Re: [PLUG] The 'Penquin' Turla

Keith C. Perry on 8 Dec 2014 21:49:44 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] The 'Penquin' Turla

From: "Keith C. Perry" <kperry@daotechnologies.com>
To: "K.S. Bhaskar" <bhaskar@bhaskars.com>
Subject: Re: [PLUG] The 'Penquin' Turla
Date: Tue, 09 Dec 2014 00:49:31 -0500
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

I'm not sure about this write up.  Regular users can launch network listeners on ports above 1024 so that has nothing to do with root access.  That's not an automatic flag for a problem.

Network c&c, although slick, probably would set off heuristic security devices that do higher layer protocol inspection.  Such devices tend to be easy to set off as well.  Manually inspecting traffic would reveal this as well.

---
KP-

On Dec 9, 2014 12:10 AM, "K.S. Bhaskar" <bhaskar@bhaskars.com> wrote:
>
> Anyone know whether this just smoke - https://securelist.com/blog/research/67962/the-penquin-turla-2/ - or have other insight to offer?  Thanks.
>
> Regards
> -- Bhaskar
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] The 'Penquin' Turla
  - From: brent timothy saner <brent.saner@gmail.com>

Prev by Date: [PLUG] The 'Penquin' Turla
Next by Date: Re: [PLUG] The 'Penquin' Turla
Previous by thread: [PLUG] The 'Penquin' Turla
Next by thread: Re: [PLUG] The 'Penquin' Turla
Index(es):
- Date
- Thread