LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 03-23-2005, 06:55 PM   #1
mbhenry
LQ Newbie
 
Registered: Sep 2003
Posts: 17

Rep: Reputation: 0
show me a linux virus


Lately it is coming up about the great threat of viruses in Linux. Some even say that it is a greater threat than viruses in Windows. This makes me laugh. Can somebody explain to me the real threat on Linux viruses and how it is different from Windows. Thanks,
 
Old 03-23-2005, 11:37 PM   #2
gulo
Member
 
Registered: Mar 2004
Location: Minnesota
Distribution: Ubuntu
Posts: 65

Rep: Reputation: 15
There were talking about that, along with browser exploits on Future Tense the other day (NPR). I've never seen a Linux
virus myself. Seen plenty of Windows and MAC viruses, but never a Linux one. I keep checking at least once a week with CLAMSCAN...
 
Old 03-24-2005, 07:19 AM   #3
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Rep: Reputation: 30
I dont check up on viruses at all realy but as gulo said there are mac viruses! isnt mac based on BSD which i know isnt the same as linux but is very similar to linux so it wouldnt soprise me if linux viruses do start to appear. also as the popularity and the userbase of linux increases crackers will start to try and make viruses in linux but crackers will see no point in cracking a system with such a small % of computer users.

if linux dominated the market and was installed on 90% of the worlds computers then crackers would try harder to compremise linux.

just my
 
Old 03-24-2005, 07:49 AM   #4
alienDog
Member
 
Registered: Apr 2004
Location: Europe
Distribution: Debian, Slackware
Posts: 505

Rep: Reputation: 46
In the future, for sure, there will be viruses and other malware in the linux world also. However it's likely that they can't damage your system as much as their windows counterparts because of the architecture of gnu systems. They first of all don't have sufficient rights to do anything too major (of course things like trashing your home directory are annoying enough...) and secondly gnu systems don't madly go about executing every piece of code they run into, which is a major problem with windows systems. In the future we will probably have to start paying more attention to the actual (not claimed) security of our gnu systems also. Maybe :. at the end of your path just won't do in the future and you might have to familiarize yourself with commands like ulimit to prevent things like : (){ :|:& };:

Last edited by alienDog; 03-24-2005 at 07:58 AM.
 
Old 03-24-2005, 08:24 AM   #5
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Their are more rootkits then viruses for linux. I guess the difference is that the rootkits are designed to take control of the machine rather then serve some ridiculous purpose as many viruses do. I run chkrootkit once a day in a cron job. Thats the extent of my "virus" checking on my linux boxes.
 
Old 03-24-2005, 11:21 AM   #6
gulo
Member
 
Registered: Mar 2004
Location: Minnesota
Distribution: Ubuntu
Posts: 65

Rep: Reputation: 15
Quote:
Originally posted by berrance
I dont check up on viruses at all realy but as gulo said there are mac viruses! isnt mac based on BSD which i know isnt the same as linux but is very similar to linux so it wouldnt soprise me if linux viruses do start to appear.
I should have been more clear. I was thinking about viruses I've seen for system 6, 7 & 8. There are NO viruses as of yet for OS10 last I heard.
 
Old 03-24-2005, 11:38 AM   #7
Padma
Member
 
Registered: Aug 2003
Location: Omaha, NE, USA
Distribution: PCLinuxOS 2007
Posts: 808

Rep: Reputation: 30
IIRC, there are seven known viruses for Linux. All were created in the lab as "proof of concept", and have never been seen in the wild.

Rootkits, on the other hand, *are* a problem, but a little security conciousness on the part of the user can keep them from being a problem.
 
Old 03-24-2005, 11:50 AM   #8
mbhenry
LQ Newbie
 
Registered: Sep 2003
Posts: 17

Original Poster
Rep: Reputation: 0
Thanks for the information. What are Rootkits?
 
