LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-30-2015, 09:26 AM   #1
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Linux Mint 21 MATE, EndeavourOS, antiX, MX Linux
Posts: 3,945
Blog Entries: 32

Rep: Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452
Turla trojan for LInux


Okay, so I am not a head of state on my Linux home computer, but is there any way of detecting whether the Turla trojan is sitting quietly on my PC, awaiting further instructions?


Turla-Kaspersky:
http://arstechnica.com/security/2014...ims-for-years/

Earlier thread:
http://www.linuxquestions.org/questi...-linux-400686/
 
Old 07-30-2015, 09:52 AM   #2
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629

Rep: Reputation: Disabled
?? The first link you posted yourself reads some way down:

Quote:
Administrators who want to check for Turla-infected Linux systems can check outgoing traffic for connections to news-bbc.podzone[.]org or 80.248.65.183, which are the addresses of known command and control channels hardcoded into the Linux trojan. Admins can also build a signature using a tool called YARA that detects the strings "TREX_PID=%u" and "Remote VS is empty !"
What exactly do you mean by your question?
 
Old 07-30-2015, 10:29 AM   #3
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
http://www.securityweek.com/newly-di...-linux-systems
http://threatpost.com/linux-modules-...covered/109765
 
Old 07-31-2015, 06:44 AM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
You're "running other people's software" on your machine all the time. (In fact, right now you're running JavaScript supplied by "LinuxQuestions.org!") You can't prevent that.

What you can do, though, is to make it "even slightly inconvenient" for malware to exploit your system. Malware is strictly "a numbers game," searching among millions of potentially-accessible machines to find those that (a) are accessible, and (b) are run by stupid-people ..are run by careless-people .. are vulnerable. The odds are small, but in their favor.

Most of all, just do common-sense things:
  • Don't run as an Administrator, or as a member of the wheel group, or as a user who can issue sudo su and supply their password and thereby become root.
  • Actually have a password , and change it more than once a year.
  • Store sensitive information in encrypted "keychains."
  • Have multiple non-privileged accounts for different purposes, and secure the home-directories from each other. (No one else "needs to know" even what is inside someone else's home.)
  • Keep the operating system up-to-date.
  • Use secure backup software that is running all the time.
  • Don't run "anti-virus" software! This software, being "highly pervasive," is most-easily compromised and can serve as an attack vector. (It's difficult to remove the "cruft" from Windows, but it can be done. Do it.)
These are things that can be done on any operating system. A computer is terrible at knowing when to say "yes," but it's great at saying "no."
 
Old 07-31-2015, 10:26 AM   #5
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Linux Mint 21 MATE, EndeavourOS, antiX, MX Linux
Posts: 3,945

Original Poster
Blog Entries: 32

Rep: Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452
sundialsvcs,

Thanks for your reply.

Quote:
Don't run "anti-virus" software! This software, being "highly pervasive," is most-easily compromised and can serve as an attack vector.
So your advice is not to use ClamAV or similar?
 
Old 07-31-2015, 11:52 PM   #6
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Linux Mint 21 MATE, EndeavourOS, antiX, MX Linux
Posts: 3,945

Original Poster
Blog Entries: 32

Rep: Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452Reputation: 1452
Traffic checked, marking as solved.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
anyone have an eye on turla? Habitual Linux - Security 2 12-13-2014 06:20 AM
LXer: Breaking: Unknown and Stealth Turla Malware Infects Unknown Number of Linux Systems LXer Syndicated Linux News 0 12-09-2014 05:51 AM
Linux.Phalax. Is it really a virus -trojan- or not? glore2002 Slackware 13 08-13-2008 03:18 AM
LXer: HP trojan foiled by Linux LXer Syndicated Linux News 0 09-19-2006 02:21 PM
Trojan scan/removal for linux Whitestone Linux - Security 6 08-15-2005 08:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration