On 11/23/12 06:14, Milan P. Stanic wrote: > On Fri, 2012-11-23 at 02:22, Jordon Bedwell wrote: >> On Fri, Nov 23, 2012 at 12:31 AM, Mike Mestnik >> <cheako+debian-secur...@mikemestnik.net> wrote: >>> On 11/22/12 11:33, Laurentiu Pancescu wrote: >>>> More likely: a vulnerability in their web service (some form of >>>> execution of attacker-provided code), combined with a local privilege >>>> elevation exploit (the Linux kernel had quite many such bugs, some are >>>> probably yet undiscovered). I find it interesting that the rootkit was >>>> written or customized specifically for squeeze. >> >> I think this was a test of greater things to come. I would assume >> (mostly because to me it's ignorant not to assume this) that the >> author of the malware might have built it to target his preferred OS >> first and then would have expanded it later. It's much easier to >> build small and then work to greater things then to build big and >> possibly fail. > > Two days passed and no one say anything about infection vector. > Expect gibberish babble about Russian hackers. > > To me, it looks like some 'unknown entity' spread FUD about Linux and > especially Debian. > This is a good point, can we even verify the original reporter doesn’t have a vendetta against Russian hackers? The real attack here could be a political one, hence the shabby technical bits when compared to the articles and postings.
Perhaps it's worth a Debian Weekly Sews Article to clear the air and address any user concerns about these other articles. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50af9e76.2090...@mikemestnik.net
