Jump to content

Linux malware

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 125.20.127.138 (talk) at 05:10, 1 April 2024 (Threats). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.[1][2]

Linux vulnerability

Like Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. To gain control over a Linux system or to cause any serious consequences to the system itself, the malware would have to gain root access to the system.[2]

In the past, it has been suggested that Linux had so little malware because its low market share made it a less profitable target. Rick Moen, an experienced Linux system administrator, counters that:

[That argument] ignores Unix's dominance in a number of non-desktop specialties, including Web servers and scientific workstations. A virus/trojan/worm author who successfully targeted specifically Apache httpd Linux/x86 Web servers would both have an extremely target-rich environment and instantly earn lasting fame, and yet it doesn't happen.[3]

In 2008 the quantity of malware targeting Linux was noted as increasing. Shane Coursen, a senior technical consultant with Kaspersky Lab, said at the time, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."[4]

Tom Ferris, a researcher with Security Protocols, commented on one of Kaspersky's reports, stating, "In people's minds, if it's non-Windows, it's secure, and that's not the case. They think nobody writes malware for Linux or Mac OS X. But that's not necessarily true."[4]

Some Linux users do run Linux-based anti-virus software to scan insecure documents and email which comes from or is going to Windows users. SecurityFocus's Scott Granneman stated:

...some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users.[1]

Because they are predominantly used on mail servers which may send mail to computers running other operating systems, Linux virus scanners generally use definitions for, and scan for, all known viruses for all computer platforms. For example, the open source ClamAV "Detects ... viruses, worms and trojans, including Microsoft Office macro viruses, mobile malware, and other threats."[5]

Cases of malware intended for Microsoft Windows systems posing a danger to Linux systems when run through compatibility layers such as Wine, while uncommon, have been recorded.[6]

Viruses and trojan horses

The viruses listed below pose a potential, although minimal, threat to Linux systems. If an infected binary containing one of the viruses were run, the system would be temporarily infected, as the Linux kernel is memory resident and read-only. Any infection level would depend on which user with what privileges ran the binary. A binary run under the root account would be able to infect the entire system. Privilege escalation vulnerabilities may permit malware running under a limited account to infect the entire system.

It is worth noting that this is true for any malicious program that is run without special steps taken to limit its privileges. It is trivial to add a code snippet to any program that a user may download and let this additional code download a modified login server, an open mail relay, or similar program, and make this additional component run any time the user logs in. No special malware writing skills are needed for this. Special skill may be needed for tricking the user to run the (trojan) program in the first place.

The use of software repositories significantly reduces any threat of installation of malware, as the software repositories are checked by maintainers, who try to ensure that their repository is malware-free. Subsequently, to ensure safe distribution of the software, checksums are made available. These make it possible to reveal modified versions that may have been introduced by e.g. hijacking of communications using a man-in-the-middle attack or via a redirection attack such as ARP or DNS poisoning. Careful use of these digital signatures provides an additional line of defense, which limits the scope of attacks to include only the original authors, package and release maintainers and possibly others with suitable administrative access, depending on how the keys and checksums are handled. Reproducible builds can ensure that digitally signed source code has been reliably transformed into a binary application.

Worms and targeted attacks

The classical threat to Unix-like systems are vulnerabilities in network daemons, such as SSH and web servers. These can be used by worms or for attacks against specific targets. As servers are patched quite quickly when a vulnerability is found, there have been only a few widespread worms of this kind. As specific targets can be attacked through a vulnerability that is not publicly known there is no guarantee that a certain installation is secure. Also servers without such vulnerabilities can be successfully attacked through weak passwords.

Web scripts

Linux servers may also be used by malware without any attack against the system itself, where e.g. web content and scripts are insufficiently restricted or checked and used by malware to attack visitors. Some attacks use complicated malware to attack Linux servers, but when most get full root access then hackers are able to attack by[7] modifying anything like replacing binaries or injecting modules. This may allow the redirection of users to different content on the web.[8] Typically, a CGI script meant for leaving comments, could, by mistake, allow inclusion of code exploiting vulnerabilities in the web browser.

