OutlawCountry malware sends traffic from Linux machines to the CIA’s servers.

WikiLeaks’ latest Vault7 release of leaked CIA documents detailing its hacking tools reveals malware called OutlawCountry that targets Linux systems.

OutlawCountry is described in documents dated June 4, 2015 as a kernel module for Linux 2.6 that allows CIA operators to redirect outbound traffic to a server they control by creating an hidden netfilter or iptables table. Netfilter is a packet-filtering framework within the Linux kernel’s networking stack.

OutlawCountry creates a hidden netfilter table with an “obscure name”, which the operator can use to create new rules that override existing netfilter rules. The new rules can only be seen by an admin if the table name is known, which, according to the documents, is ‘dpxvke8h18’.

The malware is designed for Red Hat Enterprise Linux 6.x and CentOS 6.x systems with the 6.4-bit 2.6.32 version of the Linux kernel. However, the operator needs to have already compromised the target to load a malicious module and must have gained root privileges to operate the malware.

WikiLeaks notes that an “operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system”.

RedHat’s advisory for OutlawCountry describes the command to use to determine if the CIA’s kernel module has been loaded.

WikiLeaks dumped over 8,000 CIA documents when it launched Vault 7 in March and has released several documents a month detailing specific CIA malware programs.

OutlawCountry is the 14th malware program detailed in the series. Earlier this month it released details of ‘Elsa’ for tracking the location of Windows PCs, ‘Brutal Kangaroo’ for hopping across air-gapped networks via an infected USB stick, the ‘CherryBlossom’ router malware, and ‘Pandemic’, which targeted Windows file-sharing.

From:http://www.zdnet.com/article/linux-malware-leak-exposes-cias-outlawcountry-hacking-toolkit/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial