Dnia Sat, May 01, 2021 at 05:11:48PM +0200, Didier Kryn napisał(a): > Le 30/04/2021 à 15:05, Arnt Karlsen a écrit : > > On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message > > <20210430143720.7311bc82@d44>: > > > > > >> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/ > >> > > ..how it works: > > https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ > > > This backdoor is targetting systemd and gvfs.
Can you prove that? The analysis you linked shows nothing like that: - gvfsd is only used as a part of name of backdoor binary, there seem to be no interaction with real gvfsd at all - first file described in analysis is an _upstart_ configuration file -- Tomasz Torcz “(…) today's high-end is tomorrow's embedded processor.” to...@pipebreaker.pl — Mitchell Blank on LKML _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
