Announcement

**StarterX4** · 04 May 2021, 09:28 AM

Uninstall that trash and install LibreOffice.

**Alexmitter** · 04 May 2021, 09:48 AM

Who still runs OpenOffice seemingly deserves that.

**Adarion** · 04 May 2021, 10:05 AM

I wonder who these 2.4 Million people (bots?) are that download AOO. AOO is quite dead. For a long time. They should really transfer naming rights to the TDF/LibO. And redirect to the website. There's no use in wasting engineering power and people still downloading an inferior product that is not really actively developed.
Sometimes multiple solutions are good to have an alternative, but those come from the same origin. Just one branch is totally withered now.

**david-nk** · 04 May 2021, 10:07 AM

Wait, the so-called "vulnerability" was that no warning dialog is displayed when clicking a link?
I hope there is more to this than what this article and the blog post state.

**andyprough** · 04 May 2021, 10:10 AM

Interesting that Phoronix will report on the OOo one-click exploit, but won't say a thing about the fact that researchers have found examples of systemd-daemon containing RotaJakiro backdoor malware over a period of several years.

One is a piece of software that almost no one has used in the past decade, the other is ubiquitous.

**fguerraz** · 04 May 2021, 10:18 AM

Originally posted by andyprough View Post

Interesting that Phoronix will report on the OOo one-click exploit, but won't say a thing about the fact that researchers have found examples of systemd-daemon containing RotaJakiro backdoor malware over a period of several years.

One is a piece of software that almost no one has used in the past decade, the other is ubiquitous.

lol you mean someone made a malware and called it systemd-something, therefore it's a problem with systemd?

I'm going to create a profile called andyprough-factual, and spread (more) conspiracies in your name, it will be your fault, right?

**Alexmitter** · 04 May 2021, 10:25 AM

Originally posted by andyprough View Post

Interesting that Phoronix will report on the OOo one-click exploit, but won't say a thing about the fact that researchers have found examples of systemd-daemon containing RotaJakiro backdoor malware over a period of several years.

One is a piece of software that almost no one has used in the past decade, the other is ubiquitous.

Not even is a systemd deamon, the binary was just named "systemd-deamon" to be less likely to be detected by layer 8 error containing system admins. Non of that code was ever in systemd, so no, your malware with the funny name is not part of this ubiquitous software.

"The association with systemd, a widely used system and session manager for Linux, may have been chosen by the malware authors to make the malicious code less likely to be noticed by administrators reviewing logs and process lists.""

Edit: it seems the anti-systemd movement as a whole drifts down into conspiracy land. I just yesterday learned that there are people who claim journald's binary log format is malware and that there is a NTP server included in the default setup is "calling home". Its not even funny anymore, its just sad.

**gigi** · 04 May 2021, 10:49 AM

2.4 million downloads

it must be our priority to educate all persons

**andyprough** · 04 May 2021, 10:52 AM

Originally posted by Alexmitter View Post

Not even is a systemd deamon, the binary was just named "systemd-deamon" to be less likely to be detected by layer 8 error containing system admins. Non of that code was ever in systemd, so no, your malware with the funny name is not part of this ubiquitous software.

Here are the known nasty md5's:

systemd-daemon	1d45cd2c1283f927940c099b8fab593b	0/61	2018-05-16 04:22:59
systemd-daemon	11ad1e9b74b144d564825d65d7fb37d6	0/58	2018-12-25 08:02:05
systemd-daemon	5c0f375e92f551e8f2321b141c15c48f	0/56	2020-05-08 05:50:06
gvfsd-helper	64f6cfe44ba08b0babdd3904233c4857	0/61	2021-01-18 13:13:19

RotaJakiro: A long live secret backdoor with 0 VT detection

https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/

Overview On March 25, 2021, 360 NETLAB's BotMon system flagged a suspiciousELF file (MD5=64f6cfe44ba08b0babdd3904233c4857) with 0 VT detection, the sample communicates with 4 domains on TCP 443 (HTTPS), but the traffic is not of TLS/SSL. A close look at the sample revealed it to be a backdoor targeting

Here's a command to check for them:
sudo find / \( -name "gvfsd-helper" -o -name "systemd-daemon" \) -exec md5sum {} \;

This Week In Security: Dan Kaminsky, Banned From Kernel Development, Ransomware, And The Pentagon’s IPv4 Addresses

https://hackaday.com/2021/04/30/this-week-in-security-dan-kaminsky-banned-from-kernel-development-ransomware-and-the-pentagons-ipv4-addresses/

This week we’re starting off with a somber note, as Dan Kaminsky passed at only 42, of diabetic ketoacidosis. Dan made a name for himself by noticing a weakness in DNS response verification t…

Time to get to checking, systemd fanboys. Some sysadmins are going to get paid overtime this week...

Announcement

Apache OpenOffice Vulnerable To One-Click Code Execution

Apache OpenOffice Vulnerable To One-Click Code Execution

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment