Linux malware

Linux malware includes viruses, trojans, worms and other types of malware that affect the Linux operating system. Linux, Unix and other Unix-like computer operating systems are generally regarded as well-protected — but not immune from — computer viruses. According to advocates like Scott Granneman, Linux provides better protection compared to Microsoft Windows.

There has not yet been a widespread Linux malware threat of the type that Microsoft Windows software faces; this is commonly attributed to the malware's lack of root access and fast updates to most Linux vulnerabilities. These are the equivalents of User Account Control and Windows Update in modern Windows operating systems.

The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863.

Linux vulnerability

Like Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system.

Some Linux users run Linux-based anti-virus software to scan insecure documents and email which comes from or is going to Windows users. SecurityFocus's Scott Granneman stated:

The total number of viruses has passed the one million boundary. If the 4 % Linux adoption would be proportional to the amount of malware for this system, we would expect to see at least several thousands of viruses and worms. This may be near an order of magnitude more than observed. Hence minority may not be the only reason contributing to Linux security.

Because they are predominantly used on mail servers which may send mail to computers running other operating systems, Linux virus scanners generally use definitions for, and scan for, all known viruses for all computer platforms. For example the open source ClamAV "Detects ... viruses, worms and trojans, including Microsoft Office macro viruses, mobile malware, and other threats."

Viruses and trojan horses

The viruses listed below pose a potential, although minimal, threat to Linux systems. If an infected binary containing one of the viruses were run, the system would be infected. The infection level would depend on which user with what privileges ran the binary. A binary run under the root account would be able to infect the entire system. Privilege escalation vulnerabilities may permit malware running under a limited account to infect the entire system.

It is worth noting that this is true for any malicious program that is run without special steps taken to limit its privileges. It is trivial to add a code snippet to any program that a user may download and let this additional code download a modified login server, an open mail relay or similar and make this additional component run any time the user logs in. No special malware writing skills are needed for this. Special skill may be needed for tricking the user to run the (trojan) program in the first place.

The use of software repositories significantly reduces any threat of installation of malware, as the software repositories are checked by maintainers, who try to ensure that their repository is malware-free. Subsequently, to ensure safe distribution of the software, md5 checksums are made available. These make it possible to reveal modified versions that may have been introduced by e.g. hijacking of communications using a man-in-the-middle attack or via a redirection attack such as ARP or DNS poisoning. Careful use of these digital signatures provides an additional line of defense, which limits the scope of attacks to include only the original authors, package and release maintainers and possibly others with suitable administrative access, depending on how the keys and checksums are handled.

Vulnerability to trojan horses and viruses results from users willing to run code from sources that should not be trusted and to some extent about distributions not by default checking the authenticity of software downloaded while a system was the target of an attack.

Worms and targeted attacks

The classical threat to Unix-like systems is vulnerabilities in network daemons, such as ssh and WWW servers. These can be used by worms or for attacks against specific targets. As servers are patched quite quickly when a vulnerability is found, there have been only a few widespread worms of this kind. As specific targets can be attacked through a vulnerability that is not publicly known there is no guarantee that a certain installation is secure. Also servers without such vulnerabilities can be successfully attacked through weak passwords.

WWW scripts

Linux servers may also be used by malware without any attack against the system itself, where e.g. WWW content and scripts are insufficiently restricted or checked and used by malware to attack visitors. Typically a CGI script (meant for leaving comments) by mistake allows inclusion of code exploiting vulnerabilities in the browser.

Buffer overruns

Older Linux distributions were relatively sensitive to buffer overrun attacks: if the program did not care about the size of the buffer itself, the kernel provided only limited protection, allowing an attacker to execute arbitrary code under the rights of the vulnerable application under attack. Programs that gain root access even when launched by a non-root user (via the setuid bit) were particularly attractive to attack. However as of 2009 most of the kernels include address space randomization, enhanced memory protection and other extensions making such attacks much more difficult to arrange.

Cross-platform viruses

A new area of concern identified in 2007 is that of cross-platform viruses, driven by the popularity of cross-platform applications. This was brought to the forefront of malware awareness by the distribution of an Openoffice.org virus called Bad Bunny.

