Le 01/05/2021 à 17:50, Florian Zieboll via Dng a écrit : > Hallo Didier, > > why do you think it's targeting only systems with systemd or gvfs > installed? At a first glance, I don't see any hints towards this > conclusion besides the fact that the installer / dropper of this very > sample did name the executables accordingly and provides a systemd > "service" file. It should be easily realizable to automatically choose > other names, depending on the targeted environment. > > The Netlab blog post even states: > > || Depending on the Linux distribution, create the corresponding > || self-starting script /etc/init/systemd-agent.conf > || or /lib/systemd/system/sys-temd-agent.service. > > AFAIK, the directory '/etc/init/' is only created/used by resp. for the > 'upstart' init system, thus I assume that also (at least) those systems > are covered as well.
Apparently I overlooked it a bit, however, if neither systemd nor gvfs are explicitely targetted, systems running these softwares are. If the executables are named systemd-daemon and gvfsd, it's for the process names to be the same and not alarm the admin. If I discovered on one of my Devuan machines a process named systemd-what-the-f or gvfs-something, I would immediately kill it and try to find where it comes from. But if I was running Gnome on Debian, I certainly wouldn't. -- Didier _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
