Linux Malware

Jasper St. Pierre jstpierre at mecheye.net
Mon Nov 18 12:41:50 PST 2013


Who is "they"? I doubt somebody would use a package manager to install a
rootkit on your system. Are you sure what you're seeing is a rootkit? What
new PolicyKit modules do you have installed?


On Mon, Nov 18, 2013 at 3:23 PM, Stephen Reichow
<stephen.reichow at gmail.com>wrote:

> I believe they use zypper to extract tarballs to elevate the attack, (i.e.
> installing Gnome keyring architecture policy kit pluggin) using components
> from here:
>
> http://beefdrapes.partedmagic.com/source/
>
> and here
>
> http://beefdrapes.partedmagic.com/modules/non-free/
>
> these are being used to create a PXE "root jail" artificial internet
> environment
>
> (when dealing with open source, avoid "non-free," "restricted," and
> "backports.")
>
>
>
>
> On Sat, Nov 16, 2013 at 6:28 PM, Vincent Untz <vuntz at gnome.org> wrote:
>
>> Le samedi 16 novembre 2013, à 17:48 -0800, Stephen Reichow a écrit :
>> > I know the hackers step up infection (they install zypper in OpenSuse
>> for
>> > example.)
>>
>> Not sure what you meant here, but zypper is the default package manager
>> in openSUSE. It's like yum on Fedora or apt-get on Debian, and it's
>> obviously installed by default.
>>
>> Cheers,
>>
>> Vincent
>>
>> --
>> Les gens heureux ne sont pas pressés.
>> _______________________________________________
>> xdg mailing list
>> xdg at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/xdg
>>
>
>
> _______________________________________________
> xdg mailing list
> xdg at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/xdg
>
>


-- 
  Jasper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/xdg/attachments/20131118/892f85cb/attachment.html>


More information about the xdg mailing list