@0nekoneko7@lemmy.world to Linux@lemmy.mlEnglish • 1 month agoKaspersky releases free tool that scans Linux for known threatswww.bleepingcomputer.comexternal-linkmessage-square75fedilinkarrow-up1106arrow-down163cross-posted to: news@lemmy.linuxuserspace.show
arrow-up143arrow-down1external-linkKaspersky releases free tool that scans Linux for known threatswww.bleepingcomputer.com@0nekoneko7@lemmy.world to Linux@lemmy.mlEnglish • 1 month agomessage-square75fedilinkcross-posted to: news@lemmy.linuxuserspace.show
minus-square@boredsquirrel@slrpnk.netlinkfedilink20•1 month agoI HIGHLY doubt that they would detect the XZ backdoor
minus-square@far_university1990@feddit.delinkfedilink2•29 days agoBöhmermann in freier Wildbahn gesichtet
minus-squarePossibly linuxlinkfedilinkEnglish4•edit-230 days agoEven if it did, what would you do? rm -rf /? XZ is part of the core system
minus-square@atzanteol@sh.itjust.workslinkfedilinkEnglish3•1 month agoWhy? It’s not hard. They typically hash files and look for hits against a database of known vulnerabilities.
minus-square@boredsquirrel@slrpnk.netlinkfedilink7•1 month agoYes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore. As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits
minus-square@atzanteol@sh.itjust.workslinkfedilinkEnglish2•30 days agoThe xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.
minus-square@boredsquirrel@slrpnk.netlinkfedilink1•30 days agoThis is obviously not about this known file. It is about “would this scanner detect a system package from the official repos opening an ssh connection”
minus-square@atzanteol@sh.itjust.workslinkfedilinkEnglish1•30 days agoSorry, I was responding to: I HIGHLY doubt that they would detect the XZ backdoor
minus-squarePossibly linuxlinkfedilinkEnglish2•edit-230 days agoThat doesn’t work against polymorphic malware I think the best way is to monitor calls and behavior. Doing that is a privacy nightmare
minus-square@atzanteol@sh.itjust.workslinkfedilinkEnglish1•30 days agoWho’s talking about polymorphic malware? We were talking about the xz backdoor.
I HIGHLY doubt that they would detect the XZ backdoor
Böhmermann in freier Wildbahn gesichtet
War auch überrascht
Even if it did, what would you do? rm -rf /?
XZ is part of the core system
Why? It’s not hard. They typically hash files and look for hits against a database of known vulnerabilities.
Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore.
As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits
The xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.
This is obviously not about this known file.
It is about “would this scanner detect a system package from the official repos opening an ssh connection”
Sorry, I was responding to:
That doesn’t work against polymorphic malware
I think the best way is to monitor calls and behavior. Doing that is a privacy nightmare
Who’s talking about polymorphic malware? We were talking about the xz backdoor.
Oh well in that case there is no chance