Posted on 08/14/2020 12:16:42 PM PDT by Red Badger
he National Security Agency (NSA) and FBI have issued a warning against a new Linux malware dubbed “Drovorub” that is believed to have been developed by Russian military hackers.
According to a report based on data collected by the agencies, the Linux malware strain is the work of APT28, a notorious hacking group from military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS). The intention behind spreading the malware is espionage and stealing secrets from the public sector and IT companies. Drovorub Linux Malware
Drovorub Linux malware, as per the two agencies, consists of an implant, a file transfer tool, a kernel module rootkit, a command and control server, and a port forwarding module. The report mentions that the malware is highly stealthy and can manage to stay undetected in machines owing to advanced rootkit technologies deployed by hackers. The stealthy capabilities of Drovorub Linux malware make it easy for hackers to target different types of platforms, initiating attacks at any time.
The report describes the functioning of each component of the Linux malware that communicates with each other using JSON over WebSockets and the traffic is encrypted from the server module using the RSA algorithm.
How to stay safe from Drovorub Linux Malware?
The NSA and FBI have enlisted a few precautionary measures that could be used to stay safe from the new strain of Linux malware:
Keep all Linux systems updated to kernel version 3.7 or later. Systems must be configured to load modules with digital signatures. Enable the UEFI Secure Boot verification mechanism.
Tech Ping
Yep... This article is a bit overblown.
Run a live distro from cd or DVD.
The virus is not a simple Trojan. It’s worse than that and finds its own way through the Net. And it’s a rootkit.
If you have a newer computer, you should have UEFI instead of a BIOS. Go into “setup” early in the boot process to find out. Different machines have different ways of going into setup (see your computer documentation).
Look at the UEFI and/or secure boot documentation for your Linux distribution. Can’t help you more than that, because different machines and different distributions require reading different instructions.
Your Linux distribution should be automatic enough with respect to UEFI to do its part without modification of your operating system. That varies, though, with use of a non-free module (e.g., WiFI chips in *some* computers), in which case, more reading and work needs to be done.
It shouldn’t require anything more than enabling UEFI secure boot in your machine’s setup, *if* your machine is not too old and doesn’t have the old BIOS instead.
All of that said, our personal computers aren’t the main goal, unless there’s more to the problem than what we see in the article above this thread. Commercial (trade secrets) and government information are what the Russians are after.
Try entering the following.
cat /proc/version
Most kernels in most distros in the most recent versions should be updated often enough.
Thanks for that- i dual boot- windows 7 as my main offline os which i don’t hardly use- and linux as my online os
Good point about the target of the russians- but i wonder about credit cards that are used online if they can gain access to those- (Which was why i wondered abotu a sandbox environment where sessions coudl be deleted so none of that sensitive info stuff got stored on computer-)
My comp is approx 10 years old now- so not sure if it’s UEFI or not- will have to check it out- thanks-
That would be ok if i could customize the distro to include all my programs and os tweaks- and put it onto a live distro DVD- although starting a distro DVD takes forever, and runs kinda slow- but yeah, that would be an extreme sandbox type environment-
only problem with it is that any changes made to the ‘system’ (Virtual) woudl be lost every time- so you couldn’t keep the os up to date and programs and tweaks to system wouldn’t be remembered-
That’s all changed.
You might want to look into a bit of malware known as the 'witty worm'. It was several years ago, but this worm was designed to infect a specific router, of which there were some 50,000 or so devices in operation on the planet. Having a small footprint is no protection. What is, is good design. It is the design and implementation of Linux that has kept it largely virus free. No computer is completely safe from such things, because they are created my human beings who themselves have flaws. However, we can implement systems in such a way to minimize the threats. Linux is still much a much more robust target for hackers, as is OSX which is also a Unix derivative.
This whole concept of Linux and OSX not being a target because of a smaller installed base than MS-Windows has always been a somewhat untrue canard.
Fortunately updating seems to be the solution here but I take this as a "first shot across the bow". Arrr!
If you like tiny, low power computers for the house, this one runs nicely with the latest Debian stable.
https://www.amazon.com/Gigabyte-Compact-Graphics-Component-GB-Blce-4105R/dp/B07Z8TSXCF
https://www.gigabyte.com/us/Mini-PcBarebone/GB-BLCE-4105R-rev-10/sp#sp
The manufacturer says that it runs with Windows 10.
http://download.gigabyte.cn/FileList/Manual/brix_gemini-lake-dual_datasheet.pdf
It doesn’t come with an operating system or RAM, though.
thanks, I was looking ot get a cheap computer just for online stuff, and keep my better one for ordering online, doing photo work etc, and keep it unplugged when not doing those things- keep my credit card off my daily cheaper online computer-
We actually have a few DOS based machines, old as the hills, doing some jobs here.................
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.