Stuart Smith of Symantec wrote the following:

"What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plug-ins, ActiveX, etc, can be abused. All too often, this is forgotten in the pursuit to match features with another vendor... [T]he ability for malware to survive in a cross-platform, cross-application environment has particular relevance as more and more malware is pushed out via Web sites. How long until someone uses something like this to drop a JavaScript infector on a Web server, regardless of platform?"

Social engineering

Linux is as vulnerable to malware that tricks the user into installing it through social engineering as other operating systems. In December 2009 a malicious waterfall screensaver was discovered that contained a script that used the infected Linux PC in denial-of-service attacks.

Anti-virus applications

There are a number of anti-virus applications available for Linux, most of which are designed for servers, including:

Avast! (freeware and commercial versions)

AVG (freeware and commercial versions)

Avira (freeware and commercial)

Bitdefender (freeware and commercial versions)

ClamAV (free open source software)

Dr.Web (commercial versions) Eset (commercial versions)

F-Secure Linux (commercial)

Kaspersky Linux Security (commercial)

Linux Malware Detect (free open source software)

McAfee VirusScan Enterprise for Linux (commercial) Panda Security for Linux (commercial version) Root Kit Hunter

Sophos (commercial)

Symantec AntiVirus for Linux (commercial)

Trend Micro ServerProtect for Linux (commercial)

Threats

The following is a partial list of known Linux malware; however, few if any are in the wild, and most have been made obsolete by updates. Known malware is not the only or even the most important threat: new malware or attacks directed to specific sites can use vulnerabilities not previously known to the community or not previously used by malware.

Trojans

Kaiten - Linux.Backdoor.Kaiten trojan horse Rexob - Linux.Backdoor.Rexob trojan Waterfall screensaver backdoor - on gnome-look.org

Viruses

42 Arches Alaeda - Virus.Linux.Alaeda Bad Bunny - Perl.Badbunny Binom - Linux/Binom

Bliss - requires root privileges

Brundle Bukowski Caveat Coin Diesel - Virus.Linux.Diesel.962 Hasher Kagob a - Virus.Linux.Kagob.a Kagob b - Virus.Linux.Kagob.b Lacrimae (aka Crimea) MetaPHOR (also known as Simile) Nuxbee - Virus.Linux.Nuxbee.1403

OSF.8759

PiLoT Podloso - Linux.Podloso (The iPod virus) RELx Rike - Virus.Linux.Rike.1627 RST - Virus.Linux.RST.a (known for infecting Korean release of Mozilla Suite 1.7.6 and Thunderbird 1.0.2 in September 2005) Satyr - Virus.Linux.Satyr.a

Staog - made obsolete by updates

Vit - Virus.Linux.Vit.4096 Winter - Virus.Linux.Winter.341 Winux (also known as Lindose and PEElf) Wit virus ZipWorm - Virus.Linux.ZipWorm

Worms

Adm - Net-Worm.Linux.Adm Adore Cheese - Net-Worm.Linux.Cheese

Devnull

Kork

Linux/Lion

Mighty - Net-Worm.Linux.Mighty Millen - Linux.Millen.Worm

Ramen worm - targeted versions 6.2 and 7.0 of the Red Hat Linux distributions only

Slapper SSH Bruteforce

References

External links

Linux virus samples at VX Heavens

Linux viruses on VirusLibrary

Category:Linux viruses Linux computer viruses and worms Category:Linux

This text is licensed under the Creative Commons CC-BY-SA License. This text was originally published on Wikipedia and was developed by the Wikipedia community.

