Turla Virus Malware Aimed at Linux

Forum Moderators: bakedjake

Message Too Old, No Replies

Turla Virus Malware Aimed at Linux

non-root virus

dstiles

4:37 pm on Dec 9, 2014 (gmt 0)

There has been discussion here in the past about the unlikelihood of a linux machine getting a virus.

A newly discovered implementation of Turla targets linux. It does not need to be installed as root and so far there is no apparent fix. General information at the link below - follow up on the second link and in searches for linux turla. (Remove [] from links.)

[threatpost.com...]

[news.softpedia.com...]

The virus seems to be targetted (mostly?) at govs and it's speculated a gov may have created it.

[edited by: engine at 4:57 pm (utc) on Dec 9, 2014]
[edit reason] Made links clickable [/edit]

graeme_p

5:24 pm on Dec 9, 2014 (gmt 0)

Not seen in the wild, but hard to detect so.....

Of course it still needs a vulnerability to actually infect anything.

The discussion on Reddit is the most informative thing I have found so far:

[reddit.com...]

[edited by: engine at 5:51 pm (utc) on Dec 9, 2014]
[edit reason] Made links clickable [/edit]

dstiles

9:28 pm on Dec 9, 2014 (gmt 0)

Thanks for that, graeme. A bit wild but one of the first links gave a better understanding.

I used the suggested commands...
ss -f link -n -l -p
...and...
sudo ss -f link -n -l -p

...on all my machines but got absolutely nothing. Which in one way is odd, since two of the machines are mail servers and I would have expected something; but in another way is not odd since I have no idea what that command does anyway. It's completely new to me. :)

The concensus seems to be that we have nothing to fear, but I also sense that many of them had no idea what they were talking about so perhaps there is. :(

graeme_p

12:41 pm on Dec 11, 2014 (gmt 0)

"a bit wild" but useful is usual for Reddit.