I am posting current scan report of rkhunter after connecting with windows computer using remmina, since i have added Time based OTP, may be i am saved from installation of XOR DDOS malware this time.
** Attachment added: "rkhunter.log" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2024540/+attachment/5681584/+files/rkhunter.log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2024540 Title: Vulnerability Can Gain Access even with Time OTP Enabled Status in openssh package in Ubuntu: Incomplete Bug description: Hi, We have noticed that when allowing firewall rule to open SSH port 22 of my computer, somebody in the local network gets access to the system, to prevent it we had added two factor authentication by adding Time based OTP using google authenticator and root login is disabled in configuration, our network have windows systems which are compromised they are infecting this system and installing XOR DDOS Malware in my system, the rkhunter log shows variation in lot of system binary files, The XOR DDOS is overwriting lot of files before installing itself in the system, i think there is some critical bug in ssh system, we thought they are bruteforcing ssh password, but even after putting time based two factor authentication they are able to infiltrate the system and gain access. The ubuntu we are using is 22.04 LTS Jammy. Our systems are constantly attacked by XOR DDOS Rootkit. We had even rate limited the ssh even then they gets access added OTP verification also. we think there is some severe security issue with ssh. More Details About XOR DDOS Here https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ Also there is no option to attach multiple files here. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2024540/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp