Kernel.org has been infected for 17 days
Starting from August 12, there was a trojan on kernel.org servers that recorded passwords, user actions, provided root access and modified software on the server.
Only 17 days later, the trojan was discovered on the machine of one of the developers of the kernel H Peter Anvin. Next on the servers are kernel.org Hera and Odin1.
Files related to ssh (openssh, openssh-server and openssh-clients) have been modified, the Trojan downloader has been added to rc3.d.
')
The developers claim that all kernel files are signed by SHA-1, and it is impossible to replace them, but just in case they check further.
The trojan was detected by an error message in Xnest, on a machine that should not have the X Window. The developers are real professionals, they immediately guessed that this should not be.
Source The Register .
Only 17 days later, the trojan was discovered on the machine of one of the developers of the kernel H Peter Anvin. Next on the servers are kernel.org Hera and Odin1.
Files related to ssh (openssh, openssh-server and openssh-clients) have been modified, the Trojan downloader has been added to rc3.d.
')
The developers claim that all kernel files are signed by SHA-1, and it is impossible to replace them, but just in case they check further.
The trojan was detected by an error message in Xnest, on a machine that should not have the X Window. The developers are real professionals, they immediately guessed that this should not be.
Source The Register .
Source: https://habr.com/ru/post/127498/
All Articles