Nice thing about this backdoor is that it hooks into kernel functions so that its processes, file and network connections are never reported by kernel to userland tools making it invisible for the administrator.
It’s a rootkit. A massive nightmare to diagnose and even harder to fix (or, at least to make sure that all traces of it is gone from your system). The reason for this is that it violates the OS’s “root of trust”, so now everything is untrustworthy.
Things like this is also why I think we should be moving to microkernels. Not to say that rootkits are impossible with those, but the attack surface is much smaller because the vast majority of traditional kernel things, like drivers, would be running in userland. It would also be much harder to compromise the whole system because most things are in userland, and also hard to keep the attack hidden from the IT staff.
that sounds scary.
I am surprised someone would install powershell to a Linux server🙄…
No kidding. It’s like putting a bumper sticker on a Ferrari.
That part really does stand out… though it sounds like the virus itself makes a way for itself to use PowerShell, not that it has to be already installed?
?
My vpn has given me an IP address that the site has banned! I wonder what precipitated that
Removed by mod