Well......this ain't good :/

Vrai

Well-Known Member
Credits
2,297
The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a new Cybersecurity Advisory about previously undisclosed Russian malware.

The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy Bear, Strontium, or APT 28, is deploying malware called Drovorub, designed for Linux systems as part of its cyber espionage operations.

NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory

Fortunately the targets are not pip-squeak home desktop users.....yet.
I wonder how long until the "bad guys" start using this code to attack personal computers though.
Interesting.
 


f33dm3bits

Gold Member
Gold Supporter
Credits
3,408
Here's the full report:
To preventa system from being susceptible to Drovorub’s hiding and persistence, system administrators should update to Linux Kernel 3.7 or later in order to take full advantage of kernel signing enforcement. Additionally, system owners are advised to configure systems to load only modules with a valid digital signature making it more difficult for an actorto introduce a malicious kernel module into the system.
 

Nelson Muntz

Active Member
Credits
1,328
I don't think it's a typo I think what is being referred to is a signed kernel and I believe 3.7 was first to allow you to use signed kernels.

----------------------------------------------------------------------------


To preventa system from being susceptible to Drovorub’s hiding and persistence, system administrators should update to Linux Kernel 3.7 or later in order to take full advantage of kernel signing enforcement. Additionally, system owners are advised to configure systems to load only modules with a valid digital signature making it more difficult for an actorto introduce a malicious kernel module into the system.
 

Nelson Muntz

Active Member
Credits
1,328
When Meltdown / Spectre vulnerability came about it wasn't good.

Users as myself and who are using old computers with processors where no microcode patches will ever be available are still cruising along without problems.

The Linux developers and browser developers patched Meltdown / Spectre vulnerability as best they could to keep us safe and secure.

So the way I see it they will do the same with this vulnerability and other vulnerabilities as they come around so keep your Linux updated.

Keep the faith the Linux developers won't let us down and this is only one reason we choose to use Linux.
 

wizardfromoz

Super Moderator
Staff member
Gold Supporter
Credits
4,585
Back in September 2014, we had the Shellshock Virus aka The Bash Bug.

It was a flaw that had been unnoticed in the kernel for 20 years, the result of an error by a volunteer coder helping work on the kernel in the 90s.

Stephane Chevalas found the flaw and notified Chet Ramey, in a public forum, a mistake in my belief, a secure channel should have been used.

Within a day or so, a hacker had developed an exploit, and Bash Bug was the result.

Redhat and other community gurus swung into top gear, and within 36 hours patches were applied to the kernel and released, and all the major players adopted them. Problem solved, but not before a number of servers, and hence businesses had been compromised, which is tragic.

My points being that the community is strong, and rich in talent and spirit. It has moved swiftly before and will do so again, and as long as the blackhats act individually, the whitehats will always outnumber them.

I endorse Nelson's last line, and although I may change my signature soon, the part which says

...nothing is bulletproof, but i wear kevlar - i use linux:D
... still applies.

Cheers all and

Avagudweegend

Wizard
 


Members online


Latest posts

Top