Email this Page

The Real reason Why Ubuntu Linux Doesn't Have Malware - Part 1

Duration: 9:00
Published: 2010-02-16
Uploaded: 2010-11-02
Author: kiernanholland

I created this video to give a few extra reasons why Linux doesn't have viruses besides the common ones that get thrown around, like "linux is not popular enough" or "linux distributions each use a different kernel that is recompiled with every release". These are valid reasons, but they are only the tip of the iceberg of arguments for Linux. Some think that if Linux was made popular it would increase the potential for malware to be written for Linux, and I point out in this video and the next one that this is a shallow argument because linux's package distribution process is nothing like how packages are distributed on Windows. And it is the lack of a path of "accountability" in the package install process on Windows that windows has a greater potential for malware. So, you can't have malware if there is higher accountability in the install process. So popularity and distro consistency doesn't even enter the argument. Malware is eliminated because it can't even get into the distribution. And malware authors would not even want to risk puting malware into the distribution because this means that they would have to be accountable, they who have to disclose their identity, email address and other such information. Also the fact that most linux software is in open source, makes it even harder to inject malware into the distribution because the malware author would have to release their source code to others to be perused. If anyone even catches that the program is malicious ...

Host File to Block Ads Malware Websites - Linux Mint 7

Duration: 5:22
Published: 2009-09-21
Uploaded: 2010-08-27
Author: gotbletu

Where's my hosts file? Windows 95 / 98 / ME: C:\Windows (I think) Windows NT: C:\WinNT\hosts Windows 2000: C:\WinNT\system32\drivers\etc\ Windows XP: C:\Windows\System32\drivers\etc FreeBSD / Linux / Mac OS X / Unixish operating systems: /etc/hosts someonewhocares.org pgl.yoyo.org more lmgtfy.com

LNLP #1017 | SCO Loses for Good, Linux Malware, and Chromoti

Duration: 10:02
Published: 2010-06-13
Uploaded: 2010-08-03
Author: quicksurfinternet

In This Episode: Judge deals possibly final blow to SCO over Linux, Linux infection proves Windows malware monopoly is over, VMware teams up with Novell on Suse Linux, HP Buys Linux, Virtualization Tech from Phoenix, Chrome OS to Support "Legacy" PC Apps Via "Chromoting", Adobe euthanizes Flash 10.1 for 64-bit Linux, The coming Linux shakeout, and 10 things not to like about Ubuntu 10.04.

Boonana malware running on Mac, Ubuntu Linux and Windows

Duration: 2:25
Published: 2010-10-29
Uploaded: 2010-11-06
Author: SophosLabs

A new version of the Koobface virus, also known as Boonana, can infect users on Windows, Mac and Linux. Learn more at nakedsecurity.sophos.com

The Real reason Why Ubuntu Linux Doesn't Have Malware - Part 2

Duration: 9:50
Published: 2010-02-16
Uploaded: 2010-11-12
Author: kiernanholland

Testing Windows Malware on Puppy Linux

Duration: 1:02
Published: 2009-09-16
Uploaded: 2010-08-30
Author: superjerjer1

I found this malware website when I'm searching something but firefox did not catch it, I'm curious besides I have puppy linux so I tested it.

malware attack on Linux

Duration: 2:22
Published: 2010-09-18
Uploaded: 2010-09-18
Author: joeyrdeleon

The Linux desktop is not much more secure than Windows

Duration: 6:05
Published: 2009-04-08
Uploaded: 2010-11-13
Author: jordanhollinger

Demonstrates various vectors of attack on a modern GNU/Linux desktop environment. The malware, using only user-level privileges, is able to steal the user's identity. In the meantime, it lies in wait, waiting for the user to give a legitimate program elevated access. It intercepts the elevation and installs itself with root privileges, giving it complete control over the system. For more technical and philosophical details, see www.jordanhollinger.com

Ultimate Proof Windows 7 Sucks OS Dilemma- Malware Install Fake AV

Duration: 9:37
Published: 2010-10-11
Uploaded: 2010-10-17
Author: longhairsRcool

Windows 7 still sucks and is prone to security threats and Malware as I show you in this Video. I like Linux but it lacks some features MAC OSX similar. Issues. What can you do?

malware-attack on linux

Duration: 1:10
Published: 2009-01-12
Uploaded: 2010-08-27
Author: 4240freetown

malware-attack on linux

Linux? EP 025 : Part 4 : Are Linux & Mac Users More Susceptible to Attack by Malware?

