it certainly did came via our software update, because there is nothing mentioned and are you sure it was called "y" and not just asked you to confirm something? I'm not aware of any rootkit floating around which put Linux in danger, unless the gnome extension thing

    Girtablulu I think you meant to say "It certainly did not come via our software update."

    Nothing in the eopkg history indicates foul play. So unless @dschinn1001 actual has proof of this, I have to either assume that their machine is compromised in ways outside of our actions or that they mistook something else for a malware attack.

      There was no extra window - asking for confirmation - by y ?! y was only shortly visible during backup of /home - folder. It was while I was offline. During backup y dissolved into air. I asked around and a prof said, that y is like a rootkit which can only succeed, when BIOS is given (because BIOS has reservated address-space for "y-noobs" ... ). Nah, it seems fortunately not to be dramatic.

      What are you using for backuping? Are you sure that this wasn't a window triggered by the backup tool? Do you need to trigger this backup tool with sudo?

      Seems like you misunderstood some prompt or something. At least that's the most likely explanation. The whole "y-rootkit" story seems a bit far-fetched.

        Staudey Not to mention that 15 minutes of google searching yielded no record of a rootkit of that name or a derivative existing.

            DataDrake My 15 minutes of reading was eye-opening only because I didn't know about this stuff.
            Bios malware on the linux end very rare and bios rk's very rare. Not impossible. I'm reading in extreme cases they can originate from bluetooth and wifi (source: stackexchange) but mostly from stuff you download. Security experts (heimdal) say even if a linux machine did get one it would be unlikely to get in "ring one" or "ring zero" of kernel. Fascinating stuff but chances unlikely. My 15 minutes of reading led me down that weird path. If dschinn did install and accidentally execute the root it--and he had no bios---it would hang out on the OS because it had nowhere to go. Without a mission it would be benign?
            Sorry I told you interesting reading.
            It is my belief after switching to linux/solus, that users make themselves vulnerable, not curators.

                brent That's pretty much true in the Windows world also. Careless browsing/downloading are the main vectors of transmission, followed by unsecured services. Not that Windows doesn't have more widely known vulnerabilities because it's mainstream...and a massive kludge of legacy 'stuff'.

                    dbarron Thanks for that affirmation. My light bulb went off when I found the [non-foss competitor's] operating system a bigger vulnerability than I found myself....🙂 You are right, it was choked up with gunk and bloat, and no real intentions that I found noble...

                      brent I wasn't trying to dismiss the existence of rootkits on Linux, just that if this report were accurate (1) it didn't come from us directly and (2) I would have expected to have found some record of the particular rootkit by name, somewhere on the internet.

                          DataDrake Oh no, I apologize to give you that impression. I re-read myself and did not quite word it right as I often blab on first take. I know that you know that stuff exists. Got quite immersed in my reading.

                            8 days later

                            I did not use a backup tool or similiar. It was just nautilus - offline - as root. Normally I would do backup with rsync in terminal - but then I probably would not have seen y shortly popping up.