Autore: Didier Kryn Data: To: dng Oggetto: Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware,
taking our kernels from Debian?
Le 01/05/2021 à 17:38, Tomasz Torcz a écrit : > Dnia Sat, May 01, 2021 at 05:11:48PM +0200, Didier Kryn napisał(a):
>> Le 30/04/2021 à 15:05, Arnt Karlsen a écrit :
>>> On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message
>>> <20210430143720.7311bc82@d44>:
>>>
>>>
>>>> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/ >>> ..how it works:
>>> https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ >>
>> This backdoor is targetting systemd and gvfs.
> Can you prove that? The analysis you linked shows nothing like that:
> - gvfsd is only used as a part of name of backdoor binary, there seem to be no
> interaction with real gvfsd at all
> - first file described in analysis is an _upstart_ configuration file
> Then I misread. Or overlooked. Not my mothertongue (~: