• li10@feddit.uk
    link
    fedilink
    English
    arrow-up
    14
    ·
    2 months ago

    Sounds like it should at least be noticeable if you monitor resource usage?

    • cron@feddit.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      2 months ago

      Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.

      Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)

      • li10@feddit.uk
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        2 months ago

        Not quite the monitoring I’m talking about though.

        Basically, it seems like this would be a nightmare for a home user to detect, but a company is probably gonna pick up on this quite quickly with snmp monitoring (unless it somehow does something to that).

      • li10@feddit.uk
        link
        fedilink
        English
        arrow-up
        9
        ·
        2 months ago

        Sure, but it’s still fairly detectable when it’s on a server at least, as long as you have monitoring. Just a bitch to pinpoint and fix.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      2 months ago

      Vulnerable to 20,000 misconfigurations, But thearted by 42 billion different simple checks that we all do anyway.

      5 minute load greater than 80% of the number of cores? That’s an alarm…