Luckily I sit right next to my home server and can hear when the fans kick in under load. The absence of noise tells me I don’t have thus problem :)
Can’t be infected if I keep wiping my partition for a new shiny distro
Your install USB is infected by a rookit and reinstalls itself on connect.
Jokes on you, the rootkit is likely my own and I just forgot about it.
It’s tough being an ADHD Hacker
Sounds like it should at least be noticeable if you monitor resource usage?
Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.
Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)
Not quite the monitoring I’m talking about though.
Basically, it seems like this would be a nightmare for a home user to detect, but a company is probably gonna pick up on this quite quickly with snmp monitoring (unless it somehow does something to that).
No mention of transmission methods as far as I understand the article
They have an “attack flow” diagram that seems to indicate a hacker installing it directly through a known vulnerability.
Seeing the diagram, it only attacks servers with misconfigured rocketMQ or CVE-2023-33426, which is already patched. Am I understanding this correctly?
It probably has a large database of exploits it can use. The article claims 20k, but this seems to high for me.
Thousands!? Shit. That’s like all of them!
Millions of systems shut down by dumb microsoft os.
