Announcement

Collapse
No announcement yet.

Turla Trojan Unearthed on Linux

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Turla Trojan Unearthed on Linux

    Turla Trojan Unearthed on Linux

    Steve -

    Anything to this?
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    #2
    It's being over hyped. LWN has a good debunking of its supposed "stealthy" nature.

    Both Ars Technica and El Reg have now said it is ultra-stealthy. From what the Kaspersky report says, I don't think so: it runs as non-root and thus cannot stop even a simple ps from finding it. Its only 'stealthy' feature that I've heard of is to open a promiscuous socket using libpcap and only open a port when a particular set of packets with specific sequence numbers turn up: that's not very stealthy given that both ss and ip can show who opened that just fine.

    The other suspicious feature given is that its symbols are stripped! Oh no! /bin/ls on most distributions has stripped symbols too, does that mean that Linux distributors are distributing dangerous stealthy tools?!
    Also check the comments threads on the articles at The Register and Ars Technica. It takes a human doing something stupid to obtain the malware.

    Comment


      #3
      I guess then that it would only infect/affect seriously Linux systems that are natively ROOT open? Like Puppy? Then really not much of a story and yes based on poor setup and user lack of awareness and knowledge.

      Comment


        #4
        You're correct. Well maintained systems have nothing to fear from this.

        Comment

        Working...
        X