<![CDATA[Dev1 Galaxy Forum / Linux malware - possibly undetectable?]]> https://dev1galaxy.org/viewtopic.php?id=5074 Sat, 25 Jun 2022 18:37:38 +0000 FluxBB <![CDATA[Re: Linux malware - possibly undetectable?]]> https://dev1galaxy.org/viewtopic.php?pid=36426#p36426 Right,
I wonder if checking your sockets could detect it. I think you are pretty save. 

netstat -ao | less

  check your sockets in recovery and in full user mode.
Look for anything abnormal. It's good to get familiar with what your system sockets look like. dbus is pretty busy. If you can minimize sockets you minimize attack surface.
Most of the targeted libs are apache or java related. Minimalism is a good bet.
Again though a lot of linux vulnerabilities seem to happen early during boot process or in between system upgrades I imagine is when they are the most vulnerable. I am only guessing though that's when you are dealing with root kit level stuff.
Only way to get persistence as well I imagine.

]]> Sat, 25 Jun 2022 18:37:38 +0000 https://dev1galaxy.org/viewtopic.php?pid=36426#p36426 <![CDATA[Re: Linux malware - possibly undetectable?]]> https://dev1galaxy.org/viewtopic.php?pid=36260#p36260 There are some markers for it:

https://blogs.blackberry.com/en/2022/06 … nux-threat

^ See the "Indicators of Compromise (IoCs)" section for details.

Anyway this is aimed at banks and suchlike so I don't think desktop users have to worry too much.

]]> Sat, 11 Jun 2022 11:08:32 +0000 https://dev1galaxy.org/viewtopic.php?pid=36260#p36260 <![CDATA[Linux malware - possibly undetectable?]]> https://dev1galaxy.org/viewtopic.php?pid=36259#p36259 Hello:

Found this early today.

---
Symbiote Linux malware spotted, and infections are 'very hard to detect'
'Performing live forensics on an infected machine may not turn anything up' warn researchers
---

https://forums.theregister.com/forum/al … x_malware/

Anyone know about this?

Best,

A.

]]> Sat, 11 Jun 2022 11:05:05 +0000 https://dev1galaxy.org/viewtopic.php?pid=36259#p36259