I think you might be better off with a mainstream anti-malware software product, rather than attempting to help update rkhunter to assist in a timely manner. I'll first point out that the current version was released over 2-½ years ago which is not all that unusual over it's lifetime. The first article you provided links for already contains Snort and Yara pattern signatures that could be used immediate with an anti-malware product that support such things.
I'm strictly a macOS user, so can't speak to what might be your best bet, but do know that ClamAV supports whatever flavor of Linux you are using, as well as the above signatures and it's also free, if that's a consideration. Sent from my iPad -Al- > On Aug 28, 2020, at 08:58, Dan Benton <d...@dogsbody.org> wrote: > > Hi All, > > I've been trying to get to the bottom of Drovorub, a Russian malware suite > that targets Linux. > > It would be great if RKHunter could help identify and protect systems from > this attack. > > The best technical details are on page 35 of the NSA and FBI advisory... > https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF > > TL;DR fact sheet... > https://www.nsa.gov/Portals/70/documents/resources/cybersecurity-professionals/DROVORUB-Fact%20sheet%20and%20FAQs.pdf?ver=2020-08-13-114246-203 > > How can I help implement this feature? > > Dan > > > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
