
Security researchers have discovered at least two Linux-based variants of a Trojan that for years has been infecting Windows systems. Dubbed "Turla," the Trojan has been around for four years or more and has infected hundreds of Windows machines in use at government institutions, embassies, military facilities, educational institutions, and research and pharmaceutical companies.
According to TechNewsWorld, security outfit Kaspersky Lab discovered the two variants running on Linux. One is a C/C++ executable statically linked against multiple libraries and stripped of symbol information, presumably so it would difficult for researchers to reverse engineer. Details of the second variant haven't been released by Kaspersky.
These are highly sophisticated malware samples that appear to have come from Russia. Some researchers believe they're government funded, which would make sense given the institutions they've been targeting.
The Turla sampled described above is based on a proof-of-concept backdoor malware that has been around for several years. It provides remote access to systems without showing an open port at all times -- a trick it accomplishes by using a sniffer to capture packets.
The Linux Turla can also hide itself without elevated priveleges as it runs arbitrary remote commands. That means it will still function as intended even if a regular user with limited privileges launches it.
Image Credit: Flickr (adam.hartling.ns)
Follow Paul on Google+, Twitter, and Facebook
More...