MMDidier Kryn at <-
MMMMMMDidier Kryn at ->
Delete this message
Reply to this message
Author: Tomasz Torcz
Date:  
To: dng
Subject: Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?
Dnia Sat, May 01, 2021 at 05:11:48PM +0200, Didier Kryn napisał(a):
> Le 30/04/2021 à 15:05, Arnt Karlsen a écrit :
> > On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message
> > <20210430143720.7311bc82@d44>:
> >
> >
> >> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/
> > ..how it works:
> > https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
>
>
>     This backdoor is targetting systemd and gvfs.

Can you prove that? The analysis you linked shows nothing like that:
- gvfsd is only used as a part of name of backdoor binary, there seem to be no
interaction with real gvfsd at all
- first file described in analysis is an _upstart_ configuration file 

-- 
Tomasz Torcz           “(…) today's high-end is tomorrow's embedded processor.”
tomek@???                      — Mitchell Blank on LKML


This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)