North Korea Did it!

cavallal — Thu, 08 Jan 2015 05:56:57 +0000

Well, after so much speculation the FBI Director James Comey unveiled information on Wednesday that he said provides a “very clear indication” that North Korea perpetrated the massive cyber attack against Sony.

Newsweek reported the story Now, with the announcement of sanctions and perhaps other forms of civil retaliation this single act may be the starting point in which countries will start taking formal and public actions against cyber attacks. I don’t intend to speculate on what those actions may be but certainly a change, only time will tell if it’s for the good or the beginning of taking wars to the electronic frontier.

Do we need antivirus in Linux?

cavallal — Tue, 09 Dec 2014 00:58:45 +0000

The most common answer to the age old question is probably no. We as a community of security practitioners may have to update our position on this one given the latest findings in terms of Turla. A stealth trojan that steals data from systems. Turla is not exclusive to Linux, it is also available in its Windows variant but the ultimate goal is the same.

Hard to detect but with some behaviors that make detection possible. For instance outgoing traffic to 80.248.65.183 or the string “TREX_PID=%u” and “Remote VS is empty !” will help you identify the culprit.

Have your SIEMS or use our old friend grep or yara to look for these. Keep in ind that Turla is considered a sophisticated advanced persistent threat (APT).

Happy trojan hunting.

InfoSecBits » Uncategorized

North Korea Did it!

Do we need antivirus in Linux?