Linux Malware
Jasper St. Pierre
jstpierre at mecheye.net
Fri Nov 15 19:41:34 PST 2013
On Fri, Nov 15, 2013 at 6:10 PM, Stephen Reichow
<stephen.reichow at gmail.com>wrote:
> Hello, I have found some components of freedesktop.org are being abused
> in conjunction with a rootkit infection.
>
> http://www.freedesktop.org/wiki/Software/PolicyKit/PluggableArchitecture/
>
> The pluggable architecture is the SSH component of a malware rootkit on my
> computer, giving remote attackers access.
>
> Any help would be appreciated.
>
I don't think PolicyKit is at fault, here. If you have permissions to write
to /usr/lib, where the plugins are stored, you can do a lot of damage by
installing a replacement glibc, for instance.
Do you know how the infection started?
> Thank You -Steve
>
>
>
> _______________________________________________
> xdg mailing list
> xdg at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/xdg
>
>
--
Jasper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/xdg/attachments/20131115/a563f132/attachment.html>
More information about the xdg
mailing list