Duration: 12:52
Published: 2010-08-06
Uploaded: 2010-09-14
Author: TheShowThatSUX

While inherently more secure that dose not mean immune, in this part we look at some just bad behavior indicative of some Linux and Mac users that they would never do on a Windows system. James Center Box AKA www.youtube.com Jordan Left Box AKA www.youtube.com

Mastering IPTables, Part 2

Duration: 8:10
Published: 2008-10-17
Uploaded: 2010-11-19
Author: linuxjournalonline

Linux Journal Presents: Now with transcripts! This is part 2 of the IPTables tutorial series. Links: Part 1 video: www.linuxjournal.com Transcipt, Part 2: dark-code.bulix.org Firewall script, Part 2: dark-code.bulix.org For the previous episode: Transcript, Part 1: dark-code.bulix.org Firewall script, Part 1: dark-code.bulix.org

Protect Your Computer from Dangerous Viruses and Malware

Duration: 1:02
Published: 2010-05-26
Uploaded: 2010-07-16
Author: decozart

Hijackers,dialers,viruses,trojans,worms are some of the most common malware to attack computers.There are easy ways to protect your computer. install antivirus and turn on a firewall.

Check Website For Malware

Duration: 3:31
Published: 2009-05-01
Uploaded: 2010-08-21
Author: bullboykennels

www.itechster.com This tutorial will go over two sites that you may use in order to check sites for possible malware, while it's not 100% it does help in order to protect your OS system from possible infection. Both links will be listed below for your own testing. This will give you a brief overview if the site has been listed for any possible suspicious activity & if so what pages are at fault. McAfee http Google www.google.com Have Fun & Enjoy.

XBMC Review & New Chrome OS Details!

Duration: 48:42
Published: 2010-06-13
Uploaded: 2010-10-28
Author: jupiterbroadcasting

Linux Action Show s12e05: Has an unreal Trojan opened your Linux box's back door? Novel stikes a major deal that just might keep the cash flowing, we'll give you the details! We've got some official news on Chrome OS, and some not so official news, as well! Canonical announces plans to build a new tablet OS... WAIT.. WHUT? WE DISCUSS! THEN - It's our ACTION review of XBMC and why it makes Linux a first class media center! All this week on, The Linux Action Show! Sponsor ship of The Linux Action Show: Thanks to GoDaddy.com for sponsoring this episode, use our code LINUX to save 10% at checkout! This Week's Links: Nano-Notes: Runs Linux sharism.cc Android Pick: www.appbrain.com VMWare inks OEM deal with Novell for SUSE Linux www.theregister.co.uk Google Chrome OS releases final launch date www.slashgear.com HP acquires Linux FastBoot tech www.linuxfordevices.com Canonical developing Ubuntu OS for Tablets infoworld.com Boxee Box release set for November blog.boxee.tv Linux Trojan Raises Malware Concerns www.pcworld.com XBMC xbmc.org xbmc - Great XBMC guides at Lifehacker lifehacker.com/tag/xbmc/

Malware Killer

Duration: 9:57
Published: 2008-06-05
Uploaded: 2010-11-13
Author: renegade4dio

As a computer repair professional, I spend more time removing malware than any other task I do. I hope this helps some people avoid re-installing windows, the only sure way of killing an infection. This video is intended for Technical Professionals and self-reliant computer geeks only. If you are not completely capable of rebuilding your system yourself, DO NOT ATTEMPT THIS. I TAKE NO RESPONSIBILITY FOR YOUR MESSING UP YOUR SYSTEM WITH THIS TECHNIQUE! 1) Preperations =a) autoruns ==i) get from sysinternals technet.microsoft.com ==ii) extract ==iii) rename autoruns.exe =b) rescuecd ==i) get from sysresccd.org www.sysresccd.org ==ii) burn to disk 2) identify autostarting malware files =a) run autoruns ==i) check "hide signed microsoft entries" and "verify code signatures" =b) use google or another method to identify the malware ==i) write down a list of the malware files, with full pathname 3) remove the malware =a) boot SystemRescueCD =b) mount the windows drive ==i) the example /dev/sda1 is the first partition of the first sata or scsi drive. ===a) if you have a different hdd setup, you need a different /dev/ to mount it ===b) /dev/hda1 is the first partition of the first pata drive ===c) /dev/sdb3 is the third partition of the second sata drive =c) use the basic linux commands "cd", "ls", and "rm" to find and delete the malware ==i) this is not a linux primer. if you need help with the linux commands, try google =d) reboot to windows 4) clean up the remaining infected ...

