View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 9, 2014

Turla malware now targets Linux

Hackers can use virus to remotely execute code without privilege escalation.

By Jimmy Nicholls

A variant of Turla malware has been found targeting the operating system Linux, according to the security company Kaspersky Lab.

Dubbed Linux Turla, the virus allows hackers to sent hidden communications through networks and execute commands on infected machines remotely, with much of the code said to be taken from public sources.

Kurt Baumgartner and Costin Raiu, security researchers at Kaspersky, said the malware "maintains stealth without requiring elevated privileges while running arbitrary remote commands", and is based on network sniffer cd00r.

"It can’t be discovered via netstat, a commonly used administrative tool," they added. "It uses techniques that don’t require root access, which allows it to be more freely run on more victim hosts.

"Even if a regular user with limited privileges launches it, it can continue to intercept incoming packets and run incoming commands on the system."

Some of the malicious code in the virus appears to be inactive and was perhaps left over from older versions, according to the firm, with the malware also having "an unusual command and control (C&C) mechanism" and a hostname fitting previous variants of Turla.

"The discovery of this Turla module rises one big question," Baumgartner and Raiu added. "How many other unknown Turla variants exist?"

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.