• @li10@feddit.uk
    link
    fedilink
    English
    142 months ago

    Sounds like it should at least be noticeable if you monitor resource usage?

    • Pantsofmagic
      link
      fedilink
      English
      102 months ago

      That’s how some people found it, but it would disappear when someone would login to investigate.

      • @li10@feddit.uk
        link
        fedilink
        English
        92 months ago

        Sure, but it’s still fairly detectable when it’s on a server at least, as long as you have monitoring. Just a bitch to pinpoint and fix.

    • @cron@feddit.org
      link
      fedilink
      English
      5
      edit-2
      2 months ago

      Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.

      Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)

      • @li10@feddit.uk
        link
        fedilink
        English
        42 months ago

        Not quite the monitoring I’m talking about though.

        Basically, it seems like this would be a nightmare for a home user to detect, but a company is probably gonna pick up on this quite quickly with snmp monitoring (unless it somehow does something to that).

    • @linearchaos@lemmy.world
      link
      fedilink
      English
      4
      edit-2
      2 months ago

      Vulnerable to 20,000 misconfigurations, But thearted by 42 billion different simple checks that we all do anyway.

      5 minute load greater than 80% of the number of cores? That’s an alarm…