The Channel logo


By | Darren Pauli 9th December 2014 00:32

Linux software nasty slithers out of online watering holes

Windows-popping Trojan thought to be govt-built takes a bite from penguinistas

A malware instance built on the shoulders of a trojan so powerful it lead to the creation of the US Cyber Command has been updated with Linux-popping capabilities, Kaspersky researcher Kurt Baumgartner says.

The Turla advanced malware is thought to have employed its top notch stealth capabilities to remain hidden on some systems for up to four years, however those same traits meant much about its full capabilities and the extend of victims was unknown.

A suspected nation-state actor, thought by G-Data to be Russia, has in the past deployed the Windows variant to infect government embassies and military agencies along with pharmaceutical, education and research companies across some 45 countries.

According to Symantec attackers established watering holes - infected websites popular with victims - to gain a foothold in organisations from where research was conducted to identify and compromise the most valuable targets.

Baumgartner said newly-discovered Linux variant proved the attackers were diversifying.

"The newly discovered Turla sample is unusual in the fact that it's the first Turla sample targeting the Linux operating system that we have discovered," Baumgartner said in an advisory.

"We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet."

Baumgartner said the module written in C and C++ was hardened against reverse-engineering through the use of stripped symbol information and hidden network communications, adding it could not be discovered using Netstat.

It contained attack capabilities which did not require root privileges including arbitrary remote command execution, incoming packet interception and remote management.

Kaspersky Labs earlier suggested Turla, also known as Snake and was built on the capabilities of Agent.Biz, the worm that in 2008 ripped through the US Central Command in what was described by officials as the "worst breach of US military computers in history".

That attack and the subsequent 14-month clean up led to the creation of the US Cyber Command.

Agent.Biz was thought to have inspired other nasty malware creations including Flame and Guass. ®

comment icon Read 53 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe