Tuesday, December 9, 2014

Linux Turla Malware Infection? Not Going to Happen.

cdoor.c - packet coded backdoor (credit: phenolit.de)
C'mon.  Here is yet another sensational report 'wishing' that Linux is infection prone.  It isn't okay?

The SecureList authors imply that there is a Linux version of a known Windows malware, called Turla.  Conveniently, they call it a variant.

Where is the documentation for a Linux 'vector of infection'?  Oops, somehow, they forgot to include it.

Including the source code doesn't count as documentation for vector of infection.  It merely documents the program's purpose, not how it lands on a Linux PC.

On the other hand, one can visit Kaspersky to see it is well-documented for Windows.

This code simply isn't in any Linux repository.

That means one must intentionally deviate and go outside of the keyring-protected repo of applications 'into the wild' to obtain this rogue software.

By definition, a trojan, requires one to install the application and then explicitly run it to have its 'payload' execute.

In the conclusion of the SecureList story, the authors wrote:

"Although Linux variants from the Turla framework were known to exist, we haven't seen any in the wild yet."
Paleeze.  This sensational reporting has got to stop.

Known to exist?  Based on what exactly?  Again, no details.

Folks, Fedora Linux is the safest operating system on the Planet.

I stake my reputation on it.  -- Dietrich


Post a Comment