• brombek@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    Nice thing about this backdoor is that it hooks into kernel functions so that its processes, file and network connections are never reported by kernel to userland tools making it invisible for the administrator.

    • AgreeableLandscape@lemmy.mlM
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      3 years ago

      It’s a rootkit. A massive nightmare to diagnose and even harder to fix (or, at least to make sure that all traces of it is gone from your system). The reason for this is that it violates the OS’s “root of trust”, so now everything is untrustworthy.

      Things like this is also why I think we should be moving to microkernels. Not to say that rootkits are impossible with those, but the attack surface is much smaller because the vast majority of traditional kernel things, like drivers, would be running in userland. It would also be much harder to compromise the whole system because most things are in userland, and also hard to keep the attack hidden from the IT staff.