it certainly did came via our software update, because there is nothing mentioned and are you sure it was called "y" and not just asked you to confirm something? I'm not aware of any rootkit floating around which put Linux in danger, unless the gnome extension thing
what is this ? (esoteric hacking ???)
Girtablulu I think you meant to say "It certainly did not come via our software update."
Nothing in the eopkg history indicates foul play. So unless @dschinn1001 actual has proof of this, I have to either assume that their machine is compromised in ways outside of our actions or that they mistook something else for a malware attack.
There was no extra window - asking for confirmation - by y ?! y was only shortly visible during backup of /home - folder. It was while I was offline. During backup y dissolved into air. I asked around and a prof said, that y is like a rootkit which can only succeed, when BIOS is given (because BIOS has reservated address-space for "y-noobs" ... ). Nah, it seems fortunately not to be dramatic.
What are you using for backuping? Are you sure that this wasn't a window triggered by the backup tool? Do you need to trigger this backup tool with sudo?
Seems like you misunderstood some prompt or something. At least that's the most likely explanation. The whole "y-rootkit" story seems a bit far-fetched.
DataDrake My 15 minutes of reading was eye-opening only because I didn't know about this stuff.
Bios malware on the linux end very rare and bios rk's very rare. Not impossible. I'm reading in extreme cases they can originate from bluetooth and wifi (source: stackexchange) but mostly from stuff you download. Security experts (heimdal) say even if a linux machine did get one it would be unlikely to get in "ring one" or "ring zero" of kernel. Fascinating stuff but chances unlikely. My 15 minutes of reading led me down that weird path. If dschinn did install and accidentally execute the root it--and he had no bios---it would hang out on the OS because it had nowhere to go. Without a mission it would be benign?
Sorry I told you interesting reading.
It is my belief after switching to linux/solus, that users make themselves vulnerable, not curators.
- Edited
brent That's pretty much true in the Windows world also. Careless browsing/downloading are the main vectors of transmission, followed by unsecured services. Not that Windows doesn't have more widely known vulnerabilities because it's mainstream...and a massive kludge of legacy 'stuff'.
I did not use a backup tool or similiar. It was just nautilus - offline - as root. Normally I would do backup with rsync in terminal - but then I probably would not have seen y shortly popping up.