• Pantsofmagic
      link
      fedilink
      English
      103 months ago

      That’s how some people found it, but it would disappear when someone would login to investigate.

      • @[email protected]
        link
        fedilink
        English
        93 months ago

        Sure, but it’s still fairly detectable when it’s on a server at least, as long as you have monitoring. Just a bitch to pinpoint and fix.

    • @[email protected]
      link
      fedilink
      English
      5
      edit-2
      3 months ago

      Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.

      Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)

      • @[email protected]
        link
        fedilink
        English
        33 months ago

        Not quite the monitoring I’m talking about though.

        Basically, it seems like this would be a nightmare for a home user to detect, but a company is probably gonna pick up on this quite quickly with snmp monitoring (unless it somehow does something to that).

    • @[email protected]
      link
      fedilink
      English
      4
      edit-2
      3 months ago

      Vulnerable to 20,000 misconfigurations, But thearted by 42 billion different simple checks that we all do anyway.

      5 minute load greater than 80% of the number of cores? That’s an alarm…