Suspicious large shared memory When Connecting to a Windows System
Bug #2024582 reported by
Vaishakh P
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| remmina (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
Hi,
Hi When I am Connecting to a Windows Server 2019 instance with my Ubuntu 22.04 LTS System gets infected with rootkit and the rkhunter log is showing suspicious large shared memory segments, we have reinstalled the system and removed the malware XOR DDOS and tried again but again the ubuntu system is affected, we are login using RDP to the Windows System. we have added Time based OTP to login and SSH.
Using Remmina 1.4.25
Using Desktop Environment KDE Plasma 5.24.7
Connecting to windows server 2019 Standard
Connecting Via RDP
FreeRDP Version 2.6.1
I am attaching the rkhunter log along with the mail.
Revision history for this message
| Vaishakh P (simpleubuntu) wrote | #1 |
| information type: | Private Security → Public Security |
| summary: |
- Rootkit installation When Connecting to a Windows System + Suspicious large shared memory When Connecting to a Windows System |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #2 |
| Changed in remmina (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in remmina (Ubuntu): | |
| status: | Incomplete → Expired |
To post a comment you must log in.
It's completely normal for programs to use shared memory segments. That's why they're there! :) rkhunter reports them because they're persistent like the filesystem but not really visible, unlike the filesystem. You have to know to look for them.
rkhunter is a tool for you to use as part of your investigation. I'm very skeptical of its value in general but you absolutely cannot just use its output as proof of anything nefarious.
Thanks