Antivirus

Tony Arnold tony.arnold at manchester.ac.uk
Thu Sep 20 21:33:52 UTC 2007 

On Thu, 2007-09-20 at 21:11 +0200, Markus Schönhaber wrote:
> Wulfy wrote:
> 
> > While this is true, I have yet to see any e-mail malware attachments 
> > that can run in a Linux environment.  They all seem to be aimed at 
> > Windows. 
> > 
> > Have I just been lucky?  Have you seen any Linux malware?  While it 
> > *could* exist, *I* have never seen any, though I've only been using 
> > Linux since Sarge was Debian Testing,,,
> 
> I haven't yet come into contact with Linux-targeted malware and I don't
> think there's much of it (if any) out there.
> 
> But just to make the point of my previous post clear once more: the
> fact(?) that *today* there's almost no danger of getting an email with
> Linux malware  attached should *not* lead to the conclusion "Hey, I'm on
> Linux! I'm safe! I run everything that doesn't escape my mouse pointer
> in time!".

We have had several Linux system compromised and had to be rebuilt as a
result. There are two ways this occurs. Some servers running outdated
versions of WEB applications such as PhpBB has allowed hackers to get
into the system. The other more common way is a username is compromised.
Either by stealing credential from a Windows box used to log in remotely
or from a default install that has some default user name/password set
up (quite often this is from installing an application that creates a
usersname, not so much the base operating system.)

The compromises in general have resulted in DDOS attacks being launched
or the machine used for spam'ing.

The hackers will often download the source of their tools and compile
them on the compromised system and storing the files in the a directory
that is hard to find, e.g., named ' ', yes just a space character.

Of course, once logged in, it may then be possible to exploit a
vulnerability and gain root access which then allows command such as ps
and netstat to be compromised with versions that hide the offending
processes.

So no, you are not completely safe with Linux, but if you allow remote
access to your machine, then keep your passwords secure and keep up to
date with security patches.

None of what I describe above could be called a virus, but viruses are
not the only threat here!

Regards,
Tony.
-- 
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-users mailing list