marc said on Fri, 7 May 2021 01:05:03 +0200
>So the below words aren't directed at anybody in particular:
>
> It is easy to gloat
>
>And it is true that this particular bit of malware tries to blend in
>amongst the many cryptic helper processes that both systemd-based
>distributions and gnome desktops launch. A simpler system, where
>there are fewer processes provides fewer hiding places.
>
>So simple is good, and it is even better to know what each user
>process in "ps ax" does, and investigate if the listing looks
>different...
This is what most of us have been warning against since 2014. A big,
complex, entangled program has a lot more dark corners for bugs and
exploits to hide.
SteveT
Steve Litt
Spring 2021 featured book: Troubleshooting Techniques of the Successful
Technologist
http://www.troubleshooters.com/techniques