Very nasty Linux backdoor with multiple components

- Kills & uninstalls AV: clamav, avast, avg, drweb, esets
- Very persistent
- Uses Gates malware
- Uses Brootkit
- Uses CVE-2016-5195 to get root
- Infects other systems from known_hosts, .bash_history

Sign in to participate in the conversation - because anarchy is much more fun with friends. is a small Mastodon instance for and by the Chaos community surrounding the Chaos Computer Club. We provide a small community space - Be excellent to each other, and have a look at what that means around here.
Follow @ordnung for low-traffic instance-related updates.
The primary instance languages are German and English.