Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] A new Linux back door
Date: Fri, 14 Aug 2020 12:27:20
Message-Id: 45b42a16-5f82-f18e-d00d-2b503cf1ce81@gmail.com
In Reply to: [gentoo-user] A new Linux back door by Peter Humphrey
1 Peter Humphrey wrote:
2 > I saw this today:
3 >
4 > https://linux.slashdot.org/story/20/08/13/174237/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers?
5 > utm_source=slashdot&utm_medium=twitter
6 >
7 > Has anyone any more info?
8 >
9
10
11 It seems to affect only older kernels, before 3.7.  So if you are above
12 that, which I would think most Gentoo users would at least be in the 4
13 range or higher, then you should be OK. I checked and the oldest kernel
14 version is 4.4 here.  That's for gentoo-sources.  Of course, one could
15 download the original kernel sources I guess. 
16
17 That said, I've read that some old servers that are rarely if ever
18 shutdown, may be running kernels that old or even older.  I'd think they
19 would be old systems but if they are servers with fast internet
20 connections, those would be a good target.  One would hope tho that they
21 are admin'ed by people who can notice the hack and correct it or have
22 other means to prevent it in the first place.
23
24 How does one know if they are hacked tho?  Is there a tool to run?  I'm
25 not worried about myself since I'd be a really bad target for it but
26 others might want to know. 
27
28 Dale
29
30 :-)  :-) 

Replies

Subject Author
Re: [gentoo-user] A new Linux back door "Spackman