OutlawCountry Revealed by WikiLeaks

[Simmonz]

So a new reveal from Wikileaks from the Vault7 documents is called OutlawCountry and it effects Linux. It is a piece of malware that will send traffic from the infected Linux machine to CIA servers. From what I can read it seems to have been made for kernel 2.6 which is quite old so I am not even sure if this would effect any system running a newer kernel. It wa salso developed for Red Hat Enterprise Linux 6.x and CentOS 6.x so in theory anyone running a different distro could be fine. Lot more questions than answers right now.

Anyone know if this is still a valid threat for Linux or can chime in ? It should be no surprise that Linux can be targetted as it isn't bullet proof but they seem to have a lot more tools at their disposal for Windows than Linux. The goodf news is that RedHat is looking into it so hopefully they, or anyone else, can begin working on fixes.

http://www.zdnet.com/article/linux-malware-leak-exposes-cias-outlawcountry-hacking-toolkit/

https://access.redhat.com/solutions/3099221

 

[Frobozz]

I was listening to a podcast today that mentioned this (Linux Unplugged, I think.. might have been Linux Action News) and the way they described it was that it uses IPtables to forward traffic to {{ traffic snooper server }}. It ships in the form of a kernel module so that it can do its magic without affecting or being affected by existing IPTables configs. There's the need for root privs in order to install, so it'll need to be paired with another exploit or "hack the human".

It looks like the RedHat page has been updated.

Red Hat Enterprise Linux 6 and derivatives running 64-bit kernel version 2.6.32
Red Hat Enterprise Linux 5 and 7 are not impacted

My question is if the author is a fan of Archer, or if it's just a coincidence...