Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday August 14 2020, @12:10PM   Printer-friendly
from the still-safer-than-windows dept.

NSA, FBI Warn of Linux Malware Used in Espionage Attacks:

A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory.

The U.S. government is warning of new malware, dubbed Drovorub, that targets Linux systems. It also claims the malware was developed for a Russian military unit in order to carry out cyber-espionage operations.

The malware, Drovorub, comes with a multitude of espionage capabilities, including stealing files and remotely controlling victims' computers. The malware is sophisticated and is designed for stealth, leveraging advanced "rootkit" technologies that make detection difficult. According to a Thursday advisory by the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), the malware especially represents a threat to national security systems such as the Department of Defense and Defense Industrial Base customers that use Linux systems.

"Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server," according to a 45-page deep-dive analysis of the malware published Thursday [PDF] by the FBI and NSA. "When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as 'root'; and port forwarding of network traffic to other hosts on the network."

Despite the in-depth report, the FBI and NSA did not detail how the initial attack vector for the malware occurs. The report also does not specify how long the malware has been in action, or how many companies may have been targeted – and whether any attacks have been successful. Authorities didn't say specify[sic] that the malware initially infects victims either. It did say the threat actor behind the malware uses a "wide variety of proprietary and publicly known techniques to target networks and to persist their malware on commercial devices."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Anonymous Coward on Friday August 14 2020, @12:51PM (4 children)

    by Anonymous Coward on Friday August 14 2020, @12:51PM (#1036512)

    Since the U.S. is hammering TikTok to get M$ a better deal on their assets acquisition deal, does this seem like it might be another M$ favor: spewing a bit of virus FUD on Linux?

    Starting Score:    0  points
    Moderation   +5  
       Insightful=1, Interesting=4, Total=5
    Extra 'Interesting' Modifier   0  

    Total Score:   5  
  • (Score: 4, Funny) by EvilSS on Friday August 14 2020, @02:29PM (3 children)

    by EvilSS (1456) Subscriber Badge on Friday August 14 2020, @02:29PM (#1036538)
    Yep, anyone with a brain knows it's impossible to write, much less distribute, malware for Linux. It just can't be done.
    • (Score: 4, Insightful) by JoeMerchant on Friday August 14 2020, @04:46PM (2 children)

      by JoeMerchant (3937) on Friday August 14 2020, @04:46PM (#1036598)

      There's a difference between possible and common.

      It's possible for anyone on the planet to die of COVID-19, not likely - but common enough to warrant protective measures, at least in the opinion of some governments. On the other hand: Paraneoplastic Pemphigus, nasty and deadly as it is, not so much.

      Issuing a "joint advisory warning" about Drovorub without telling how it is contracted or where it has been found is a lot like disseminating information about the symptoms and results of Paraneoplastic Pemphigus without telling anything of how it is spread or where it is known to be.

      --
      🌻🌻 [google.com]
      • (Score: 2) by EvilSS on Friday August 14 2020, @05:11PM (1 child)

        by EvilSS (1456) Subscriber Badge on Friday August 14 2020, @05:11PM (#1036608)
        Nope, it's literally impossible according to everyone I talked to about it today. The drunk homeless former Novell admin was particularly adamant that it's just not possible to have malware on any platform other than Windows.
        • (Score: 2) by Gaaark on Friday August 14 2020, @11:22PM

          by Gaaark (41) on Friday August 14 2020, @11:22PM (#1036815) Journal

          Is that the guy who headed Nortel?
          :)

          --
          --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---