You are not logged in.
- Topics: Active | Unanswered
#1 2022-06-11 11:05:05
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Linux malware - possibly undetectable?
Hello:
Found this early today.
---
Symbiote Linux malware spotted, and infections are 'very hard to detect'
'Performing live forensics on an infected machine may not turn anything up' warn researchers
---
https://forums.theregister.com/forum/al … x_malware/
Anyone know about this?
Best,
A.
Offline
#2 2022-06-11 11:08:32
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Linux malware - possibly undetectable?
There are some markers for it:
https://blogs.blackberry.com/en/2022/06 … nux-threat
^ See the "Indicators of Compromise (IoCs)" section for details.
Anyway this is aimed at banks and suchlike so I don't think desktop users have to worry too much.
Brianna Ghey — Rest In Power
Offline
#3 2022-06-25 18:37:38
- czeekaj
- Member
- Registered: 2019-06-12
- Posts: 154
Re: Linux malware - possibly undetectable?
Right,
I wonder if checking your sockets could detect it. I think you are pretty save.
netstat -ao | less check your sockets in recovery and in full user mode.
Look for anything abnormal. It's good to get familiar with what your system sockets look like. dbus is pretty busy. If you can minimize sockets you minimize attack surface.
Most of the targeted libs are apache or java related. Minimalism is a good bet.
Again though a lot of linux vulnerabilities seem to happen early during boot process or in between system upgrades I imagine is when they are the most vulnerable. I am only guessing though that's when you are dealing with root kit level stuff.
Only way to get persistence as well I imagine.
Offline
