Gordon Messmer wrote:
Purely as trivia, and as I haven't seen it discussed elsewhere,
the
malware steals a different set of symbols on Fedora, where
RSA_public_decrypt doesn't seem to appear in the GOT at all.
This proves again that this is a very targeted attack that carefully
analyzed the individual targeted distributions, the distributions whose
packaging tools the build script attempts to detect were not just picked
because they are known to link OpenSSH to liblzma, but also individually
tested and targeted.
Kevin Kofler