[PLUG] Linux Malware
Ben Koenig
techkoenig at protonmail.com
Sat Oct 5 18:18:34 UTC 2024
The version of the same article on Wired is just as bad. For some reason everyone forgot to cite their sources so here's the original researcher post:
https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
I vaguely remember the whole Apache RocketMQ thing a while back. it's a very specific piece of software (written in java) that had a nasty exploit.
Honestly, I think some tech journalists were either bored or wanted to get a jump start on their October metrics because this is one of those Captain Obvious moments.
I'm reading this as a roundabout way of retroactively classifying the RocketMQ attack as a Zero Day. Meaning - the exploit was actually being used and we now have proof that any malicious code delivered via the (now patched) exploit may still be present on your system.
If you are running a server out on the open internet with Apache RocketMQ you may want to freak out. Otherwise something that affects you.
-Ben
On Saturday, October 5th, 2024 at 9:32 AM, Paul Heinlein <heinlein at madboa.com> wrote:
> On Fri, 4 Oct 2024, Russell Senior wrote:
>
> > Pet peeve: Dan Goodin's malware journalism is worthless, imho. It is
> > just worry-mongering with very rarely (never?) anything actionable.
> > Don't bother reading any of it, except to look for enough
> > identifying information to find a reputable analysis somewhere else.
>
>
> Not sure I'd go straight to "worthless," but it is often unnecessarily
> breathless.
>
> My pet peeve (which extends far past Ars Technica) is the announcement
> of a vulnerability without an examination of the risk-management
> variables. Re-announcing CVEs is a brainless task; putting them in an
> appropriate risk context is actual reporting and analysis.
>
> --
> Paul Heinlein
> heinlein at madboa.com
> 45°22'48" N, 122°35'36" W
More information about the PLUG
mailing list