Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Linux software nasty slithers out of online watering holes

  • Please log in to reply
1 reply to this topic

#1 JohnC_21


  • Members
  • 24,823 posts
  • Gender:Male
  • Local time:09:16 AM

Posted 09 December 2014 - 10:26 AM

Scary stuff. It almost like to have to use a live CD for everything to feel safe now.


A malware instance built on the shoulders of a trojan so powerful it lead to the creation of the US Cyber Command has been updated with Linux-popping capabilities, Kaspersky researcher Kurt Baumgartner says.

The Turla advanced malware is thought to have employed its top notch stealth capabilities to remain hidden on some systems for up to four years, however those same traits meant much about its full capabilities and the extend of victims was unknown.


A suspected nation-state actor, thought by G-Data to be Russia, has in the past deployed the Windows variant to infect government embassies and military agencies along with pharmaceutical, education and research companies across some 45 countries.

According to Symantec attackers established watering holes - infected websites popular with victims - to gain a foothold in organisations from where research was conducted to identify and compromise the most valuable targets.


Baumgartner said the module written in C and C++ was hardened against reverse-engineering through the use of stripped symbol information and hidden network communications, adding it could not be discovered using Netstat.

It contained attack capabilities which did not require root privileges including arbitrary remote command execution, incoming packet interception and remote management.





Edit: The comment section is interesting.

Edited by JohnC_21, 09 December 2014 - 10:31 AM.

BC AdBot (Login to Remove)


#2 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,834 posts
  • Gender:Male
  • Location: Australia
  • Local time:01:16 AM

Posted 09 December 2014 - 03:42 PM


The newly discovered Turla sample is unusual in the fact that it’s the first Turla sample targeting the Linux operating system that we have discovered. This newly found Turla component supports Linux for broader system support at victim sites. The attack tool takes us further into the set alongside the Snake rootkit and components first associated with this actor a couple years ago. We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet.

Epic Snake ‘Turla’ APT version targeting Linux machines



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users