Powerful Linux Trojan called Turla

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked
bmayolg

Powerful Linux Trojan called Turla

Post by bmayolg »

On the news, http://thehackernews.com/2014/12/powerf ... turla.html

A solution to that is on antivirus software or patching the system?


:shock:
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
kc1di
Level 18
Level 18
Posts: 8147
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Powerful Linux Trojan called Turla

Post by kc1di »

bmayolg wrote:On the news, http://thehackernews.com/2014/12/powerf ... turla.html

A solution to that is on antivirus software or patching the system?


:shock:
Hi bmayolg and Welcome to LinuxMint,

I read those reports with interest also. Seems the best way to protect against this particular threat would be to have a strong fire wall installed and though virus software is not usually needed in linux because of it's file structure. It can give one a feeling of peace. Comodo Antivirus has a good virsus scanner for Linux that can be downloaded free from here https://www.comodo.com/home/internet-se ... -linux.php

and you can set up a basic firewall by following the instructions here: http://www.itworld.com/article/2698042/ ... 14-04.html

good Luck!
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
bmayolg

Re: Powerful Linux Trojan called Turla

Post by bmayolg »

Many thanks, will review the configuration of a firewall and also this Comodo Scanner.

:)
kc1di wrote:
bmayolg wrote:On the news, http://thehackernews.com/2014/12/powerf ... turla.html

A solution to that is on antivirus software or patching the system?


:shock:
Hi bmayolg and Welcome to LinuxMint,

I read those reports with interest also. Seems the best way to protect against this particular threat would be to have a strong fire wall installed and though virus software is not usually needed in linux because of it's file structure. It can give one a feeling of peace. Comodo Antivirus has a good virsus scanner for Linux that can be downloaded free from here https://www.comodo.com/home/internet-se ... -linux.php

and you can set up a basic firewall by following the instructions here: http://www.itworld.com/article/2698042/ ... 14-04.html

good Luck!
bmayolg

Re: Powerful Linux Trojan called Turla

Post by bmayolg »

Another Turla news post at Ars Technica

http://arstechnica.com/security/2014/12 ... for-years/
MtnDewManiac
Level 6
Level 6
Posts: 1491
Joined: Fri Feb 22, 2013 5:18 pm
Location: United States

Re: Powerful Linux Trojan called Turla

Post by MtnDewManiac »

kc1di wrote:
bmayolg wrote:On the news, http://thehackernews.com/2014/12/powerf ... turla.html

A solution to that is on antivirus software or patching the system?


:shock:
Hi bmayolg and Welcome to LinuxMint,

I read those reports with interest also. Seems the best way to protect against this particular threat would be to have a strong fire wall installed and though virus software is not usually needed in linux because of it's file structure. It can give one a feeling of peace. Comodo Antivirus has a good virsus scanner for Linux that can be downloaded free from here https://www.comodo.com/home/internet-se ... -linux.php

and you can set up a basic firewall by following the instructions here: http://www.itworld.com/article/2698042/ ... 14-04.html

good Luck!
The antivirus thing in our repos isn't good enough?

What does one do to check for this thing and remove it if it is determined to be present? I found this webpage:

Code: Select all

https://securelist.com/blog/research/67962/the-penquin-turla-2/
but IDK what any of it means. I'm pretty concerned because I read this morning that this one works without requiring root access(!!!). So, apparently, my strategy of just never doing anything that I am not instructed to do from a help thread here while having root/sudo/gksu/etc. access is no longer valid. And, err, may not have been four the last four years?

Regards,
MDM
Mint 18 Xfce 4.12.

If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
User avatar
daveinuk
Level 7
Level 7
Posts: 1559
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.
Contact:

Re: Powerful Linux Trojan called Turla

Post by daveinuk »

Another overblown 'story' by the looks of it . . . . . . . .
virus-kitten.jpg
MtnDewManiac
Level 6
Level 6
Posts: 1491
Joined: Fri Feb 22, 2013 5:18 pm
Location: United States

Re: Powerful Linux Trojan called Turla

Post by MtnDewManiac »

What makes it look "overblown?"

Regards,
MDM
Mint 18 Xfce 4.12.

If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
User avatar
Pilosopong Tasyo
Level 6
Level 6
Posts: 1432
Joined: Mon Jun 22, 2009 3:26 am
Location: Philippines

Re: Powerful Linux Trojan called Turla

Post by Pilosopong Tasyo »

From OMG! Ubuntu:
‘Turla’ is a complex APT (Advanced Persistent Threat) that has (thus far) targeted government, embassy and pharmaceutical companies’ systems for around four years using a method based on 14 year old code, no less.

...

“Turla” (and its children) are presumed to be nation-state sponsored due to its choice of targets.

...

Turla is not a user-focused “i wantZ ur CredIt carD” virus bundled inside a faux software download. It’s a complex, finessed and adaptable threat with specific targets in mind.
As always, it's prudent to use common sense:
Until more details are known none of us should panic. Let’s continue to practice safe computing. Avoid downloading/running scripts, apps, or binaries from untrusted sites or PPAs, and don’t venture into dodgy dark parts of the web.
o Give a man a fish and he will eat for a day. Teach him how to fish and he will eat for a lifetime!
o If an issue has been fixed, please edit your first post and add the word [SOLVED].
User avatar
kc1di
Level 18
Level 18
Posts: 8147
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Powerful Linux Trojan called Turla

Post by kc1di »

the weakest link in any security system is the human factor. Use good operating standards, use virus Scanners if you feel better with them. use a good firewall setup and monitor what comes and goes from your Computer.

to answer the question about the antivirus software in the repositories, they are ok. but not great. Clam AV is a good scanner. But I've never been able to keep it up to date here. Comodo seems to work ok.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
GeneC

Re: Powerful Linux Trojan called Turla

Post by GeneC »

kc1di wrote:............... Clam AV is a good scanner. But I've never been able to keep it up to date .......
Hi kc1di... :)
I think there is possibly a slight misconception here. Clam AV 'base definitons' (database) updates each time you re-boot. Its only the gui that does not update. (and shows out of date).
Is this what you mean?
I have updated the gui manually, and actually think the outdated one is much more usable and convenient.. Possibly why the new has been kept back?

http://www.clamav.net/about.html
ClamAV Features

Command-line scanner
Milter interface for sendmail
Advanced database updater with support for scripted updates and digital signatures
Virus database updated multiple times per day
Built-in support for all standard mail file formats
Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF and PDF
MADDSNIPER

Re: Powerful Linux Trojan called Turla

Post by MADDSNIPER »

kc1di wrote:use a good firewall setup and monitor what comes and goes from your Computer.
This trojan apparently can hide all its activity from netstat which would make it very hard to catch, also I find it very hard to get a good firewall setup on linux, if we had application based firewalls it would be alot easier.
monkeyboy

Re: Powerful Linux Trojan called Turla

Post by monkeyboy »

My acid test for threats is this forum, how many real users are looking for help repairing the damage caused by the latest killer problem versus the blogger hype. Then I go get another coffee and enjoy using one of the most secure OS’s out there.
User avatar
kc1di
Level 18
Level 18
Posts: 8147
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Powerful Linux Trojan called Turla

Post by kc1di »

GeneC wrote:
kc1di wrote:............... Clam AV is a good scanner. But I've never been able to keep it up to date .......
Hi kc1di... :)
I think there is possibly a slight misconception here. Clam AV 'base definitons' (database) updates each time you re-boot. Its only the gui that does not update. (and shows out of date).
Is this what you mean?
I have updated the gui manually, and actually think the outdated one is much more usable and convenient.. Possibly why the new has been kept back?

http://www.clamav.net/about.html
Yup that's one of the problems , I'm not sure that Clam's database is up to date either, but it's a mute question with this trojan since it would not be detected by any of the known AV scanners at the moment anyway. I use Calm on one of my machines too.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
User avatar
kc1di
Level 18
Level 18
Posts: 8147
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Powerful Linux Trojan called Turla

Post by kc1di »

MADDSNIPER wrote:
kc1di wrote:use a good firewall setup and monitor what comes and goes from your Computer.
This trojan apparently can hide all its activity from netstat which would make it very hard to catch, also I find it very hard to get a good firewall setup on linux, if we had application based firewalls it would be alot easier.
I Agree a good application base firewall would be great but in the mean time use gufw it's a graphical frontend for Itables works ok.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Locked

Return to “Chat about Linux”