Buffer overruns

Older Linux distributions were relatively sensitive to buffer overflow attacks: if the program did not care about the size of the buffer itself, the kernel provided only limited protection, allowing an attacker to execute arbitrary code under the rights of the vulnerable application under attack. Programs that gain root access even when launched by a non-root user (via the setuid bit) were particularly attractive to attack. However, as of 2009 most of the kernels include address space layout randomization (ASLR), enhanced memory protection and other extensions making such attacks much more difficult to arrange.

Cross-platform viruses

An area of concern identified in 2007 is that of cross-platform viruses, driven by the popularity of cross-platform applications. This was brought to the forefront of malware awareness by the distribution of an OpenOffice.org virus called Badbunny.

Stuart Smith of Symantec wrote the following:

What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plug-ins, ActiveX, etc, can be abused. All too often, this is forgotten in the pursuit to match features with another vendor... The ability for malware to survive in a cross-platform, cross-application environment has particular relevance as more and more malware is pushed out via Web sites. How long until someone uses something like this to drop a JavaScript infecter on a Web server, regardless of platform?[9]

Social engineering

As is the case with any operating system, Linux is vulnerable to malware that tricks the user into installing it through social engineering. In December 2009 a malicious waterfall screensaver that contained a script that used the infected Linux PC in denial-of-service attacks was discovered.[10]

Go-written malware

The IBM Security Report: Attacks on Industries Supporting COVID-19 Response Efforts Double had as a key point that "Cybercriminals Accelerate Use of Linux Malware – With a 40% increase in Linux-related malware families in the past year, and a 500% increase in Go-written malware in the first six months of 2020, attackers are accelerating a migration to Linux malware, that can more easily run on various platforms, including cloud environments." That these cybercriminals are increasingly using Linux and Unix to target hospitals and allied industries (that rely on these systems and cloud networks) that they are increasingly vulnerable during the COVID-19 crisis, such as the Red Cross cyberattack.[11]

Anti-virus applications

The ClamTk GUI for ClamAV running a scan on Ubuntu 8.04 Hardy Heron

There are a number of anti-virus applications available which will run under the Linux operating system. Most of these applications are looking for exploits which could affect users of Microsoft Windows.

For Microsoft Windows-specific threats

These applications are useful for computers (typically, servers) which will pass on files to Microsoft Windows users. They do not look for Linux-specific threats.

For Linux-specific threats

These applications look for actual threats to the Linux computers on which they are running.

Linux malware can also be detected (and analyzed) using memory forensics tools, such as:

Threats

The following is a partial list of known Linux malware. However, few if any are in the wild, and most have been rendered obsolete by Linux updates or were never a threat. Known malware is not the only or even the most important threat: new malware or attacks directed to specific sites can use vulnerabilities previously unknown to the community or unused by malware.

DONOT REMOVE THIS FOR NEXT 5 HRS PLZ

Q1.List the features of linux os.

Linux is an open-source and free operating system whose core component is the Linux kernel. Its design and characteristics are similar to the Unix operating system. For that reason, it is called a Unix-like operating system. It creates a connection between the hardware and the user and executes the applications.

Free Operating System, Open-source operating System, Flexibility ,Customizability ,Stability ,Lightweight , Portability, Graphical User Interface, Multiuser and Multitask support, Well Structure File System, Security , Accessible Update

Q2. What are the various linux distributions.

There are numerous Linux distributions, each with its own unique features, focus, and target audience. Some popular Linux distributions include:

Ubuntu ,Debian , CentOS ,Fedora ,Arch Linux ,openSUSE , Linux Mint ,Elementary OS

Q3.Explain the following llinux commands:

cat: This command is short for "concatenate" and is used to display the contents of one or more files to the standard output

rm: The "rm" command stands for "remove" and is used to delete files or directories from the file system.

mv: This command stands for "move" and is used to move files or directories from one location to another.

cp: The "cp" command stands for "copy" and is used to copy files or directories from one location to another.

mkdir: This command stands for "make directory" and is used to create new directories (folders) in the file system.

cd: The "cd" command stands for "change directory" and is used to change the current working directory in the terminal.

date: This command is used to display or set the system date and time.

time: The "time" command is used to measure the execution time of a command or program.

bc: This command stands for "basic calculator" and is a command-line calculator with support for mathematical expressions and functions.

history: The "history" command is used to display a list of previously executed commands in the terminal session.

Q5.How to create Users in linux.

In Linux, you can create users using the `useradd` command followed by the username. Here's a basic guide to create a user:

1. Open a terminal window.

. Use the `useradd` command followed by the username you want to create. For example, to create a user named "john", you would type:

  sudo useradd john

. Optionally, you can set a password for the new user using the `passwd` command:

  sudo passwd john

  You'll be prompted to enter and confirm the password for the user.

. Once the user is created, you can switch to that user using the `su` command followed by the username:

  su - john

  You'll be prompted to enter the password for the user.

. To switch back to your original user, simply type:

  Exit

Q6.How do you set file permission in linux. Explain with an example.

In Linux, file permissions can be set using the `chmod` command. The `chmod` command allows you to specify permissions for the owner of the file, the group associated with the file, and other users.

Here's how you can set file permissions using `chmod` with an example:

1.   Open a terminal window.

2.   . Use the `chmod` command followed by the permission mode and the filename. The permission mode consists of three digits, each representing the permissions for the owner, group, and others, respectively.

  - The first digit represents the owner's permissions.

  - The second digit represents the group's permissions.

  - The third digit represents the permissions for others.

  Each digit can be calculated by adding the numeric values of the permissions:

   Read (r) = 4 , Write (w) = 2 ,Execute (x) = 1

  For example:

  - `chmod 755 filename` gives the owner full permissions (read, write, execute), and read and execute permissions to the group and others.

  - `chmod 644 filename` gives the owner read and write permissions, and read-only permissions to the group and others.

. Here's a specific example:

  chmod 755 myfile.txt

  This command sets the permissions of the file "myfile.txt" so that the owner has read, write, and execute permissions (7), and the group and others have read and execute permissions (5).

. You can verify the permissions of the file using the `ls -l` command, which will display detailed information about the file, including its permissions.

Q7.What is a package and how to install it in linux.

In Linux, a package is a compressed archive file that contains software, along with metadata such as dependencies, version information, and installation scripts. Packages are used to distribute and install software on Linux systems efficiently.

There are several package management systems used in Linux distributions, such as:

Here's a general overview of how to install a package in Linux using the APT package manager (commonly used in Debian-based distributions like Ubuntu):

Update Package Lists: Before installing a new package, it's a good practice to update the local package lists to ensure you're installing the latest version of the software. You can do this by running:

  sudo apt updat

Search for the Package: If you're not sure about the exact name of the package you want to installE, you can search for it using:

  apt search package_name

Install the Package: Once you've found the package you want to install, you can install it using

  sudo apt install package_name

Replace `package_name` with the name of the package you want to install.

Provide Administrator Privileges: You'll likely need to provide your password to authorize the installation process since you're using the `sudo` command to run the installation with administrative privileges.

Follow On-Screen Instructions: Depending on the package and its dependencies, you may be prompted to confirm the installation or make choices during the installation process. Follow any on-screen instructions to complete the installation.

Verify Installation: Once the installation is complete, you can verify that the package was installed successfully by running:

  dpkg -l | grep package_name

Replace `package_name` with the name of the package you installed. This command will list all installed packages matching the specified name.

Q8.Explain compress and uncompress files in linux os.

In Linux, you can compress and uncompress files using various compression utilities. Two commonly used utilities for this purpose are `gzip` and `gunzip`, which are used to compress and uncompress files respectively using the gzip compression algorithm.

Here's how you can compress and uncompress files using `gzip` and `gunzip`:

Compressing Files with gzip (`gzip`):

Compress a Single File:

  To compress a single file, you can use the `gzip` command followed by the name of the file you want to compress.

  This will compress `file.txt` and create a compressed file named `file.txt.gz`.

Compress Multiple Files:

  You can also compress multiple files at once by providing a list of file names as arguments to the `gzip` command.

Uncompressing Files with gunzip (`gunzip`):

Uncompress a Single File

  To uncompress a single compressed file, you can use the `gunzip` command followed by the name of the compressed file you want to uncompress.

Uncompress Multiple Files:

  Similar to compressing, you can uncompress multiple compressed files at once by providing a list of file names as arguments to the `gunzip` command.

Additionally, you can combine the `tar` command with `gzip` to create compressed archives of directories or multiple files.

  This command will create a compressed archive named `archive.tar.gz` containing the contents of the `directory` directory.

  This command will uncompress and extract the contents of the `archive.tar.gz` compressed archive.

Q9Explain file attributes in linux.

In Linux, file attributes determine various permissions and properties associated with files and directories. These attributes control who can access, modify, or execute a file, as well as other properties such as ownership and timestamps. The main file attributes in Linux are:

Permission Bits:

  Permission bits define who can read, write, or execute a file. There are three types of permission bits: **user**, **group**, and **others**. Each type has three permission settings: **read (r)**, **write (w)**, and **execute (x)**. These permissions are represented by characters in the file's permission string.

Ownership:

  Every file in Linux is associated with an owner and a group. The owner is usually the user who created the file, while the group determines which users belong to a specific group that has access to the file.

Timestamps:

  Every file has three timestamps associated with it:

Access Time (atime)**: The last time the file was accessed.

Modification Time (mtime)**: The last time the file's contents were modified.

Change Time (ctime)**: The last time the file's metadata (permissions, ownership, etc.) was changed.

File Type:

  Linux recognizes different file types, such as regular files, directories, symbolic links, devices, sockets, and named pipes.

Extended Attributes:

  Extended attributes provide additional metadata beyond the standard file attributes.

ACLs (Access Control Lists):

  ACLs allow for more granular control over file permissions by defining access rules beyond the standard user, group, and others permissions.

Q10. Write the differences between linux ,mac and windows os.

key differences between Linux, macOS, and Windows operating systems:

Kernel and Core System:

Linux: Linux is built around the Linux kernel, which is open-source and free to use. It comes in many distributions (distros), each with its package management system and user interface.

  - macOS: macOS is based on the Unix-like Darwin kernel, developed by Apple. It is proprietary and only runs on Apple hardware.

  - Windows: Windows is developed by Microsoft and runs on the Windows NT kernel. It is also proprietary and is the most widely used desktop operating system.

User Interface:

  - Linux: Linux offers a variety of desktop environments (DEs) like GNOME, KDE, XFCE, etc., each with its look and feel. Some distributions offer a choice of DE during installation.

  - macOS: macOS has a unified user interface called Aqua, known for its sleek design and ease of use.

  - Windows: Windows provides a customizable desktop environment with a Start menu, taskbar, and window management features.

Software Ecosystem:

  - Linux: Linux offers a vast array of open-source software available through package managers like APT, YUM, or Pacman. It also supports running Windows software through compatibility layers like Wine.

  - macOS: macOS has a robust software ecosystem with access to the Mac App Store and third-party software. It also supports running Unix and Linux software through tools like Homebrew or MacPorts.

  - Windows: Windows has the largest software ecosystem, with compatibility for a wide range of applications and games. It has the Microsoft Store for apps and supports running Linux software through Windows Subsystem for Linux (WSL).

QB3. Explain BASH and its functions.

The. Linux Bash is also known as 'Bourne-again Shell.' It is a command language

interpreter for the Linux based system. It is a replacement of Bourne shell (sh). It was developed

under the GNU Project and written by Brian Fox. Nowadays, Bash is the default user shell of

most of the Linux distributions.

The Bash is a command language interpreter as well as a programming language. It

supports variables, functions, and flow control, like other programming languages. It can also

read and execute the commands from a file, which is called a shell script.

o It provides command-line editing

o It contains unlimited size command history

o It provides Job Control

o It facilitates with Shell Functions and Aliases

o It provides the indexed arrays of unlimited size

o It contains integer arithmetic in any base from 2 to 64

4. Explain the following linux commands:

i. head: used to display the first part of the file

ii. tail: used to display the last ten lines of one or more files

iii. wc (with all options): counting the lines, words and characters in a file

options: 1. -l: prints the number of lines present in the file

2. -w: prints the number of words present in the file

3. -c: displays count of bytes present in the file

4. -m: displays count of characters from a file

5. -version: displays the version of wc which is currently running on your system

iv. cmp: used to compare the 2 files byte to byte and helps you to find out whether

the 2 files are identical or not

v. sudo: allows you to run programs with the security privileges of another user

vi. bc: used for command line calculator

vii. tar: compresses files in linux

viii. pwd: prints the working directory


ix. grep: used for searching and manipulating text patterns within files

x. cut: for cutting out the sections from each line of files

xi. ls –l: used to list information about files and directories within the file system

QB5. Differentiate between soft link and hard link.

Soft Link

Soft Link is an alias to the original file similar to the shortcut feature in the Windows OS.

It contains the location to the original file but not the contents.

Soft Links have different Inode values pointing to the original value.

Links can be established across filesystem.

The link becomes inaccessible when the original file is removed.

Soft links can link both to a file or a directory.

Hard Link

Hard Link is the exact replica of the original file it is pointing to.

It contains the actual contents of the file.

Hard Links share the same Inode value pointing to the same file location.

Links cannot be established outside the filesystem.

Changes in the hard linked file will reflect in the other files.

Hard links can only link to a file, not a directory.

QB6. Explain the backup and recovery tools available in linux.

• Tar: this unix like command creates and manipulates file archives

• Rsync: tool for file synchronization and backups

• Dd: data duplicator creates disc images and backups

• Cpio: tool creates and extracts archives

• Dump and restore: backup at the file system level

QB7. Explain setting file permissions in detail

To change file and directory permissions, use the command chmod (change mode). The owner of

a file can change the permissions for user (u), group (g), or others (o) by adding (+) or

subtracting (-) the read, write, and execute permissions.

Access class

u (user)

g (group)

o (other)

a (all: u, g, and o)

Operator

+ (add access)

- (remove access)

= (set exact access)

Access Type

r (read)

w (write)

x (execute)

QB8. List the tools for system monitoring.

• Top: top command displays the linux processes

• Vmstat: virtual memory statistics

• W: to find out who is logged on and what they are doing

• Uptime: tells the linux system has been running

• Ps: displays the linux processes

QB9. Explain different types of users.

In linux, there are three different user types:

• Root: the main user account in linux. It is automatically created during

installation. It has the highest privilege in the system. It can do any

administrative work and can access any service.

• Regular: normal user account. During installation one regular user is created

automatically. After installation, we can create as many regular user account

as required. It has moderate privilege. It is used for routine works

• Service: these accounts are created by installation packages whey they are

installed. These accounts are used by services to run processes and execute

the functions. These are neither intended nor should be used for routine work

Botnets

  • Mayhem – 32/64-bit Linux/FreeBSD multifunctional botnet[38]
  • Linux.Remaiten – a threat targeting the Internet of things.[39][40][41]
  • Mirai (malware) – a DDoS botnet spreads through telnet service and designed to infect Internet of Things (IoT).[42][43][44][45]
  • GafGyt/BASHLITE/Qbot – a DDoS botnet spreads through SSH and Telnet service weak passwords, firstly discovered during bash Shellshock vulnerability.[46]
  • LuaBot – a botnet coded with modules component in Lua programming language, cross-compiled in C wrapper with LibC, it aims for Internet of Things in ARM, MIPS and PPC architectures, with the usage to DDoS, spreads Mirai (malware) or selling proxy access to the cyber crime.[47][48]
  • Hydra,[49] Aidra,[50] LightAidra[51] and NewAidra[52] – another form of a powerful IRC botnet that infects Linux boxes.
  • EnergyMech 2.8 overkill mod (Linux/Overkill) – a long last botnet designed to infect servers with its bot and operated through IRC protocol for the DDoS and spreading purpose.[53]

Ransomware

Rootkits

Trojans

  • Effusion – 32/64-bit injector for Apache/Nginx webservers, (7 Jan 2014)[59]
  • Hand of Thief – Banking trojan, 2013,[60][61]
  • Kaiten – Linux.Backdoor.Kaiten trojan horse[62]
  • Rexob – Linux.Backdoor.Rexob trojan[63]
  • Waterfall screensaver backdoor – on gnome-look.org[64]
  • Tsunami.gen – Backdoor.Linux.Tsunami.gen[65]
  • Turla – HEUR:Backdoor.Linux.Turla.gen[66][67]
  • Xor DDoS[68] – a trojan malware that hijacks Linux systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps.[69]
  • Hummingbad – has infected over 10 million Android operating systems. User details are sold and adverts are tapped on without the user's knowledge thereby generating fraudulent advertising revenue.[70]
  • NyaDrop – a small Linux backdoor compiled from a Linux shellcode to be used to infect Linux boxes with bigger size Linux malware.[71]
  • PNScan – Linux trojan designed to aim routers and self-infecting to a specific targeted network segment in a worm-like form[72]
  • SpeakUp – a backdoor trojan that infects six different Linux distributions and macOS devices.[73]

Viruses

Worms

See also

References

  1. ^ a b Granneman, Scott (October 2003). "Linux vs. Windows Viruses". Archived from the original on 5 March 2021. Retrieved 6 March 2008.
  2. ^ a b Yeargin, Ray (July 2005). "The short life and hard times of a linux virus". Archived from the original on 1 May 2008. Retrieved 6 December 2015.
  3. ^ "Virus Department". Archived from the original on 25 December 2015. Retrieved 24 December 2015.
  4. ^ a b Patrizio, Andy (April 2006). "Linux Malware On The Rise". Archived from the original on 5 February 2012. Retrieved 8 March 2008.
  5. ^ ClamAV (2010). "Clam AntiVirus 0.96 User Manual" (PDF). Archived (PDF) from the original on 19 February 2011. Retrieved 22 February 2011.
  6. ^ Duncan, Rory; Schreuders, Z. Cliffe (1 March 2019). "Security implications of running windows software on a Linux system using Wine: a malware analysis study". Journal of Computer Virology and Hacking Techniques. 15 (1): 39–60. doi:10.1007/s11416-018-0319-9. ISSN 2263-8733.
  7. ^ Prince, Brian (5 January 2013). "Stealthy Apache Exploit Redirects Victims to Blackhole Malware".
  8. ^ Prince, Brian (1 May 2013). "Stealthy Apache Exploit Redirects Victims to Blackhole Malware". eWeek. Retrieved 19 November 2014.
  9. ^ a b Smith, Stuart (June 2007). "Bad Bunny". Archived from the original on 24 March 2008. Retrieved 20 February 2008.
  10. ^ Kissling, Kristian (December 2009). "Malicious Screensaver: Malware on Gnome-Look.org". Archived from the original on 13 December 2009. Retrieved 12 December 2009.
  11. ^ "IBM Security Report: Attacks on Industries Supporting COVID-19 Response Efforts Double". IBM Newsroom.
  12. ^ "Discontinuation of Antivirus solutions for Linux systems on June 30th 2016". Archived from the original on 14 December 2017. Retrieved 14 October 2014.
  13. ^ "ClamAV". Archived from the original on 22 July 2013. Retrieved 22 February 2011.
  14. ^ Comodo Group (2015). "Comodo Antivirus for Linux". Archived from the original on 11 December 2015. Retrieved 17 October 2012.
  15. ^ a b "Dr.Web anti-virus for Linux". Dashke. Archived from the original on 27 February 2019. Retrieved 25 May 2010.
  16. ^ FRISK Software International (2011). "F-PROT Antivirus for Linux x86 / BSD x86". Archived from the original on 4 December 2011. Retrieved 13 December 2011.
