One of the first few argument in why should you switch to Linux is that Linux is secure and virus free. It is widely perceived by most of the Linux users that Linux is immune to viruses, which is true to an extent but not entirely.
Like any other OS, Linux too is not immune to malware, trojan, rootkit, virus etc. There have been several famous Linux viruses. But if you compare those to that of Windows, the number is infinitesimal. So, why am I talking about Linux viruses today then? Because a new trojan has been detected in market which might be impacting Linux systems.
Turla infects Linux systems as well
Few months back a sophisticated cyber espionage program, nicknamed Turla, was detected. It was supposed to be originated in Russia, allegedly with Russian government backing. The spyware program was targeting government organizations in Europe and the United States for four years.
In a recent report, researchers at Kaspersky has found that Turla was not only affecting Windows system but also Linux operating system. Kaspersky researchers have termed it the ‘missing piece of Turla puzzle’. As per the report:
“This newly found Turla component supports Linux for broader system support at victim sites. The attack tool takes us further into the set alongside the Snake rootkit and components first associated with this actor a couple years ago. We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet.”
What is this Linux module of Turla and how dangerous it is?
Going by the Kaspersky report,
The Linux Turla module is a C/C++ executable statically linked against multiple libraries, greatly increasing its file size. It was stripped of symbol information, more likely intended to increase analysis effort than to decrease file size. Its functionality includes hidden network communications, arbitrary remote command execution, and remote management. Much of its code is based on public sources.
Report also mentions that this trojan doesn’t require elevated privileges (read root) while running arbitrary remote commands and it cannot be discovered by commonly used administrative tools. Personally, I doubt their claims.
So, as a Linux desktop user, should you be scared? In my opinion, it is too early to go in to panic mode as we experienced with ShellShock Linux bug. Turla was originally intended for government organization, not common users. Let’s wait and watch for more concrete news. I’ll keep on updating this article. Till then enjoy Linux.