Saturday, December 13, 2014
A new 'Turla' Trojan sample has been discovered that targeting Linux operating systems. The previous 'Turla' Trojan targeted Windows operating system but the newly discovered sample supports Linux operating systems too.
The malware static linking to all required external libraries which makes it independent from
libraries and their versions installed on the victim machine.
'Turla' is derived from publicly available backdoor cd00r (http://www.phenoelit.org/
stuff/cd00r.c) and it doesn't
require administrator (root) privileges and could be executed by any user.
Once, the 'Turla' Trojan executed, it starts a network sniffer and listen for a specific network packet. Once the packet received 'Turla' activates backdoor functionality.
The first 'Turla' Trojan sample was discovered in yearly 2012 when it was used to attack government computers and servers.
At the time this post was written, new sample was already detected by almost 50% of major antivirus engines
file/ 3e138e4e34c6eed3506efc7c805fce 19af13bd62aeb35544f81f111e83b5 d0d4/analysis/