¶ Overview
Drovorub is a malware and not a new vulnerability.
Drovorub is Linux malware attributed to a nation-state actor that targets Linux systems. Once in effect, it allows persistent remote access by an attacker.
The Drovorub malware is part of a malware campaign that requires multiple steps to function correctly.
The malware alone does not provide immediate access to a system and requires an existing vulnerability or vulnerabilities to be exploited to gain root access before it can be used.
This malware is not an exploit, and it requires that attackers gain root privileges using another vulnerability before successful installation
To prevent attacks, the agency recommends that US organizations update any Linux system to a version running kernel version 3.7 or later, "in order to take full advantage of kernel signing enforcement," a security feature that would prevent APT28 hackers from installing Drovorub's rootkit.
For Articatech, enabling Kernel signing enforcement make some pre-compiled modules unavailable and should make the system unstable.
¶ About Artica V3
Currently Artica V3 use a Linux kernel version 3.2.0-4-amd64 and if you use Artica as Proxy, put the proxy in a LAN protected by your FireWall in order to prevent access from Internet.
The Debian LTS team announced that the Debian 7 “Wheezy” has officially ended its life cycle on May 31, 2018, five years after its release.
They will no longer provide any security updates for Debian 7.
We strongly encourage to switch to Artica V4.
¶ About Artica V4
Artica V4 use the kernel version 4.9.0-7-amd64 or above the v4.30 Patch 56 enables the kernel.modules_disabled feature and use a watchdog that detects in real-time the presence of Drovorub.
Warning, this operation will make the Deep Packet Inspection and Firewall features unavailable
In System Information if the "Disable Automatic Loading Modules" is active, then you are under the security patch
Additionally the list of loaded Kernel modules can be displayed in the System Information.
If you click on the number of loaded modules, you can see the list of loaded modules by the kernel.
