[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New rootkit targetting Debian squeeze (amd64 only)

On Fri, Nov 23, 2012 at 12:31 AM, Mike Mestnik
<cheako+debian-security@mikemestnik.net> wrote:
> On 11/22/12 11:33, Laurentiu Pancescu wrote:
>> More likely: a vulnerability in their web service (some form of
>> execution of attacker-provided code), combined with a local privilege
>> elevation exploit (the Linux kernel had quite many such bugs, some are
>> probably yet undiscovered).  I find it interesting that the rootkit was
>> written or customized specifically for squeeze.

I think this was a test of greater things to come.  I would assume
(mostly because to me it's ignorant not to assume this) that the
author of the malware might have built it to target his preferred OS
first and then would have expanded it later.  It's much easier to
build small and then work to greater things then to build big and
possibly fail.

Reply to: