Stealthy Linux backdoor malware spotted after three years of minding your business??
openSUSE devs, Don't know if the powers that be are up on this, but quite alarming and I still can't figure out how to test for it. Apparently corrupt versions of systemd-daemon and gvfsd-helper have been used -- for years. https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spott... Any body got more on this? -- David C. Rankin, J.D.,P.E.
On 4/30/21 6:49 AM, David C. Rankin wrote:
openSUSE devs,
Don't know if the powers that be are up on this, but quite alarming and I still can't figure out how to test for it.
Apparently corrupt versions of systemd-daemon and gvfsd-helper have been used -- for years.
https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spott...
Any body got more on this?
Just follow the link therein: ;-) [...] Netlab researchers Alex Turing and Hui Wang said in an advisory. [...] --> https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ Have a nice day, Berny
On 4/30/21 1:55 AM, Bernhard Voelker wrote:
On 4/30/21 6:49 AM, David C. Rankin wrote:
openSUSE devs,
Don't know if the powers that be are up on this, but quite alarming and I still can't figure out how to test for it.
Apparently corrupt versions of systemd-daemon and gvfsd-helper have been used -- for years.
https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spott...
Any body got more on this?
Just follow the link therein: ;-)
[...] Netlab researchers Alex Turing and Hui Wang said in an advisory. [...] --> https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
Have a nice day, Berny
Yep, Read that too, still not entirely clear of how this thing works, and other than the MD5sum on the affected files, not entirely sure how to detect it (other than looking for outgoing port openings and the like. Crafty little buggers... -- David C. Rankin, J.D.,P.E.
On Sat, 1 May 2021 00:55:51 -0500 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
On 4/30/21 1:55 AM, Bernhard Voelker wrote:
On 4/30/21 6:49 AM, David C. Rankin wrote:
openSUSE devs,
Don't know if the powers that be are up on this, but quite alarming and I still can't figure out how to test for it.
Apparently corrupt versions of systemd-daemon and gvfsd-helper have been used -- for years.
https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spott...
Any body got more on this?
Just follow the link therein: ;-)
[...] Netlab researchers Alex Turing and Hui Wang said in an advisory. [...] --> https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
Have a nice day, Berny
Yep,
Read that too, still not entirely clear of how this thing works, and other than the MD5sum on the affected files, not entirely sure how to detect it (other than looking for outgoing port openings and the like.
Crafty little buggers...
Surely the presence of those two specific programs, similar to but different from all valid programs, would be enough of a clue that they were present? Nobody knows how it works, because they haven't [yet] obtained and analysed the plugins, AIUI.
participants (3)
-
Bernhard Voelker -
Dave Howorth -
David C. Rankin