Posted on 08/14/2020 12:16:42 PM PDT by Red Badger
he National Security Agency (NSA) and FBI have issued a warning against a new Linux malware dubbed Drovorub that is believed to have been developed by Russian military hackers.
According to a report based on data collected by the agencies, the Linux malware strain is the work of APT28, a notorious hacking group from military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS). The intention behind spreading the malware is espionage and stealing secrets from the public sector and IT companies. Drovorub Linux Malware
Drovorub Linux malware, as per the two agencies, consists of an implant, a file transfer tool, a kernel module rootkit, a command and control server, and a port forwarding module. The report mentions that the malware is highly stealthy and can manage to stay undetected in machines owing to advanced rootkit technologies deployed by hackers. The stealthy capabilities of Drovorub Linux malware make it easy for hackers to target different types of platforms, initiating attacks at any time.
The report describes the functioning of each component of the Linux malware that communicates with each other using JSON over WebSockets and the traffic is encrypted from the server module using the RSA algorithm.
How to stay safe from Drovorub Linux Malware?
The NSA and FBI have enlisted a few precautionary measures that could be used to stay safe from the new strain of Linux malware:
Keep all Linux systems updated to kernel version 3.7 or later. Systems must be configured to load modules with digital signatures. Enable the UEFI Secure Boot verification mechanism.
Linux ping!.............
In Russia, data steals from you...
so....this means what for my little Linux laptop that I use to read news and check email?
wouldn’t you have to download something that contained it first? (I don’t know much abotu how viruses work- or infect- )
Ping!...............
Your little Linux Laptop is spying on you for Russia!.............
Sometimes all you have to do is just go to a website and you’re infected........Or a e-mail from a friend or relative has it because they did..............
ok thanks-
Here’s a site that talks abotu how to ‘harden linux’ but it’s way above my capabilities- others might like to see it though?
Would be nice if we could run linux in a sandbox like environment, and delete the daily sessions every evening- I suppose virtualbox coudl do that- would have to look into that- how to get email in it- and not lose emails when session is deleted- (We’re very careful abotu our emails, but yup- others coudl send it- but we don’t open attachments unless we know it’s benign things like family photos or something)
I can’t even enjoy Linux anymore.
Nothing is sacred.
This is also a good way to get you to update your systems to the CIA kernel mod needed before election day. How would we know one way or the other?
Lunix Malware?
A lot of distros do a wretched job of keeping their kernel updated. For reference, kernel version 5.8 was just released. If you can, learn to build & install your own kernel.
tells me 5.4.0-42-generic on Kubuntu 20.04
The NSA and FBI have been explicit in their report that systems with a kernel version of 3.7 or lower are most susceptible to Drovorub malware due to the absence of adequate kernel signing enforcement.
Some tips here on McAfee website. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/on-drovorub-linux-kernel-security-best-practices/
That’s ok neither do most public health directors.
That’s way better than 3.7 !
It would have to be something that can escalate privs to root. In Linux, I don't know of any email programs that will auto-execute attachments. Attachments are generally saved with a filemask of 644 or 640, which will not execute natively.
Linux used to be a small almost unknown operating system, and not worth hacking into.
That’s all changed.
Go find a small unknown system and all will be good again.
I toyed with Linux off and on.
Suse was my favorite back when it was young.
Guess my DOS machine is safe...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.