[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New rootkit targetting Debian squeeze (amd64 only)

On 11/23/12 06:14, Milan P. Stanic wrote:
> On Fri, 2012-11-23 at 02:22, Jordon Bedwell wrote:
>> On Fri, Nov 23, 2012 at 12:31 AM, Mike Mestnik
>> <cheako+debian-security@mikemestnik.net> wrote:
>>> On 11/22/12 11:33, Laurentiu Pancescu wrote:
>>>> More likely: a vulnerability in their web service (some form of
>>>> execution of attacker-provided code), combined with a local privilege
>>>> elevation exploit (the Linux kernel had quite many such bugs, some are
>>>> probably yet undiscovered).  I find it interesting that the rootkit was
>>>> written or customized specifically for squeeze.
>> I think this was a test of greater things to come.  I would assume
>> (mostly because to me it's ignorant not to assume this) that the
>> author of the malware might have built it to target his preferred OS
>> first and then would have expanded it later.  It's much easier to
>> build small and then work to greater things then to build big and
>> possibly fail.
> Two days passed and no one say anything about infection vector.
> Expect gibberish babble about Russian hackers.
> To me, it looks like some 'unknown entity' spread FUD about Linux and
> especially Debian.
This is a good point, can we even verify the original reporter doesn’t
have a vendetta against Russian hackers?  The real attack here could be
a political one, hence the shabby technical bits when compared to the
articles and postings.

Perhaps it's worth a Debian Weekly Sews Article to clear the air and
address any user concerns about these other articles.

Reply to: