Turla Trojan Unearthed on Linux

I read today a Technewsorld article entitled Turla Trojan Unearthed on Linux where it is claimed that Turla, a hard-to-spot Trojan that has for years bedeviled Windows systems, has been discovered to have at least two Linux variants (spotted by Kaspersky Lab). The Linux Turla maintains stealth without requiring elevated privileges while running arbitrary remote commands. The malware cannot be discovered using netstat, a command-line administrative tool, Kaspersky Lab said, and it uses techniques that don’t require root access.

Its not clear to me from the article what the countermeasures may be, nor how the Trojan is spread. My guess is it is not too wide spread yet, and it may be used mostly by government sources wanting to hack other government sources, although I could be wrong.

See also:

Thanks. I note in that article it states:

Turla for Linux requires an ID and an existing network interface name to begin execution. These can be inputted from STDIN or from a dropper launching the sample. Once the process is launched, the backdoor’s process PID is returned.

I don’t really understand that well, but it suggests to me that this Trojan does not propagate easily and one must be tricked into installing malware to be infected. Or am I reading this wrong ?

Likewise, because the [specialist] security journalists use jargon. To me, unlike a virus that can self-propagate, a Trojan is propagated by a hacker with a keyboard and its arrival on target requires trickery either via email (worm or attachment) or clicking something on a website.

From the article, I assume the executable requires a normal UID and name of an active network interface (e.g. wlan0) before it can open a backdoor process for communication with the remote hacker/operator. That input is provided by some other agent (program or person). The remote hacker then gets access to anything at least available to the normal UID.

That seems to be my take-away, as well. This is all too vague and too much breezy jargon for me to put a lot of faith in. At this point, I question the validity and the threat potential. But, I would also keep a cautionary eye out.

And according to;

Very low risk…

And the linux version…

Under the Technical Details tab, I see a nice list of Security reminders and advice. Always good to reread lists like this to refresh your Security awareness level.