Re: New rootkit targetting Debian squeeze (amd64 only)
On Fri, 2012-11-23 at 02:22, Jordon Bedwell wrote:
> On Fri, Nov 23, 2012 at 12:31 AM, Mike Mestnik
> <cheako+debian-security@mikemestnik.net> wrote:
> > On 11/22/12 11:33, Laurentiu Pancescu wrote:
> >> More likely: a vulnerability in their web service (some form of
> >> execution of attacker-provided code), combined with a local privilege
> >> elevation exploit (the Linux kernel had quite many such bugs, some are
> >> probably yet undiscovered). I find it interesting that the rootkit was
> >> written or customized specifically for squeeze.
>
> I think this was a test of greater things to come. I would assume
> (mostly because to me it's ignorant not to assume this) that the
> author of the malware might have built it to target his preferred OS
> first and then would have expanded it later. It's much easier to
> build small and then work to greater things then to build big and
> possibly fail.
Two days passed and no one say anything about infection vector.
Expect gibberish babble about Russian hackers.
To me, it looks like some 'unknown entity' spread FUD about Linux and
especially Debian.
--
Kind regards, Milan
Reply to: