Technology

58685 readers

4041 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

181

Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)

submitted 1 week ago by misk@sopuli.xyz to c/technology@lemmy.world

35 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] nyan@lemmy.cafe 2 points 1 week ago (1 children)

It's kind of an iffy assertion. That's maybe the number of files it scans looking for misconfigurations it can exploit, but I'd bet there's a lot of overlap in the potential contents of those files (either because of cascading configurations, or because they're looking for the same file in slightly different places to mitigate distro differences). So the number of possible exploits is likely far fewer.

[–] Buffalox@lemmy.world 1 points 1 week ago* (last edited 1 week ago) (1 children)

maybe the number of files it scans looking for misconfigurations

So how did it get into the system to be able to scan configuration files?

[–] nyan@lemmy.cafe 4 points 1 week ago

Separate remote code execution vulnerability in unupdated versions of RocketMQ, a Chinese-developed messaging/streaming server, in the case of the infection described in the article. It's possible that there are a few other RCE vulns it can make use of, but 20000 of them seems unlikely.