Tuesday 9 December 2014

"Turla Linux Malware" - Researchers discover espionage virus for Linux


Researchers from the Russian anti-virus firm Kaspersky Lab have discovered a spy virus for Linux that may go unnoticed for years, although for the latter is no proof yet. It is a variant of the Turla malware, also known as Snake or Urburos which all other known specimens have been developed only for Windows.

The researchers knew that there are Linux versions of Turla existed but had never yet found in the "wild" so far. Turla according to Kaspersky Lab is one of the most sophisticated espionage campaigns ever discovered . Among others, the Belgian Ministry of Foreign Affairs would have become the victim of the campaign. The now discovered Turla variant supports Linux so that there can be infected with more systems attacked organizations.

"We suspect that this part years was active in an organization attacked, but have no concrete evidence to prove it," said Costin Raiu of Kaspersky Lab. Through the malware an attacker can communicate with infected systems and execute arbitrary code. Thereby Turla do not need elevated privileges. Also, the malware can not be found via netstat, a tool that system administrators use to get an overview of open network connections.

"It uses techniques that do not require root access, so it can move freely on the system of a victim. Even if it's a regular limited user launches can continue to intercept the incoming packets and execute commands on the system," says Raiu . He notes that the Linux malware especially in other public source code is based, in which the attackers a number of things have been added. How the malware spreads exactly is not reported.

No comments:

Post a Comment