Computer Software > Security

Linux Kernel: Russian Drovorub Malware

(1/2) > >>

burakkucat:
Here is a link to the USA NSA FBI Cybersecurity Advisory titled "Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware", downloadable as a PDF file.

The contents is relevant to all users of those OS' that deploy a Linux kernel.

Alex Atkin UK:
TMI, surely all we need to know is how you get infected and if there is anything we can do to avoid it?

I assume the only way to avoid this is enabling mandatory module signing?  Which by default is off as it would break NVIDIA support.

broadstairs:
That document says kernel signing enforcement is there from v3.7 and one should update to at least that level, assuming the numbers are the same my kernel is 5.7 on openSUSE Tumbleweed and 4.? (not sure the point value) on Leap!

Stuart

meritez:

--- Quote from: Alex Atkin UK on August 25, 2020, 02:22:01 AM ---TMI, surely all we need to know is how you get infected and if there is anything we can do to avoid it?

I assume the only way to avoid this is enabling mandatory module signing?  Which by default is off as it would break NVIDIA support.

--- End quote ---

Easier read here: https://hackaday.com/2020/08/22/fbi-reports-on-linux-drovorub-malware/

"The rootkit won’t persist if you have UEFI boot fully enabled"

Alex Atkin UK:

--- Quote from: meritez on August 25, 2020, 10:38:52 AM ---Easier read here: https://hackaday.com/2020/08/22/fbi-reports-on-linux-drovorub-malware/

"The rootkit won’t persist if you have UEFI boot fully enabled"

--- End quote ---

I assume they mean secure boot, which again has to be turned off for none-signed kernel modules which is presumably how this infection works.

So basically you're still screwed if you have an NVIDIA GPU and need to use the official binary.

Navigation

[0] Message Index

[#] Next page