Linux Malware

Simon McVittie simon.mcvittie at collabora.co.uk
Tue Nov 19 05:33:01 PST 2013


On 18/11/13 20:41, Jasper St. Pierre wrote:
> Who is "they"? I doubt somebody would use a package manager to install a
> rootkit on your system. Are you sure what you're seeing is a rootkit?
> What new PolicyKit modules do you have installed?

If a rootkit that already has the ability to execute arbitrary code as
root is really installing all that stuff, then the standard of rootkits'
undetectability is really slipping.

Possibly-faulty analogy: if most malware is like someone on foot
breaking into your house and stealing your stuff, and you're saying this
malware uses zypper, polkit etc., then that's like someone breaking into
your house and building a helipad on the roof so they can use a
helicopter to steal your stuff... and the people on this list are the
very confused helicopter manufacturers, who can't work out why anyone
would do that. :-)

    S



More information about the xdg mailing list