:: Re: [DNG] ..are we|Devuan safe from…
Góra strony
Delete this message
Reply to this message
Autor: Didier Kryn
Data:  
Dla: dng
Temat: Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?
Le 01/05/2021 à 17:38, Tomasz Torcz a écrit :
> Dnia Sat, May 01, 2021 at 05:11:48PM +0200, Didier Kryn napisał(a):
>> Le 30/04/2021 à 15:05, Arnt Karlsen a écrit :
>>> On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message
>>> <20210430143720.7311bc82@d44>:
>>>
>>>
>>>> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/
>>> ..how it works:
>>> https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
>>
>>     This backdoor is targetting systemd and gvfs.
> Can you prove that? The analysis you linked shows nothing like that:
> - gvfsd is only used as a part of name of backdoor binary, there seem to be no
> interaction with real gvfsd at all
> - first file described in analysis is an _upstart_ configuration file
>

    Then I misread. Or overlooked. Not my mothertongue (~:

--     Didier