0nekoneko7@lemmy.world to Linux@lemmy.mlEnglish · 10 months agoKaspersky releases free tool that scans Linux for known threatswww.bleepingcomputer.comexternal-linkmessage-square82fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkKaspersky releases free tool that scans Linux for known threatswww.bleepingcomputer.com0nekoneko7@lemmy.world to Linux@lemmy.mlEnglish · 10 months agomessage-square82fedilink
minus-squareboredsquirrel@slrpnk.netlinkfedilinkarrow-up0·10 months agoI HIGHLY doubt that they would detect the XZ backdoor
minus-squareatzanteol@sh.itjust.workslinkfedilinkEnglisharrow-up0·10 months agoWhy? It’s not hard. They typically hash files and look for hits against a database of known vulnerabilities.
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up0·edit-210 months agoThat doesn’t work against polymorphic malware I think the best way is to monitor calls and behavior. Doing that is a privacy nightmare
minus-squareatzanteol@sh.itjust.workslinkfedilinkEnglisharrow-up0·10 months agoWho’s talking about polymorphic malware? We were talking about the xz backdoor.
minus-squareboredsquirrel@slrpnk.netlinkfedilinkarrow-up0·10 months agoYes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore. As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits
minus-squareatzanteol@sh.itjust.workslinkfedilinkEnglisharrow-up0·10 months agoThe xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.
minus-squareboredsquirrel@slrpnk.netlinkfedilinkarrow-up0·10 months agoThis is obviously not about this known file. It is about “would this scanner detect a system package from the official repos opening an ssh connection”
minus-squarefar_university1990@feddit.delinkfedilinkarrow-up0·10 months agoBöhmermann in freier Wildbahn gesichtet
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up0·10 months agoEven if it did, what would you do? rm -rf /?
I HIGHLY doubt that they would detect the XZ backdoor
Why? It’s not hard. They typically hash files and look for hits against a database of known vulnerabilities.
That doesn’t work against polymorphic malware
I think the best way is to monitor calls and behavior. Doing that is a privacy nightmare
Who’s talking about polymorphic malware? We were talking about the xz backdoor.
Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore.
As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits
The xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.
This is obviously not about this known file.
It is about “would this scanner detect a system package from the official repos opening an ssh connection”
Böhmermann in freier Wildbahn gesichtet
Even if it did, what would you do? rm -rf /?