Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > alt.os.linux > #81071

Re: What do you make of this reported Linux back door?

Path csiph.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From John Hasler <john@sugarbit.com>
Newsgroups alt.os.linux
Subject Re: What do you make of this reported Linux back door?
Date Fri, 28 Feb 2025 08:09:46 -0600
Organization Dancing Horse Hill
Lines 15
Message-ID <87jz9ama8l.fsf@sugarbit.com> (permalink)
References <vprpii$1qo1r$1@news.usenet.ovh>
MIME-Version 1.0
Content-Type text/plain
Injection-Date Fri, 28 Feb 2025 16:08:05 +0100 (CET)
Injection-Info dont-email.me; posting-host="1f59ed5cd5706270b74ed0f196d217a2"; logging-data="3912441"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19Yz9EsFVlXUQs2C1arIbOm2YbI/IeJaWo="
User-Agent Gnus/5.13 (Gnus v5.13)
Cancel-Lock sha1:1y/rttJ4hzKBYy5UnIxE97hZptg= sha1:s53t9LVPaRfgW3qAo4rQSng92dg=
Xref csiph.com alt.os.linux:81071

Show key headers only | View raw


From the link:

"the file is intended to run explicitly by the victim on their Linux
machine."

It must also be run as root. Therefor this malware is not by itself a
vulnerability: obviously any program you run as root can do anything.
This thing is just a payload for an attack.  The actual vulnerability,
if any, is the method by which the user is induced to run the thing as
root.
-- 
John Hasler 
john@sugarbit.com
Dancing Horse Hill
Elmwood, WI USA

Back to alt.os.linux | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

What do you make of this reported Linux back door? Hank <hankrobins@notspam.uk> - 2025-02-28 08:45 +0100
  Re: What do you make of this reported Linux back door? "Carlos E.R." <robin_listas@es.invalid> - 2025-02-28 13:06 +0100
    Re: What do you make of this reported Linux back door? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-02 00:38 +0000
  Re: What do you make of this reported Linux back door? John Hasler <john@sugarbit.com> - 2025-02-28 08:09 -0600
  Re: What do you make of this reported Linux back door? "J.O. Aho" <user@example.net> - 2025-02-28 18:00 +0100
    Re: What do you make of this reported Linux back door? Adrian Caspersz <email@here.invalid> - 2025-03-04 18:29 +0000
      Re: What do you make of this reported Linux back door? "J.O. Aho" <user@example.net> - 2025-03-04 22:51 +0100
        Re: What do you make of this reported Linux back door? "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 00:05 +0100

csiph-web