FYI - FBI and NSA release warning about Drovorub

Attacks only high value Linux systems.

Hard to say why the FBI and NSA went to the extra trouble to release a public warning about a week ago.
After reading various articles about it (There are a few by now, plus videos) I don’t think it’s the kind of malware that’s likely going to be widely distributed to where it poses a threat to the world at large.

It looks to me that’s a highly effective exploit that would likely be used against high value security targets.
In other words, this is likely something to be aware of if you’re in possession of something valuable.

Like NSA secrets.
Like any kind of government files, communications, assets.
A business with valuable economic, research or Intellectual Property value.
Running a large network.
Anything related to elections and political parties.

That kind of stuff.
If you’re managing a network that might be worth the attention of a sophisticated Russian hacking group that makes it worthwhile to attack you with a highly complex exploit but once compromised is nearly impossible to detect, read on.

My summary of whats important:
This type of malware is primarily composed of two parts, an “Application” that runs in user mode likely running with root permissions and a kernel module which contains most of its functionality, and therefor has rootkit features since scanners can’t normally identify anything running in kernel mode.

Attack vectors:
Unknown. The publication only describes mitigations which hints at possible vectors, but nothing is detailed.

This is what you are advised to do to prevent infection and compromise.
Patch incessantly of course. Don’t expose yourself to an Internet of threats.
An important feature of drovorub is the custom built kernel module. Don’t install or leave compilers on your machine or restrict who has access. Be aware that if the attacker has gained root access, this may not be enough.
As always, protect your root access by hardening your machine, restricting use and access by root and be vigilant.

Opinions and interpretations my own,