News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • FBI and NSA expose new Linux malware Drovorub

    Posted on CADesertRat Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories FBI and NSA expose new Linux malware Drovorub

    • This topic has 14 replies, 7 voices, and was last updated 1 month ago.
    Viewing 10 reply threads
    • Author
      Posts
      • #2288384 Reply
        CADesertRat
        AskWoody Plus

        Linux has become a larger target evidently.

        ZDnet

         

        The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia’s military hackers.

        The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks.

        “Technical details released today by the NSA and FBI on APT28’s Drovorub toolset are highly valuable to cyber defenders across the United States.”

        To prevent attacks, the agency recommends that US organizations update any Linux system to a version running kernel version 3.7 or later, “in order to take full advantage of kernel signing enforcement,” a security feature that would prevent APT28 hackers from installing Drovorub’s rootkit.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

        5 users thanked author for this post.
      • #2288385 Reply
        Alex5723
        AskWoody Plus

        After installing their own backdoors in hundred of millions Android devices, the FBI and NSA have the nerve to publish alerts for other OSs ?

        2 users thanked author for this post.
      • #2288394 Reply
        Fred
        AskWoody Plus

        After installing their own backdoors in hundred of millions Android devices, the FBI and NSA have the nerve to publish alerts for other OSs ?

        Isn’t this the same backdoor Europol used to crack and invade the cryptophone_servers?, An intentionally created analomy?

        ~ ~ ~
      • #2288440 Reply
        anonymous
        Guest
        • #2288515 Reply
          Ascaris
          AskWoody_MVP

          TL; DR: If you’re using a kernel seven years out of date, you’re not going to have a good time.

          Group "L" (Fedora 32 Linux w/ KDE Plasma).

      • #2288476 Reply
        OscarCP
        AskWoody Plus

        As I understand this, and assuming the ZDnet article is correct, it looks like this problem has a fairly easy solution: those with kernel 3.7 and latter need not worry, while those with older kernels all they have to do to protect themselves is to install 3.7 or later. If this is the work of Russian government hackers to launch attacks directed against, e.g., USA critical networks, it strikes me as odd that they are using malware that is so easily defeated. What am I missing here?

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        1 user thanked author for this post.
      • #2288520 Reply
        Fred
        AskWoody Plus

        critical networks, it strikes me as odd that they are using malware that is so easily defeated. What am I missing here?

        [@]OscarCP:
        It concerns ALL critical networks and that has been going on for a very long time. Not much is coming out publicly. And it is very difficult and maybe even impossible to spot differences between the many opposite sites or views.
        Very recently it was announced that a new collaboration is being developed between the 5-Eyes.
        But the 7-Eyes (western-collaboration) still exists, and one of the real great successes against the big organised crime recently has been the break-in and dismantling of the Encrypted-Special-Telephone-Servers. This is a collaboration between France, Germany, England, The Netherlands and Europol, and who else? (Certainly the USA and Canada will be as member of the 7-Eyes and…) This will remain a closed book, just like what exactly was done to take over those computer servers (for sure it is the use and creating of 0Days and Backdoors).

        A good thing is that there are a lot of countries and companies trying to fight the “bad”. For the time being the “good-guys” will continue to lag behind the bad-guys, after all, their organization is a lot less complicated than that of many countries put together.
        Perhaps “Quantum computing” in development will change this lag-by-definition, who can tell?.
        But in my twocents view, the increasingly popular totalitarian-surveillance-state is not the solution. Continuing different regional values ​​and cultures remain the most important to safeguard civilization.

        ~ ~ ~
        1 user thanked author for this post.
      • #2288575 Reply
        Microfix
        AskWoody MVP

        IMO I think this is pointing towards old (in-use) home routers, remember linux based routers have kernels too.

        Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
        2 users thanked author for this post.
        • #2288705 Reply
          Moonbear
          AskWoody Lounger

          Is it obvious if your using a linux based router?

          If its not that obvious, how can you find out?

          1 user thanked author for this post.
        • #2288707 Reply
          OscarCP
          AskWoody Plus

          Microfix: “this is pointing towards old (in-use) home routers”

          After giving this some more thought: even if home and small business users are, as I suspect, not the intended target, malware like this might leak from governments to criminals (e.g. the NSA “Eternal Blue”), so there is and indirect risk to those small users. As to how easy it is to defeat this particular bug by using an up-to-date Linux kernel, the hackers could be hoping that critical networks are not properly patched and running safe software, as has been the case in the past of the ransomware attacks against the British NHS and several municipalities in the USA. Anybody has a better idea?

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • #2288715 Reply
        CADesertRat
        AskWoody Plus

        Just a thought, as to the router point, keep in mind that there are a LOT of Govt. people working from home right now and there could be quite a large number of older routers in use for their work. Maybe that’s part of the reason for the push from other nation/states to take advantage of it.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

        1 user thanked author for this post.
        • #2288720 Reply
          OscarCP
          AskWoody Plus

          CADesertRat: “…keep in mind that there are a LOT of Govt. people working from home right now…

          Good point! I would like to make this small addition: There are a LOT of Government and private companies and organizations’ people working from home, right now.

          Question: are most routers used at home and by small businesses running distros of Linux? (I really have no idea.)

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

          1 user thanked author for this post.
      • #2288722 Reply
        OscarCP
        AskWoody Plus

        And answering (maybe) both Moonbear’s and my question:

        https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions

        Everything in there is Linux or FreeBSD (all the latter listed as “Discontinued”, though).

        How exhaustive is that list of routers and firewalls? All I can say is that is LONG.

        So: yes, a problem for some (or many?) home and small business users.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        1 user thanked author for this post.
        • #2288723 Reply
          Moonbear
          AskWoody Lounger

          Thanks for the link.

          Its brought a new thought to mind as well, I wonder if there’s any way to find out what kind of firmware ISP provided modem/router combos would be using?

      • #2288734 Reply
        Moonbear
        AskWoody Lounger

        Adding to my last reply,

        the reason I’m wondering about ISP provided equipment, is that I remember reading a few years back that some ISP’s (AT&T specifically in this case) use proprietary firmware in their equipment that can’t be changed (or in some cases even updated) by the user.

        If this is still in practice, I can’t imagine the headaches this will add to the mess this could already end up being.

         

         

        • This reply was modified 1 month ago by Moonbear.
        1 user thanked author for this post.
      • #2288748 Reply
        OscarCP
        AskWoody Plus

        The “Linux routers” safety issue is an interesting enough topic that I believe deserves its own thread, so I have started one here:

        Routers with a Linux OS: how safe they are and other questions.

        So those interested can post their own questions, answers, comments, etc. there.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

    Viewing 10 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: FBI and NSA expose new Linux malware Drovorub

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.