A malware instance built on the shoulders of a trojan so powerful it lead to the creation of the US Cyber Command has been updated with Linux-popping capabilities, Kaspersky researcher Kurt Baumgartner says.
The Turla advanced malware is thought to have employed its top notch stealth capabilities to remain hidden on some systems for up to four years, however those same traits meant much about its full capabilities and the extend of victims was unknown.
More ReadingDirtbags dressed up malware as legit app using Sony crypto-certsThree WireLurker suspects arrested in China – reports'Older' WireLurker previously tried, failed to leap from Windows to iThingsVXer fighters get new stealth weapon in war of the (mal)waresNew fear: Worm that ransacked US military PCs was blueprint for spies' super-malware
A suspected nation-state actor, thought by G-Data to be Russia, has in the past deployed the Windows variant to infect government embassies and military agencies along with pharmaceutical, education and research companies across some 45 countries.
According to Symantec attackers established watering holes - infected websites popular with victims - to gain a foothold in organisations from where research was conducted to identify and compromise the most valuable targets.
Baumgartner said newly-discovered Linux variant proved the attackers were diversifying.
"The newly discovered Turla sample is unusual in the fact that it's the first Turla sample targeting the Linux operating system that we have discovered," Baumgartner said in an advisory.
"We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet."
Baumgartner said the module written in C and C++ was hardened against reverse-engineering through the use of stripped symbol information and hidden network communications, adding it could not be discovered using Netstat.
It contained attack capabilities which did not require root privileges including arbitrary remote command execution, incoming packet interception and remote management.
Kaspersky Labs earlier suggested Turla, also known as Snake and was built on the capabilities of Agent.Biz, the worm that in 2008 ripped through the US Central Command in what was described by officials as the "worst breach of US military computers in history".
That attack and the subsequent 14-month clean up led to the creation of the US Cyber Command.
Agent.Biz was thought to have inspired other nasty malware creations including Flame and Guass. ®