Welcome to WebmasterWorld Guest from 3.81.28.94

Forum Moderators: bakedjake

Message Too Old, No Replies

Turla Virus Malware Aimed at Linux

non-root virus

     
4:37 pm on Dec 9, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3257
votes: 18


There has been discussion here in the past about the unlikelihood of a linux machine getting a virus.

A newly discovered implementation of Turla targets linux. It does not need to be installed as root and so far there is no apparent fix. General information at the link below - follow up on the second link and in searches for linux turla. (Remove [] from links.)

[threatpost.com...]

[news.softpedia.com...]

The virus seems to be targetted (mostly?) at govs and it's speculated a gov may have created it.

[edited by: engine at 4:57 pm (utc) on Dec 9, 2014]
[edit reason] Made links clickable [/edit]

5:24 pm on Dec 9, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2981
votes: 201


Not seen in the wild, but hard to detect so.....

Of course it still needs a vulnerability to actually infect anything.

The discussion on Reddit is the most informative thing I have found so far:

[reddit.com...]

[edited by: engine at 5:51 pm (utc) on Dec 9, 2014]
[edit reason] Made links clickable [/edit]

9:28 pm on Dec 9, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3257
votes: 18


Thanks for that, graeme. A bit wild but one of the first links gave a better understanding.

I used the suggested commands...
ss -f link -n -l -p
...and...
sudo ss -f link -n -l -p

...on all my machines but got absolutely nothing. Which in one way is odd, since two of the machines are mail servers and I would have expected something; but in another way is not odd since I have no idea what that command does anyway. It's completely new to me. :)

The concensus seems to be that we have nothing to fear, but I also sense that many of them had no idea what they were talking about so perhaps there is. :(
12:41 pm on Dec 11, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2981
votes: 201


"a bit wild" but useful is usual for Reddit.