On Thu, Dec 13, 2018 at 09:50:31AM +0100, Florian Obser wrote: > On Thu, Dec 13, 2018 at 09:25:25AM +0100, Kollar Arpad wrote: > > Any creative hints to defend against these kind of threats? > > Your system has been compromised. The attacker is able to replace > binaries, you have lost. If your package manager can still tell you > that the sshd binary has been replaced that only means that you are > dealing with an incompetent attacker. > > Throw the computer away. Get a new one. Install from scratch, restore > data (and only data!) from backup.
This assumes you can tell the difference between data and code. It's a rather fundamental thing that you cannot tell the difference between data and code. Data read by a program is interpreted in some way. That's a form of execution. -Otto