Old 03-24-2005, 12:20 PM   #9
Mega Man X
LQ Guru
 
Registered: Apr 2003
Location: ~
Distribution: Ubuntu, FreeBSD, Solaris, DSL
Posts: 5,339

Rep: Reputation: 64
Quote:
Originally posted by mbhenry
Thanks for the information. What are Rootkits?
Re-read " Crashed_Again" post. He just said what rootkits are...
 
Old 03-24-2005, 12:34 PM   #10
mbhenry
LQ Newbie
 
Registered: Sep 2003
Posts: 17

Original Poster
Rep: Reputation: 0
Yes, thanks for that reference. That does give more of a description of rootkits. I would also like even more specific information about rootkits if anyone knows. How does a rootkit get into a Linux box? Are there various ways? Do they only get access through email attachments or maybe buffer overflows? Thanks
 
Old 03-24-2005, 12:36 PM   #11
Padma
Member
 
Registered: Aug 2003
Location: Omaha, NE, USA
Distribution: PCLinuxOS 2007
Posts: 808

Rep: Reputation: 30
Google - "define: rootkit"
  • A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems.
    http://www.tsl.state.tx.us/ld/pubs/c.../glossary.html
  • A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, capture passwords and message traffic to and from a computer, mask the fact that the system is compromised, etc.
    www.onesync.com/R%20GLOSSARY.htm
 
Old 03-24-2005, 12:48 PM   #12
mbhenry
LQ Newbie
 
Registered: Sep 2003
Posts: 17

Original Poster
Rep: Reputation: 0
Padma,
Thanks. Great info. I did not know I could search that way in google (define). Your previous reply said there were seven known viruses for Linux. Is that documented somewhere (I did try to find that on google)?
 
Old 03-24-2005, 12:50 PM   #13
Padma
Member
 
Registered: Aug 2003
Location: Omaha, NE, USA
Distribution: PCLinuxOS 2007
Posts: 808

Rep: Reputation: 30
The 7 viruses thing is something I read somewhere (maybe here! ) a while ago. It could be completely wrong.

And for how they get installed, well, email attachments *could* do it, but you would have to open and run the attachment, and supply your root password when necessary, to get it to install. I *hope* most Linux users are smarter than that....

I would guess the most common method would be from installing "wild" binary software, that you don't *know* is safe. Possibly a non-firewalled system could be accessed, and the root password retrieved via a password-cracker, but, again, I hope most Linux users are smart enough to use a good firewall.

Last edited by Padma; 03-24-2005 at 12:55 PM.
 
Old 03-24-2005, 04:42 PM   #14
bigjohn
Senior Member
 
Registered: Jun 2002
Location: UK .
Distribution: *buntu (usually Kubuntu)
Posts: 2,690
Blog Entries: 9

Rep: Reputation: 45
It's me, I say it's me. I'm a linux virus, well, maybe just a virus - at least that's what they tell me when I can actually get to one of my LUG meetings (though it could also be that I've suffered from the stupidity virus for most of my life).

Good on Padma for the excellent define:rootkit thing though!

cheers

John
 
Old 03-24-2005, 04:51 PM   #15
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally posted by Padma
IIRC, there are seven known viruses for Linux. All were created in the lab as "proof of concept", and have never been seen in the wild.
Actually there are some in the wild. We've even had a few threads in the security forum in the last 6 months with systems infected by linux viruses. Ironically a common vector for getting infected is downloading cracking tools from questionable repositories. In fact there was a fairly modest outbreak (as far a linux viruses go) recently when a cracking site was offering the brutessh2 tool for download and the file was infected with Linux.RST . Similarly, I've read several forensic analysis where a system gets infected when a cracker compromises it and uploads infected cracking tools. That being said, they are certainly very rare.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
trend chipway virus detected boot virus rafc Linux - Security 1 05-13-2004 02:44 AM
RH 7.3 Server infected with Linux.Jac.8759 and Linux.RST.B virus osso09 Linux - Security 10 11-18-2003 12:37 AM
Virus on linux wincrk Linux - General 1 06-26-2003 01:58 AM
Linux virus chuck77 Linux - General 4 04-24-2003 12:40 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 06:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration