Powerful Linux Trojan called Turla
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Powerful Linux Trojan called Turla
On the news, http://thehackernews.com/2014/12/powerf ... turla.html
A solution to that is on antivirus software or patching the system?
A solution to that is on antivirus software or patching the system?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Powerful Linux Trojan called Turla
Hi bmayolg and Welcome to LinuxMint,bmayolg wrote:On the news, http://thehackernews.com/2014/12/powerf ... turla.html
A solution to that is on antivirus software or patching the system?
I read those reports with interest also. Seems the best way to protect against this particular threat would be to have a strong fire wall installed and though virus software is not usually needed in linux because of it's file structure. It can give one a feeling of peace. Comodo Antivirus has a good virsus scanner for Linux that can be downloaded free from here https://www.comodo.com/home/internet-se ... -linux.php
and you can set up a basic firewall by following the instructions here: http://www.itworld.com/article/2698042/ ... 14-04.html
good Luck!
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Re: Powerful Linux Trojan called Turla
Many thanks, will review the configuration of a firewall and also this Comodo Scanner.
kc1di wrote:Hi bmayolg and Welcome to LinuxMint,bmayolg wrote:On the news, http://thehackernews.com/2014/12/powerf ... turla.html
A solution to that is on antivirus software or patching the system?
I read those reports with interest also. Seems the best way to protect against this particular threat would be to have a strong fire wall installed and though virus software is not usually needed in linux because of it's file structure. It can give one a feeling of peace. Comodo Antivirus has a good virsus scanner for Linux that can be downloaded free from here https://www.comodo.com/home/internet-se ... -linux.php
and you can set up a basic firewall by following the instructions here: http://www.itworld.com/article/2698042/ ... 14-04.html
good Luck!
-
- Level 6
- Posts: 1491
- Joined: Fri Feb 22, 2013 5:18 pm
- Location: United States
Re: Powerful Linux Trojan called Turla
The antivirus thing in our repos isn't good enough?kc1di wrote:Hi bmayolg and Welcome to LinuxMint,bmayolg wrote:On the news, http://thehackernews.com/2014/12/powerf ... turla.html
A solution to that is on antivirus software or patching the system?
I read those reports with interest also. Seems the best way to protect against this particular threat would be to have a strong fire wall installed and though virus software is not usually needed in linux because of it's file structure. It can give one a feeling of peace. Comodo Antivirus has a good virsus scanner for Linux that can be downloaded free from here https://www.comodo.com/home/internet-se ... -linux.php
and you can set up a basic firewall by following the instructions here: http://www.itworld.com/article/2698042/ ... 14-04.html
good Luck!
What does one do to check for this thing and remove it if it is determined to be present? I found this webpage:
Code: Select all
https://securelist.com/blog/research/67962/the-penquin-turla-2/
Regards,
MDM
Mint 18 Xfce 4.12.
If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
- daveinuk
- Level 7
- Posts: 1559
- Joined: Tue Mar 23, 2010 7:52 pm
- Location: Manchester, England.
- Contact:
Re: Powerful Linux Trojan called Turla
Another overblown 'story' by the looks of it . . . . . . . .
-
- Level 6
- Posts: 1491
- Joined: Fri Feb 22, 2013 5:18 pm
- Location: United States
Re: Powerful Linux Trojan called Turla
What makes it look "overblown?"
Regards,
MDM
Regards,
MDM
Mint 18 Xfce 4.12.
If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
- Pilosopong Tasyo
- Level 6
- Posts: 1432
- Joined: Mon Jun 22, 2009 3:26 am
- Location: Philippines
Re: Powerful Linux Trojan called Turla
From OMG! Ubuntu:
As always, it's prudent to use common sense:‘Turla’ is a complex APT (Advanced Persistent Threat) that has (thus far) targeted government, embassy and pharmaceutical companies’ systems for around four years using a method based on 14 year old code, no less.
...
“Turla” (and its children) are presumed to be nation-state sponsored due to its choice of targets.
...
Turla is not a user-focused “i wantZ ur CredIt carD” virus bundled inside a faux software download. It’s a complex, finessed and adaptable threat with specific targets in mind.
Until more details are known none of us should panic. Let’s continue to practice safe computing. Avoid downloading/running scripts, apps, or binaries from untrusted sites or PPAs, and don’t venture into dodgy dark parts of the web.
o Give a man a fish and he will eat for a day. Teach him how to fish and he will eat for a lifetime!
o If an issue has been fixed, please edit your first post and add the word [SOLVED].
o If an issue has been fixed, please edit your first post and add the word [SOLVED].
Re: Powerful Linux Trojan called Turla
the weakest link in any security system is the human factor. Use good operating standards, use virus Scanners if you feel better with them. use a good firewall setup and monitor what comes and goes from your Computer.
to answer the question about the antivirus software in the repositories, they are ok. but not great. Clam AV is a good scanner. But I've never been able to keep it up to date here. Comodo seems to work ok.
to answer the question about the antivirus software in the repositories, they are ok. but not great. Clam AV is a good scanner. But I've never been able to keep it up to date here. Comodo seems to work ok.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Re: Powerful Linux Trojan called Turla
Hi kc1di...kc1di wrote:............... Clam AV is a good scanner. But I've never been able to keep it up to date .......
I think there is possibly a slight misconception here. Clam AV 'base definitons' (database) updates each time you re-boot. Its only the gui that does not update. (and shows out of date).
Is this what you mean?
I have updated the gui manually, and actually think the outdated one is much more usable and convenient.. Possibly why the new has been kept back?
http://www.clamav.net/about.html
ClamAV Features
Command-line scanner
Milter interface for sendmail
Advanced database updater with support for scripted updates and digital signatures
Virus database updated multiple times per day
Built-in support for all standard mail file formats
Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF and PDF
Re: Powerful Linux Trojan called Turla
This trojan apparently can hide all its activity from netstat which would make it very hard to catch, also I find it very hard to get a good firewall setup on linux, if we had application based firewalls it would be alot easier.kc1di wrote:use a good firewall setup and monitor what comes and goes from your Computer.
Re: Powerful Linux Trojan called Turla
My acid test for threats is this forum, how many real users are looking for help repairing the damage caused by the latest killer problem versus the blogger hype. Then I go get another coffee and enjoy using one of the most secure OS’s out there.
Re: Powerful Linux Trojan called Turla
Yup that's one of the problems , I'm not sure that Clam's database is up to date either, but it's a mute question with this trojan since it would not be detected by any of the known AV scanners at the moment anyway. I use Calm on one of my machines too.GeneC wrote:Hi kc1di...kc1di wrote:............... Clam AV is a good scanner. But I've never been able to keep it up to date .......
I think there is possibly a slight misconception here. Clam AV 'base definitons' (database) updates each time you re-boot. Its only the gui that does not update. (and shows out of date).
Is this what you mean?
I have updated the gui manually, and actually think the outdated one is much more usable and convenient.. Possibly why the new has been kept back?
http://www.clamav.net/about.html
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Re: Powerful Linux Trojan called Turla
I Agree a good application base firewall would be great but in the mean time use gufw it's a graphical frontend for Itables works ok.MADDSNIPER wrote:This trojan apparently can hide all its activity from netstat which would make it very hard to catch, also I find it very hard to get a good firewall setup on linux, if we had application based firewalls it would be alot easier.kc1di wrote:use a good firewall setup and monitor what comes and goes from your Computer.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608