Jump to content

Linux malware: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Line 8: Line 8:
Like other Unix systems, Linux implements a [[multi-user]] environment where users are granted specific [[Privilege (computing)|privileges]] and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system.<ref name="Yeargin"/>
Like other Unix systems, Linux implements a [[multi-user]] environment where users are granted specific [[Privilege (computing)|privileges]] and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system.<ref name="Yeargin"/>


One of the vulnerabilities of Linux is that many users think it is not vulnerable to viruses. Tom Ferris, a researcher with [[Mission Viejo, California]]-based Security Protocols, said in 2006, "In people's minds, if it's non-Windows, it's secure, and that's not the case. They think nobody writes [[malware]] for Linux or [Mac] OS X. But that's not necessarily true&nbsp;..."<ref name="Patrizio"/>
One of the vulnerabilities of Linux is that many users think it is not vulnerable to viruses. Tom Ferris, a researcher with [[Mission Viejo, California]]-based Security Protocols, said in 2006, "In people's minds, if it's non-Windows, it's secure, and that's not the case. They think nobody writes [[malware]] for Linux or Mac OS X. But that's not necessarily true&nbsp;..."<ref name="Patrizio"/>


Shane Coursen, a senior technical consultant with [[Kaspersky Lab]] noted, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system&nbsp;... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."<ref name="Patrizio"/>
Shane Coursen, a senior technical consultant with [[Kaspersky Lab]] noted, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system&nbsp;... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."<ref name="Patrizio"/>

Revision as of 09:07, 27 October 2008

The Linux operating system, Unix and other Unix-like computer operating systems are generally regarded as well-protected against computer viruses.[1]

There has not yet been a single widespread Linux malware threat of the type that Microsoft Windows software currently faces; this is commonly attributed to the malware's lack of root access and fast updates to most Linux vulnerabilities.[2] Microsoft apologists think that this is because there is less incentive for a programmer to write malware for Linux due to its relatively low market share (90.66% Windows vs 0.93% Linux).[3]. However, this does not explain why IIS is more affected by worms than the free Apache despite having a far lower market share.

The number of malicious programs—including viruses, Trojans, and other threats—specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863.[4]

Linux vulnerability

Like other Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system.[2]

One of the vulnerabilities of Linux is that many users think it is not vulnerable to viruses. Tom Ferris, a researcher with Mission Viejo, California-based Security Protocols, said in 2006, "In people's minds, if it's non-Windows, it's secure, and that's not the case. They think nobody writes malware for Linux or Mac OS X. But that's not necessarily true ..."[4]

Shane Coursen, a senior technical consultant with Kaspersky Lab noted, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."[4]

The viruses listed below still pose a potential, although minimal, threat to Linux systems. If an infected binary containing one of the viruses were run, the system would be infected. The infection level would depend on which user with what privileges ran the binary. A binary run under the root account would be able to infect the entire system. Privilege escalation vulnerabilities may permit malware running under a limited account to infect the entire system.

The use of software repositories significantly reduces any threat of installation of malware, as the software repositories are checked by maintainers, who try to ensure that their repository is malware-free. Subsequently, to ensure safe distribution of the software, md5 checksums are made available. An additional line of defense is the careful use of these digital signatures, which prevent the hijacking of communications using a man-in-the-middle attack or via a redirection attack such as arp or DNS poisoning. This limits the scope of attacks to include only the original authors and those that have administrative access to the repository itself.

Cross-platform viruses

A new area of concern identified in 2007 is that of cross-platform viruses, driven by the popularity of cross-platform applications. This was brought to the forefront of malware awareness by the distribution of an Openoffice.org virus called Bad Bunny.

Stuart Smith of Symantec wrote the following:

"What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plug-ins, ActiveX, etc, can be abused. All too often, this is forgotten in the pursuit to match features with another vendor... [T]he ability for malware to survive in a cross-platform, cross-application environment has particular relevance as more and more malware is pushed out via Web sites. How long until someone uses something like this to drop a JavaScript infector on a Web server, regardless of platform?"[5]

Anti-virus applications

There are several anti-virus applications available for Linux computers, including:

SecurityFocus's Scott Granneman stated,

...some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users."[1]

Threats

The following is a partial list of known Linux malware:

Trojans

  • Kaiten - Linux.Backdoor.Kaiten trojan horse[9]
  • Rexob - Linux.Backdoor.Rexob trojan[10]

Viruses

  • Alaeda - Virus.Linux.Alaeda[11]
  • Bad Bunny - Perl.Badbunny[5][12]
  • Binom - Linux/Binom[13]
  • Bliss
  • Brundle[14]
  • Bukowski[15]
  • Diesel - Virus.Linux.Diesel.962[16]
  • Kagob a - Virus.Linux.Kagob.a[17]
  • Kagob b - Virus.Linux.Kagob.b[18]
  • MetaPHOR (also known as Simile)[19]
  • Nuxbee - Virus.Linux.Nuxbee.1403[20]
  • OSF.8759
  • Podloso - Linux.Podloso (The iPod virus)[21][22]
  • Rike - Virus.Linux.Rike.1627[23]
  • RST - Virus.Linux.RST.a[24]
  • Satyr - Virus.Linux.Satyr.a[25]
  • Staog
  • Vit - Virus.Linux.Vit.4096[26]
  • Winter - Virus.Linux.Winter.341[27]
  • Winux (also known as Lindose and PEElf[28]
  • ZipWorm - Virus.Linux.ZipWorm[29]

Worms

References

  1. ^ a b Granneman, Scott (2003). "Linux vs. Windows Viruses". Retrieved 2008-03-06. {{cite web}}: Unknown parameter |month= ignored (help)
  2. ^ a b Yeargin, Ray (2005). "The short life and hard times of a linux virus". Retrieved 2008-06-24. {{cite web}}: Unknown parameter |month= ignored (help)
  3. ^ Market share of operating systems, Net Applications, retrieved Sept 5 2008
  4. ^ a b c Patrizio, Andy (2006). "Linux Malware On The Rise". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  5. ^ a b Smith, Stuart (2007). "Bad Bunny". Retrieved 2008-02-20. {{cite web}}: Unknown parameter |month= ignored (help)
  6. ^ "ESET File Security - Antivirus Protection for Linux, BSD, and Solaris". Eset. Retrieved 2008-10-26.
  7. ^ "ESET Mail Security - Linux, BSD, and Solaris mail server protection". Eset. Retrieved 2008-10-26.
  8. ^ "ESET NOD32 Antivirus for Linux Gateway® Devices". Eset. Retrieved 2008-10-26.
  9. ^ Florio, Elia (2006). "Linux.Backdoor.Kaiten". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  10. ^ Florio, Elia (2007). "Linux.Backdoor.Rexob". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  11. ^ Kaspersky Lab (2007). "Virus.Linux.Alaeda". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  12. ^ Smith, Stuart (2007). "Perl.Badbunny". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  13. ^ McAfee (2004). "Linux/Binom". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  14. ^ Rieck, Konrad and Konrad Kretschmer (2001). "Brundle Fly 0.0.1 - A Good-Natured Linux ELF Virus". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  15. ^ de Almeida Lopes, Anthony (2007). "Project Bukowski". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  16. ^ Kaspersky Lab (2002). "Virus.Linux.Diesel.962". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  17. ^ Kaspersky Lab (2001). "Virus.Linux.Kagob.a". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  18. ^ Kaspersky Lab (undated). "Virus.Linux.Kagob.b". Retrieved 2008-03-08. {{cite web}}: Check date values in: |year= (help)CS1 maint: year (link)
  19. ^ The Mental Driller (2002). "Metamorphism in practice or "How I made MetaPHOR and what I've learnt"". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  20. ^ Kaspersky Lab (2001). "Virus.Linux.Nuxbee.1403". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  21. ^ Ferrie, Peter (2007). "Linux.Podloso". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  22. ^ Ferrie, Peter (2007). "The iPod virus". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  23. ^ Kaspersky Lab (2003). "Virus.Linux.Rike.1627". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  24. ^ Kaspersky Lab (2002). "Virus.Linux.RST.a". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  25. ^ Kaspersky Lab (2001). "Virus.Linux.Satyr.a". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  26. ^ Kaspersky Lab (2000). "Virus.Linux.Vit.4096". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  27. ^ Kaspersky Lab (2000). "Virus.Linux.Winter.341". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  28. ^ Rautiainen, Sami; et al. (2001). "F-Secure Virus Descriptions : Lindose". Retrieved 2008-03-08. {{cite web}}: Explicit use of et al. in: |first= (help); Unknown parameter |month= ignored (help)
  29. ^ Kaspersky Lab (2001). "Virus.Linux.ZipWorm". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  30. ^ Kaspersky Lab (2001). "Net-Worm.Linux.Adm". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  31. ^ Rautiainen, Sami (2001). "F-Secure Virus Descriptions : Adore". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  32. ^ Kaspersky Lab (2001). "Net-Worm.Linux.Cheese". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  33. ^ Rautiainen, Sami (2001). "F-Secure Virus Descriptions : Kork". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  34. ^ Kaspersky Lab (2002). "Net-Worm.Linux.Mighty". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  35. ^ Perriot, Frederic (2007). "Linux.Millen.Worm". Retrieved 2008-03-08. {{cite web}}: Unknown parameter |month= ignored (help)
  36. ^ Rautiainen, Sami; et al. (2002). "F-Secure Virus Descriptions : Slapper". Retrieved 2008-03-08. {{cite web}}: Explicit use of et al. in: |first= (help); Unknown parameter |month= ignored (help)
  37. ^ Voss, Joel (2007). "SSH Bruteforce Virus by AltSci Concepts". Retrieved 2008-03-13. {{cite web}}: Unknown parameter |month= ignored (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Linux_malware&oldid=247947800"