13396 – Mirai Virus ?

Bug 13396 - Mirai Virus ?

Summary: Mirai Virus ?

Status:	RESOLVED INVALID

Alias:	None

Product:	uClibc
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	All Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-19 14:38 UTC by InfoLibre
Modified:	2020-12-20 10:32 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description InfoLibre 2020-12-19 14:38:04 UTC

In https://www.uclibc.org/downloads/binaries/0.9.30.1/mini-native-x86_64.tar.bz2 , ldconfig could contain the Mirai virus ?
https://www.virustotal.com/gui/file/e3686c960bd29a830c81a5c0396638b73bb7949b3f707fe029d4fbbff9ebe1d4/detection

Comment 1 InfoLibre 2020-12-19 14:39:28 UTC

When this version is used, the same virus is then detected in Ventoy : https://github.com/ventoy/Ventoy/issues/660

Comment 2 Yann E. MORIN 2020-12-20 09:54:44 UTC

First, uClibc has had no activity since 2015. It's dead and has been replaced with uClibc-ng: https://uclibc-ng.org/. As such, any bug should probably reported there now.

Second, 2015 was before the disclosure of Mirai, and the ldconfig code had anyway not been touched since 2011.

Third, you are referencing a toolchain that was built in April 2009, more than 11 years ago now, so at least seven years before Mirai was discovered. I would wager that this definitely predates Mirai.

I would believe that this is a false positive.

Comment 3 InfoLibre 2020-12-20 10:14:07 UTC

Some of the 10 antivirus who detect a malware are saying it's Mirai virus but it could be another malware that is detected as Mirai malware.
The problem is that when you use ldconfig, your own software contains the same code after.