Can we vague that up a little?
It seems the drweb.com link is slashdotted ElReg-ed, so can someone expand on "network devices running Linux"?
Are these desktops? IoT? Raspberry Pis? Routers running OpenWRT?
Several thousand Linux devices have been infected with a new Linux-based trojan, Russian security software firm Doctor Web warns. The Linux-Proxy-10 Trojan infects network devices running Linux, turning them into a platform for cybercrime that allows crooks to remain anonymous online. Black hats run freeware code called the …
This post has been deleted by its author
>OpenWRTis unlikely to have been compromised or if it had it been patched allready
Haven't seen even a non base package updated in nearly a year at least on Barrier Breaker (last update for that sieve OpenSSL) so guessing not. There are unofficial patches for dirty cow but since BB runs most things as root anyway privileged escalation is not a huge deal.
Edit: Damn it all another open source project has forked on me with being the last to get memo (PC-BSD to TrueOS only (granted that one mostly a branding change, but having two separate websites with the explanation why buried deep sucks), Cyanogenmod to LinageOS and now OpenWRT to LEDE).
All the more reason to at the bare minimum block all traffic to and from hosts on the emerging threats list (https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt). The list isn't all that big and with ipset it hardly requires any resources on the router. Might not stop this (too lazy to research) but usually stops the most obvious and obnoxious threats at least.
yet another reminder to change the default passwords on intarweb-connected things.
I haven't allowed a dictionary-based sshd attack for some time. I'd expect admin:admin pi:pi pi:raspberry and a few others to be in that list.
and, unfortunately, you can't seem to educate people fast enough before they get cracked.
So how many infections can the average (for some value of average) "gadget" get before being overloaded with crap? I'd think that unless the new infection overwrote the old one, it wouldn't be too long before the device crashed. Which is maybe the plan by the manufacturers... device crashes, user buys new one.
“Inside lib/login_checker.php there is login_check() function which is used to check if user is logged, but it’s possible to bypass this function because it simply checks if $_COOKIE['username'] and $_COOKIE['isAdmin'] exist.”
Yet again demonstrating the dangers of using a browser to access your secure storage in the cloud.
El Reg reported that the LEDE fork was quite possibly merging back
http://www.theregister.co.uk/2016/12/23/openwrt_lede_merge/
There are more details in the mailing list archives in the thread "Talks between OpenWRT and LEDE"
https://lists.openwrt.org/pipermail/openwrt-devel/2016-December/thread.html