Is Your ISP Helping Adware Companies? - FrugalTech

Duration: 8:15
Published: 2008-07-22
Uploaded: 2010-11-22
Author: FrugalTech

www.frugalbrothers.com Adware companies never stop thinking of ways to pitch their junk to us. Case in point is a new company called Nebuad. They are trying to get ISP's to observe your browsing, and dish up ads based on what you have been surfing for. This video turns in to a bit of rant but this really gets me steamed. Distributed by Tubemogul.

Check Website For Malware

Duration: 3:31
Published: 2009-05-18
Uploaded: 2009-06-11
Author: ITECHSTER

Why I Love Linux PILOT

Duration: 2:14
Published: 2009-06-28
Uploaded: 2010-06-23
Author: JPHenry78

This is why i love linux, this is the first of many in why i love linux series

Google Drops Windows, Android Has Malware, Ubuntu 10.10 Alpha 1, Chrome OS Release Coming!

Duration: 3:55
Published: 2010-06-04
Uploaded: 2010-11-14
Author: thisweekinlinux

Show notes available at www.thisweekinlinux.com Thanks for watching! Buy My T-Shirts! twil.spreadshirt.com & http My Website: www.thisweekinlinux.com My Facebook Page apps.facebook.com My Twitter: www.twitter.com My IRC Channel: #twil on irc.freenode.net Background music by Kevin MacLeod of incompetech.com

Skype fail, fake antivirus

Duration: 2:39
Published: 2010-08-19
Uploaded: 2010-11-16
Author: Ck87JF

Have you ever gotten a message in Skype, or perhaps some other messenger, or gone to a Website that mentions that your computer is infected with malware and you need to download software to fix it? Please don't do that. You're downloading malware from the site, and you might not even have any on your computer. I'm running Ubuntu Linux, which if it (Linux) has had any malware developed for it, I'm not aware of it, but I know there's none on my system, in Windows OR Linux.

How To Remove Malware with Ultimate Boot CD for Win. Part 1

Duration: 3:30
Published: 2008-11-30
Uploaded: 2010-11-12
Author: mrizos

Watch me remove ANY and EVERY piece of malware using Ultimate Boot CD for Windows.

Presentation of Linux (and some custom made software) for classrooms

Duration: 6:26
Published: 2009-11-07
Uploaded: 2010-05-21
Author: dik012

Made with Blender and Gimp on Gentoo Linux (No Windows XP were harmed during the making of this film) Transcript: Slide 1. The main problems posed by software used Slide 2. Too many rights and opportunities Slide 3. Used software without skilled configuration allows any user to install most programs and make unwanted changes to the configuration Slide 4. Diversion of students from the subject under consideration Slide 5. Students computers have all studied programs installed on them at once, as well as a large number of software included in the distribution of the operating system. At any time student can begin to work with any of the installed programs, ignoring the lesson theme Slide 6. The lack of central control Slide7. Each computer in the classroom served individually. If necessary, new software installation and setup procedure should be conducted on each computer on a lot of wasted time and effort Slide 8. Too much risk from malware and viruses Slide 9. Computers in the classroom is treated with unverified information from a large number of unsafe sources, such as removable media and networks, in particular the Internet. This greatly increases the likelihood of unauthorized installation of malware and viruses Slide 10. One of way to solve problems Slide 11. Many of this problems solved by replacing Microsoft Windows distribution with one of Linux based distribution Slide 12. One-stage transition to Linux is not possible because this operating system is not ...

The Windows XPerience

Duration: 1:42
Published: 2006-12-15
Uploaded: 2010-09-19
Author: Homer101010

A good example of how crap Windows is.

thumbnails

list

Play next
Play all
clear
Autoplay
Autorepeat
Shuffle

The Real reason Why Ubuntu Linux Doesn't Have Malware - Part 1