Revisiting the malware on the remote server... It managed to tie into systemd with another copy of libudev.so. Very clever. Removal of said library, kill -STOP on the offending processes (SIGKILL would prompt a relaunching of an entirely new set of processes since they were being watchdogged), reinstallation of the kernel and systemd-devel and a reboot seems to have cleansed it. (yum reinstall \* in progress now) Thanks for the fun, China.

Revisiting the malware on the remote server…

It managed to tie into systemd with another copy of libudev.so. Very clever.

Removal of said library, kill -STOP on the offending processes (SIGKILL would prompt a relaunching of an entirely new set of processes since they were being watchdogged), reinstallation of the kernel and systemd-devel and a reboot seems to have cleansed it. (yum reinstall \* in progress now)

Thanks for the fun, China.

2017-08-29T08:55:06Z