Packages: live, 5.0, cd, daedalus; Maintainer for live is (unknown); Maintainer for 5.0 is (unknown); Maintainer for cd is (unknown); Maintainer for daedalus is (unknown);
Reported by: Alter Kim <alter-kim@hotmail.com>
Date: Wed, 4 Sep 2024 09:47:16 UTC
Severity: normal
Done: Mark Hindley <mark@hindley.org.uk>
🔗 View this message in rfc822 format
X-Loop: owner@bugs.devuan.org
Subject: bug#858: Detection of ebury malware in debuan system
Reply-To: Alter Kim <alter-kim@hotmail.com>, 858@bugs.devuan.org
Resent-From: Alter Kim <alter-kim@hotmail.com>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: devuan-dev@lists.dyne.org
X-Loop: owner@bugs.devuan.org
Resent-Date: Wed, 04 Sep 2024 09:47:17 +0000
Resent-Message-ID: <handler.858.B.172544311127351@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: report 858
X-Devuan-PR-Package: daedalus 5.0 live cd
X-Devuan-PR-Keywords:
Received: via spool by submit@bugs.devuan.org id=B.172544311127351
(code B); Wed, 04 Sep 2024 09:47:17 +0000
Received: (at submit) by bugs.devuan.org; 4 Sep 2024 09:45:11 +0000
Delivered-To: bugs@devuan.org
Received: from email.devuan.org [2a01:4f9:fff1:13::5fd9:f9e4]
by doc.devuan.org with IMAP (fetchmail-6.4.16)
for <debbugs@localhost> (single-drop); Wed, 04 Sep 2024 09:45:11 +0000 (UTC)
Received: from email.devuan.org
by email.devuan.org with LMTP
id JRbzBA0s2GYUOwAAmSBk0A
(envelope-from <alter-kim@hotmail.com>)
for <bugs@devuan.org>; Wed, 04 Sep 2024 09:44:45 +0000
Received: by email.devuan.org (Postfix, from userid 109)
id CABAA5AA; Wed, 4 Sep 2024 09:44:44 +0000 (UTC)
Authentication-Results: email.devuan.org;
dkim=pass (2048-bit key; unprotected) header.d=hotmail.com header.i=@hotmail.com header.a=rsa-sha256 header.s=selector1 header.b=d1EN4wNr;
dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: *
X-Spam-Status: No, score=1.4 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
FORGED_HOTMAIL_RCVD2,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H2,
SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=40.92.19.72; helo=nam11-dm6-obe.outbound.protection.outlook.com; envelope-from=alter-kim@hotmail.com; receiver=<UNKNOWN>
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11olkn2072.outbound.protection.outlook.com [40.92.19.72])
by email.devuan.org (Postfix) with ESMTPS id 78912189
for <submit@bugs.devuan.org>; Wed, 4 Sep 2024 09:44:41 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=ygP5fd6MnB7020yUKgCtVWGnMihRxp2/NPlYsARVRfBJQr+63qiaosKM+ac/4Rjabhl6RMv6sLGe3BckID201rFYScxY2agzbhRSRwTb0XLsOs4+Z5bafclpZkuzmXcRdnoARtDUd/AWyQ39VMGHYJCzknrb8jlfJKMK7D/+smCu46+5bi16lP8ZOuthRHVhbKjIcInjhKf79KlkmxbNNpndEAgEWdiUu4xXVO4cHqPjRzOikUMMxdm+SkNIpXNHYSSlQahxAtBot90r6XpYMnaCrtB8CU31aES2i+va651ZB1ymiQF6CfTReXu+tWC5q6geuh0iXzx3eaLgSs1ZwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=jB1a8eBv7LffVkMEJG9h/WgQCTy/khIPNYnEUmuRPbo=;
