Sounds like it should at least be noticeable if you monitor resource usage?
That’s how some people found it, but it would disappear when someone would login to investigate.
Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.
Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)
No mention of transmission methods as far as I understand the article
The whole thing sounds fishy. Like it’s trying to convince people Linux is inherently vulnerable.
exploiting more than 20,000 common misconfigurations
Like WTF?
It’s kind of an iffy assertion. That’s maybe the number of files it scans looking for misconfigurations it can exploit, but I’d bet there’s a lot of overlap in the potential contents of those files (either because of cascading configurations, or because they’re looking for the same file in slightly different places to mitigate distro differences). So the number of possible exploits is likely far fewer.
maybe the number of files it scans looking for misconfigurations
So how did it get into the system to be able to scan configuration files?
Like it’s trying to convince people Linux is inherently vulnerable.
I’m typing this reply from a machine running KDE Plasma on top of Linux Mint 22.
I’m not sure what precisely what you mean by “inherently” but I’d like to point that “Linux” has security problems all over the place; the kernel has issues, the DEs have issues, the applications have issues. It’s more secure than Windows but that’s not a very high bar.
I’ve been using Linux since 2005, and I’ve heard all sorts of stories about Linux having “security problems”, and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.
The only exception I can recall is the zx util compression tool, which was detected before it was rolled out.
Zero day vulnerabilities have been non existent for 20 years to my knowledge.
Can’t be infected if I keep wiping my partition for a new shiny distro
Your install USB is infected by a rookit and reinstalls itself on connect.
This story reeks of FUD.
exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets,
Because a “common misconfiguration” will absolutely make your system vulnerable!?!
OK show just ONE!
This is FUD to either prevent people from using Linux, or simply a hoax to get attention, or maybe to make you think you need additional security software.
Unfortunately they are already in the market and making a mess: https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
Millions of systems shut down by dumb microsoft os.
