Bug 13396

Summary:	Mirai Virus ?
Product:	uClibc	Reporter:	InfoLibre <david.vantyghem>
Component:	Other	Assignee:	unassigned
Status:	RESOLVED INVALID
Severity:	normal	CC:	buildroot, uclibc-cvs
Priority:	P5
Version:	unspecified
Target Milestone:	---
Hardware:	All
OS:	Linux
Host:		Target:
Build:

Description InfoLibre 2020-12-19 14:38:04 UTC

In https://www.uclibc.org/downloads/binaries/0.9.30.1/mini-native-x86_64.tar.bz2 , ldconfig could contain the Mirai virus ?
https://www.virustotal.com/gui/file/e3686c960bd29a830c81a5c0396638b73bb7949b3f707fe029d4fbbff9ebe1d4/detection

Comment 1 InfoLibre 2020-12-19 14:39:28 UTC

When this version is used, the same virus is then detected in Ventoy : https://github.com/ventoy/Ventoy/issues/660

Comment 2 Yann E. MORIN 2020-12-20 09:54:44 UTC

First, uClibc has had no activity since 2015. It's dead and has been replaced with uClibc-ng: https://uclibc-ng.org/. As such, any bug should probably reported there now.

Second, 2015 was before the disclosure of Mirai, and the ldconfig code had anyway not been touched since 2011.

Third, you are referencing a toolchain that was built in April 2009, more than 11 years ago now, so at least seven years before Mirai was discovered. I would wager that this definitely predates Mirai.

I would believe that this is a false positive.

Comment 3 InfoLibre 2020-12-20 10:14:07 UTC

Some of the 10 antivirus who detect a malware are saying it's Mirai virus but it could be another malware that is detected as Mirai malware.
The problem is that when you use ldconfig, your own software contains the same code after.