b=w7jL9RXCGFPkgW4IxHTruPY8A2DfxXFMDmztegRXXA/qDFwLh7IEW4XXbyKVotM8g0C4Nkp9Dpn5JRDRCWUfoMfIH/5yC7Dq2zJYK7I/PC5Y+6EsAGjVCK5/eajoGAU0sgH3D9IalQXjaGAv9tRsYyLE9slDUU9qDQa/o0TnBfkCW0Fc53YK37F61awU05kKTm+eQ0CNBHN+F0NHMzb6TtqrykLot125UP5WHQ8p4Q+P3ODhfoYnEbrvoPu+IdkRsstGIS+mvYSZWjgiCWv1C+iq39qXzFxlekt0Vo3M4vunbOHndSQNZUpQGg50u+naf7qsFqYeakX8pA0Etjmqgg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=jB1a8eBv7LffVkMEJG9h/WgQCTy/khIPNYnEUmuRPbo=;
b=d1EN4wNrymSlRJeo4PFozvU90JH94TyXCka2gHtwMiIAZ4BffuCw/Dp5PR0BrGJSCiBsYatiGiffBjmdoZJZv5K36gGlhLGxC5hhNUSXM2FNWzoyshYUQdiRyyzRAwpPw1ugoSP5h5jW4VVgK5GJpdJPYvhcPStu+dKL3+p/WeeKmT8o7YSy71TKwzO17JebR6gpBknN9qbkuMI2ZN7cdrQAjN+XIuOqa5Ixz78hyW3jF2WFTuGVAR1JKmsaUBMSrQIkbW/WKrp30T77xN87FeJmnNFFDh1Nm1EM1Q3gZqbM4Y6t0nu4SbU/5MEdx4kT27eZCmkvhnsqHQ2TH03QdQ==
Received: from MW5PR84MB2250.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:303:1c8::13)
by SJ0PR84MB1845.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:a03:433::19) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.24; Wed, 4 Sep
2024 09:44:37 +0000
Received: from MW5PR84MB2250.NAMPRD84.PROD.OUTLOOK.COM
([fe80::6304:fef3:84d9:3079]) by MW5PR84MB2250.NAMPRD84.PROD.OUTLOOK.COM
([fe80::6304:fef3:84d9:3079%3]) with mapi id 15.20.7918.024; Wed, 4 Sep 2024
09:44:37 +0000
From: Alter Kim <alter-kim@hotmail.com>
To: "submit@bugs.devuan.org" <submit@bugs.devuan.org>
Thread-Topic: Detection of ebury malware in debuan system
Thread-Index: AQHa/qoc/btpJq/b8kmQFBt7nz5j9g==
Date: Wed, 4 Sep 2024 09:44:36 +0000
Message-ID:
<MW5PR84MB225042878AAF32BCAA315B2FE39C2@MW5PR84MB2250.NAMPRD84.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels:
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [BP7Mb3Fd387OVxjlNXYs3xoNDV8Co5G/]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW5PR84MB2250:EE_|SJ0PR84MB1845:EE_
x-ms-office365-filtering-correlation-id: 71274f9e-1e01-4489-67e6-08dcccc63083
x-microsoft-antispam:
BCL:0;ARA:14566002|15030799003|6092099012|15080799006|19110799003|8060799006|12050799009|461199028|9400799024|1602099012|3412199025|440099028|4302099013|3430499032|102099032;
x-microsoft-antispam-message-info:
