question

sachinChand-2531 avatar image
0 Votes"
sachinChand-2531 asked prmanhas-MSFT commented

Protect Gen V1 VM running ubuntu 18.04. threats from Drovorub.

have a Gen V1 VM running ubuntu 18.04. There is a request to enable UEFI boot to remediate threats from Drovorub. Is there a process of best practices to protect Azure VM on Linux from Drovorub?

azure-virtual-machinesazure-security-center
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi!

According your description, this issue is not related to Teams for Linux scope and I will remove this tag from your issue.

Thanks for your understanding!

1 Vote 1 ·

@sachinChand-2531 Any update on the issue?

If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.

Thanks

1 Vote 1 ·

1 Answer

prmanhas-MSFT avatar image
1 Vote"
prmanhas-MSFT answered

@sachinChand-2531 Apologies for the delay in response and all the inconvenience caused because of the issue.

Drovorub is a malware framework consisting of several components, including a kernel rootkit, tools for file transfer and port forwarding, and a command-and-control (CC) server.

Drovorub communicates with the CC server and hides its presence on the target system. It provides the attackers with file upload and download capabilities, as well as arbitrary command execution (with root privileges) and port or network traffic forwarding to other hosts on the network.

As with other rootkits and backdoors, an attacker needs to first compromise the target system by an unrelated exploit, before Drovorub can be deployed.

You can refer to this article which consist of generic steps to follow on the Linux System.

This article contains security recommendations for Azure Virtual Machines. Follow these recommendations to help fulfill the security obligations described in our model for shared responsibility. The recommendations will also help you improve overall security for your web app solutions.

Another approach is to use policies on virtual machines in Azure.You can refer to this,which is a general advisory from Microsoft side for securing your Virtual Machine which is applicable for all the vulnerabilities and malware in general.

Hope it helps!!!

Do let me know in case of any queries.

Please 'Accept as answer' if it helped, so that it can help others in the community looking for help on similar topics



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.