• @brombek
    link
    62 years ago

    Nice thing about this backdoor is that it hooks into kernel functions so that its processes, file and network connections are never reported by kernel to userland tools making it invisible for the administrator.

    • @AgreeableLandscapeM
      link
      7
      edit-2
      2 years ago

      It’s a rootkit. A massive nightmare to diagnose and even harder to fix (or, at least to make sure that all traces of it is gone from your system). The reason for this is that it violates the OS’s “root of trust”, so now everything is untrustworthy.

      Things like this is also why I think we should be moving to microkernels. Not to say that rootkits are impossible with those, but the attack surface is much smaller because the vast majority of traditional kernel things, like drivers, would be running in userland. It would also be much harder to compromise the whole system because most things are in userland, and also hard to keep the attack hidden from the IT staff.

    • @bc3114
      link
      32 years ago

      that sounds scary.

  • @grapemix
    link
    62 years ago

    I am surprised someone would install powershell to a Linux server🙄…

    • @const_void
      link
      42 years ago

      No kidding. It’s like putting a bumper sticker on a Ferrari.

    • @testingthis
      link
      12 years ago

      That part really does stand out… though it sounds like the virus itself makes a way for itself to use PowerShell, not that it has to be already installed?

  • @Lightbritelite
    link
    2
    edit-2
    2 years ago

    My vpn has given me an IP address that the site has banned! I wonder what precipitated that