gje7th/vGSr5/uePlUTTPBErv6c1XdRGkhezm9iktn4GsWguU9DCGmLQ3TVoAZTXYPI103sawxRHZOnyyqCeTJhIu49KWJZ/Aqc5kbneucWHulggqVWeWVNS48UORpka8aSZeADBxSU+IzGGPsv0NkCmUouHYOc4a8l14AL+E5nBx9rrFpOlAlnc+4JL55Q4ru5YXgwblJRJniia8fmrG0yvgLlfMczpNbAhw1xaWefz/TNcuzO1YF+YDHoy/7xAZhqTUGiZVGljxSHrm07ChKyogah5OZ5N2tZl5WXDA4ku0tMef1DArbAT5MbnlE916QMpY3FjeJS0fycfTSQ1F0XiQ2TCAo4QPM6jR0Kpr7BLAbn5qmTHBxqt0LbrQTMZ2sQIiwWdxWAadG/2awT/KCaylWCJAcUp2czhVsI+KLmqX6VtB/QeHrHOJbPBPKtEExicPXKr/ldXriLZcfWExpiyE0SYk3lK0TN5Rnee0C/yX0omhbutcWjZbnB8jD8CcUOANlNSMQ/DwEZdbUnWKOAEKNKb8pcdpB7bMkqO5M/NvTvuX3/Dd5//Fd3xm4igjj0q7QQkvYOYp+pycEJ2E11cabCC49utEspS7+QhteheRaP0DtOTNoVG3At/OEMP4N9H5CwK3iQMOV1gLoI/R+o3CllKqdy0YIjVHRNVsgFzNP6fvACI3z5KeoxcFmrX/2p54IDC0G8yoIorbx7vV/i4FZqKgpIOmdNqGCpzD7eRr2Iejils7HZtE8bTOdfoPBfEoxi7BxvolgkOEWvSvMX3zpWeZ/gDrM+X8nLMwJWeQjIQ0GIk43/t+BM3NH1MbdNlVaGmy9JCRQPg8O/glS6q0T0eDeMJjsBO8Edf5K2vm4dMZISPMZsumk/zCMXAp5j+Zgq8NekYwsUy7WpzRNaoHPxQCcgBLxKeZfkPUNY=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
OwZ/WLDxG1Iv6NEHJ93OOsP0D7qcHeh5k1ly+1oRRZA4iYmM8tg0qlKYdZ9SNpjpEsGrg/HK0xqBHhGTHDmkB7AWcU4lw4vt2c3IrQWSxOrXW3NXo2MgOkW7gK9E0eiQcsU8pBaBqBnNbY2cPyU2TX9Ez6G2yDpKdkiQXM9Q4SbC+T94Oe3dZZ4DVNRH0tcpVWMUovdNtNt/nsne6orBwUn50k18SD2/vpLvL/O/V+9dAmnF1Rzaq7wMf7snsHsZk+U6eDzU0qPniG9LMXR3jzbZB4YtlcqIgsfJY6B99jimLAn4wgD/3/goeVejrUj0keOkveZsXqRVyndsXPvNE240LWPgLEly1/ONWMmf7YmRLwFH/ctxiT8QhKVfNRiJBW1/V5x7XjqaUtW05L/wqiErE+TWtzoBqGKgaytRRmcRfxH1kZQcAMkhCp+L5llPdp9LU7zc9h+X/Pe81JR8VAOhNHnKqm61W+RgjKaI3Lmc9Ce/sLTeqhBhSLXpYKtzCnNnA5LNem8jiqvSLFrC9DuZiM4hXDvmkuxFy/2jjqfwp8E6Qr9tmyVqAOJFvUMKTj2L/QgHaoV3LFZ3tUwuLy//Ik4xwtAhHOiJL0eJmJoUH8kJSbPa0KExFHsCXbRdSu0y2zGmxOOYrbxbnZm1LAt01YVHAsPmpuj5hPZoYjBxo+Qq8rN3wjHALD5vQp/b5xWzXBn0K4fnQfE1NZz/4DFPdI9B6Ry2CMDeX2LuJCIkJTD8pobrKqfM6Y+vybJT/7vMC2euCQw/eC/o7loYvazXNKjAC19VTAoTUJiG9v1Serx6yVZGi7mP/qSqTfJNarZeEAvbxXBIOE9bKarf+/Q6ka6VN67MSSKSi/lP512EuSXxS/ZFbr6dojw0k3nRrniITIXwd1w86Yiu3IuUIo0ccFa3Y7mhK6Hi6HNaiIQQ0+tpxVsRNFlMZ2IOyYVh7kKUr6ILn1O9A7WHlyJXg1BXSQvaXVXVEy2yvXKyuCV1+8no4UkV0TNj/jE8n1nfTlaRWeo/7eiMgWLe0/JupKSk3VrdM7MTvr6M8iJhCJ3OG6woW2GYwnJV7EFqiFE396mxJDlrP8NPINAInDli8e3jUkScOdwIkEHZbMGB3yFgVUaKOanie5K7HBtc+WCWgyk5Cz3yHKZ9lJU311s2zjcHHXivrPQzYPu3Q5wAI11qHp47j/WbzILXcB4HjKeubP96f40nf19G95Hlrrn8sg==
Content-Type: multipart/mixed;
boundary="_006_MW5PR84MB225042878AAF32BCAA315B2FE39C2MW5PR84MB2250NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7741-18-msonline-outlook-a58aa.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW5PR84MB2250.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 71274f9e-1e01-4489-67e6-08dcccc63083
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2024 09:44:36.8729
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR84MB1845
[Message part 1 (text/plain, inline)]
[Message part 2 (text/html, inline)]
[Test_version-1.png (image/png, attachment)]
[Test_2.png (image/png, attachment)]
[Test_3.png (image/png, attachment)]
Send a report that this bug log contains spam.
Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified:
Thu Sep 19 23:47:19 2024;
