[GreenKeys] OT - Highly stealthy Linux trojan may have infected victims for years...
Michael O'Day via GreenKeys
greenkeys at mailman.qth.net
Fri Dec 12 04:19:09 EST 2014
Jim,They mentioned there was one possible way to check for this particular bug:
"Administrators who want to check for Turla-infected Linux systems can check outgoing traffic for connections to news-bbc.podzone[.]org or 80.248.65.183, which are the addresses of known command and control channels hardcoded into the Linux trojan. Admins can also build a signature using a tool called YARA that detects the strings "TREX_PID=%u" and "Remote VS is empty !"
So no real way to detect the trojan, only a way to look for an effect of the trojan - reminds me of the way astronomers find black holes.
Mike - N9ODM
ASCII and ye shall receive.
On Tuesday, December 9, 2014 9:01 PM, Jim Haynes <jhhaynes at earthlink.net> wrote:
Well, now of course what we need is a method or tool to determine if our
machines are infected.
jhhaynes at earthlink dot net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/greenkeys/attachments/20141212/613c3a99/attachment.html>
More information about the GreenKeys
mailing list