:: Re: [DNG] ..are we|Devuan safe from…
Top Pagina
Delete this message
Reply to this message
Auteur: Arnt Karlsen
Datum:  
Aan: dng
Onderwerp: Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?
On Tue, 4 May 2021 10:00:25 -0700, Rick wrote in message
<20210504170025.GB18306@???>:

> Quoting Arnt Karlsen (arnt@???):
>
> > On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message
> > <20210430143720.7311bc82@d44>:
> >
> >
> > > https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/
> >
> > ..how it works:
> > https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
>
> Answer: Avoid installing and running it.
>
> This isn't any kind of intrusion tool, just yet another backdoor
> program that can be installed and activated after intrusion through
> other means entirely -- indistinguishable except in fine detail from
> countless others that have existed for decades. And _TheReg_ was
> very clear about that:
>
> The malware is not an exploit; rather it's a payload that opens a
> backdoor on the targeted machine. It might be installed by an
> unsuspecting user, an intruder, or through a dropper Trojan. How
> RotaJakiro has been distributed remains unanswered.
>
> So, there ya go: Avoid installing and running it. It's called system
> administration.


..very true. Are there ways to trick common Devuan installs
into automatically installing these bad things?
(Other than tricking newbie etc users, sysadmins etc into
doing it?)


--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.