Dnia Sat, May 01, 2021 at 05:11:48PM +0200, Didier Kryn napisał(a):
> Le 30/04/2021 à 15:05, Arnt Karlsen a écrit :
> > On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message 
> > <20210430143720.7311bc82@d44>:
> >
> >
> >> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/
> >>  
> > ..how it works:
> > https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
> 
> 
>     This backdoor is targetting systemd and gvfs.

  Can you prove that?  The analysis you linked shows nothing like that:
- gvfsd is only used as a part of name of backdoor binary, there seem to be no
  interaction with real gvfsd at all
- first file described in analysis is an _upstart_ configuration file

-- 
Tomasz Torcz           “(…) today's high-end is tomorrow's embedded processor.”
to...@pipebreaker.pl                      — Mitchell Blank on LKML

_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Reply via email to