Saturday, December 13, 2014

'Turla' Malware Now Supports Linux

New Sample Of 'Turla' Backdoor - Linux Version

Turla Malware


A new 'Turla' Trojan sample has been discovered that targeting Linux operating systems. The previous 'Turla' Trojan targeted Windows operating system but the newly discovered sample supports Linux operating systems too. 

The malware static linking to all required external libraries which makes it independent from
libraries and their versions installed on the victim machine.
'Turla' is derived from publicly available backdoor cd00r (http://www.phenoelit.org/stuff/cd00r.c) and it doesn't 
require administrator (root) privileges and could be executed by any user.
Once, the 'Turla' Trojan executed, it starts a network sniffer and listen for a specific network packet. Once the packet received 'Turla' activates backdoor functionality. 

The first 'Turla' Trojan sample was discovered in yearly 2012 when it was used to attack government computers and servers.

At the time this post was written, new sample was already detected by almost 50% of major antivirus engines