"nope, as far as known it doesn't..." <- It would be nice, if - once the reverse engineering has been completed - there could be some kind of final statement whether that is actually the case beyond any doubt. I.e.: - whether there was no home calling (like sending private keys or anything else), not even in special cases like FQDN is foo.example.org and system time is 2026 - whether there was any other attack vector than via `sshd` - whether there was no other form of infestation (like adding new users, keys to `authorized_keys`, disabling firewall rules) And this for **all** of the versions that were distributed. So basically, can people who had the compromised version, but - had `sshd` not running at all *and/or* - had it running only behind a firewall, NAT, or simiar - i.e. not publicly available to the internet be absolutely safe that they're not affected. (Some people have also asked whether `hosts.allow`/ `hosts.deny` would have been enough.)