152

Thousands of Linux systems infected by stealthy malware since 2021(arstechnica.com)

posted
by
Avatar
misk@sopuli.xyz
in
Avatar
technology@lemmy.world
30 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
li10@feddit.uk
14 points

Sounds like it should at least be noticeable if you monitor resource usage?

permalink
report
reply
Avatar
Pantsofmagic@lemmy.world
10 points

That’s how some people found it, but it would disappear when someone would login to investigate.

permalink
report
parent
reply
Avatar
li10@feddit.uk
9 points

Sure, but it’s still fairly detectable when it’s on a server at least, as long as you have monitoring. Just a bitch to pinpoint and fix.

permalink
report
parent
reply
Avatar
linearchaos@lemmy.world
4 points
*

Vulnerable to 20,000 misconfigurations, But thearted by 42 billion different simple checks that we all do anyway.

5 minute load greater than 80% of the number of cores? That’s an alarm…

permalink
report
parent
reply
Avatar
cron@feddit.org
5 points
*

Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.

Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)

permalink
report
parent
reply
Avatar
li10@feddit.uk
3 points

Not quite the monitoring I’m talking about though.

Basically, it seems like this would be a nightmare for a home user to detect, but a company is probably gonna pick up on this quite quickly with snmp monitoring (unless it somehow does something to that).

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

Community stats

  • 18K

    Monthly active users

  • 5.2K

    Posts

  • 101K

    Comments

Community moderators