• We did not send an email asking for donations - please read this post.

Well......this ain't good :/

Vrai

Well-Known Member
Joined
Mar 16, 2019
Messages
1,060
Reaction score
999
Credits
4,055
The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a new Cybersecurity Advisory about previously undisclosed Russian malware.

The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy Bear, Strontium, or APT 28, is deploying malware called Drovorub, designed for Linux systems as part of its cyber espionage operations.

NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory

Fortunately the targets are not pip-squeak home desktop users.....yet.
I wonder how long until the "bad guys" start using this code to attack personal computers though.
Interesting.
 


sp331yi

Well-Known Member
Joined
Apr 11, 2020
Messages
725
Reaction score
328
Credits
4,614
Time for BSD?
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
5,027
Reaction score
3,700
Credits
36,648
Here's the full report:
To preventa system from being susceptible to Drovorub’s hiding and persistence, system administrators should update to Linux Kernel 3.7 or later in order to take full advantage of kernel signing enforcement. Additionally, system owners are advised to configure systems to load only modules with a valid digital signature making it more difficult for an actorto introduce a malicious kernel module into the system.
 

captain-sensible

Well-Known Member
Joined
Jun 14, 2019
Messages
2,913
Reaction score
1,970
Credits
18,126
update to kernel 3.7 ? is that a typo thats older than 4 years so the issue is probably fixed already ?
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
5,027
Reaction score
3,700
Credits
36,648
update to kernel 3.7 ? is that a typo thats older than 4 years so the issue is probably fixed already ?
It's what it says in the official report, read it yourself. RHEL6 doesn't run a 3x kernel.
 
D

Deleted member 101831

Guest
I don't think it's a typo I think what is being referred to is a signed kernel and I believe 3.7 was first to allow you to use signed kernels.

----------------------------------------------------------------------------


To preventa system from being susceptible to Drovorub’s hiding and persistence, system administrators should update to Linux Kernel 3.7 or later in order to take full advantage of kernel signing enforcement. Additionally, system owners are advised to configure systems to load only modules with a valid digital signature making it more difficult for an actorto introduce a malicious kernel module into the system.
 

sp331yi

Well-Known Member
Joined
Apr 11, 2020
Messages
725
Reaction score
328
Credits
4,614
hiding4pussies.png
 
D

Deleted member 101831

Guest
When Meltdown / Spectre vulnerability came about it wasn't good.

Users as myself and who are using old computers with processors where no microcode patches will ever be available are still cruising along without problems.

The Linux developers and browser developers patched Meltdown / Spectre vulnerability as best they could to keep us safe and secure.

So the way I see it they will do the same with this vulnerability and other vulnerabilities as they come around so keep your Linux updated.

Keep the faith the Linux developers won't let us down and this is only one reason we choose to use Linux.
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,843
Reaction score
6,676
Credits
29,104
Back in September 2014, we had the Shellshock Virus aka The Bash Bug.

It was a flaw that had been unnoticed in the kernel for 20 years, the result of an error by a volunteer coder helping work on the kernel in the 90s.

Stephane Chevalas found the flaw and notified Chet Ramey, in a public forum, a mistake in my belief, a secure channel should have been used.

Within a day or so, a hacker had developed an exploit, and Bash Bug was the result.

Redhat and other community gurus swung into top gear, and within 36 hours patches were applied to the kernel and released, and all the major players adopted them. Problem solved, but not before a number of servers, and hence businesses had been compromised, which is tragic.

My points being that the community is strong, and rich in talent and spirit. It has moved swiftly before and will do so again, and as long as the blackhats act individually, the whitehats will always outnumber them.

I endorse Nelson's last line, and although I may change my signature soon, the part which says

...nothing is bulletproof, but i wear kevlar - i use linux:D

... still applies.

Cheers all and

Avagudweegend

Wizard
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation


Latest posts

Top