Le 01/05/2021 à 17:38, Tomasz Torcz a écrit : > Dnia Sat, May 01, 2021 at 05:11:48PM +0200, Didier Kryn napisał(a): >> Le 30/04/2021 à 15:05, Arnt Karlsen a écrit : >>> On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message >>> <20210430143720.7311bc82@d44>: >>> >>> >>>> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/ >>>> >>> ..how it works: >>> https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ >> >> This backdoor is targetting systemd and gvfs. > Can you prove that? The analysis you linked shows nothing like that: > - gvfsd is only used as a part of name of backdoor binary, there seem to be no > interaction with real gvfsd at all > - first file described in analysis is an _upstart_ configuration file > Then I misread. Or overlooked. Not my mothertongue (~:
-- Didier _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
