Comment on Thousands of Linux systems infected by stealthy malware since 2021
nyan@lemmy.cafe 1 month agoIt’s kind of an iffy assertion. That’s maybe the number of files it scans looking for misconfigurations it can exploit, but I’d bet there’s a lot of overlap in the potential contents of those files (either because of cascading configurations, or because they’re looking for the same file in slightly different places to mitigate distro differences). So the number of possible exploits is likely far fewer.
Buffalox@lemmy.world 1 month ago
So how did it get into the system to be able to scan configuration files?
nyan@lemmy.cafe 1 month ago
Separate remote code execution vulnerability in unupdated versions of RocketMQ, a Chinese-developed messaging/streaming server, in the case of the infection described in the article. It’s possible that there are a few other RCE vulns it can make use of, but 20000 of them seems unlikely.