Drovorub has a sophisticated modular architecture,[3] containing an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control server.[2] Drovorub has been described as a "Swiss-army knife for hacking Linux".[4]
The U.S. government report that first identified Drovorub recommends the use of UEFI Secure Boot and Linux's native kernel module signing facility to resist Drovorub attacks.[5]