  17. ^ "Kaspersky Linux Security - Gateway, mail and file server, workstation protection for Linux/FreeBSD". Kaspersky Lab. Archived from the original on 24 June 2011. Retrieved 11 February 2009.
  18. ^ "McAfee VirusScan Enterprise for Linux". McAfee. Archived from the original on 18 December 2016. Retrieved 27 December 2012.
  19. ^ "Panda Security Antivirus Protection for Linux". Panda Security. Archived from the original on 29 January 2009. Retrieved 13 January 2009.
  20. ^ Symantec (January 2009). "System requirements for Symantec AntiVirus for Linux 1.0". Archived from the original on 29 April 2007. Retrieved 7 March 2009.
  21. ^ "chkrootkit -- locally checks for signs of a rootkit". www.chkrootkit.org. Archived from the original on 13 January 2020. Retrieved 7 September 2019.
  22. ^ "ClamavNet". www.clamav.net. Archived from the original on 22 July 2013. Retrieved 3 December 2008.
  23. ^ "COMODO Antivirus for Linux (CAVL) v1.1.268025.1 is released!". comodo.com. 28 February 2013. Archived from the original on 18 November 2018. Retrieved 12 June 2014.
  24. ^ "ESET File Security - Antivirus Protection for Linux, BSD, and Solaris". Eset. Archived from the original on 18 November 2018. Retrieved 26 October 2008.
  25. ^ "ESET Mail Security - Linux, BSD, and Solaris mail server protection". Eset. Archived from the original on 12 May 2008. Retrieved 26 October 2008.
  26. ^ "ESET NOD32 Antivirus for Linux Gateway Devices". Eset. Archived from the original on 10 May 2008. Retrieved 26 October 2008.
  27. ^ "ESET NOD32 Antivirus 4 for Linux Desktop". Eset. Archived from the original on 21 July 2015. Retrieved 12 June 2014.
  28. ^ https://www.rfxn.com/projects/linux-malware-detect/ Archived 2020-01-15 at the Wayback Machine R-fx Networks project page of LMD
  29. ^ "Lynis - Security auditing and hardening tool for Linux/Unix". cisofy.com. Archived from the original on 4 February 2020. Retrieved 9 January 2017.
  30. ^ "Lynis: Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. - CISOf." 7 September 2019. Archived from the original on 5 February 2020. Retrieved 9 January 2017 – via GitHub.
  31. ^ "Root Kit Hunter". Archived from the original on 5 March 2013.
  32. ^ "samhain The SAMHAIN file integrity / host-based intrusion detection system". Retrieved 3 October 2021.
  33. ^ "Botnets, a free tool and 6 years of Linux/Rst-B | Naked Security". Nakedsecurity.sophos.com. 13 February 2008. Archived from the original on 27 January 2019. Retrieved 11 August 2013.
  34. ^ "Free Linux Malware Scanner | Lightweight Agent for Linux Malware Detection and Removal | Sophos". www.sophos.com. Archived from the original on 17 January 2020. Retrieved 30 October 2015.
  35. ^ "Forcepoint". Forcepoint. Archived from the original on 23 January 2020. Retrieved 7 September 2019.
  36. ^ volatilesystems.com Archived 2011-02-17 at the Library of Congress Web Archives
  37. ^ "Google Code Archive - Long-term storage for Google Code Project Hosting". code.google.com. Archived from the original on 27 August 2019. Retrieved 7 September 2019.
  38. ^ Kovalev et al (17 July 2014), Mayhem – a hidden threat for *nix web servers Archived 2016-01-06 at the Wayback Machine, Virus Bulletin
  39. ^ Michal Malík; Marc-Etienne M.Léveillé (30 March 2016). "Meet Remaiten - a Linux bot on steroids targeting routers and potentially other IoT devices". WeLiveSecurity. Archived from the original on 5 November 2018. Retrieved 4 November 2018.
  40. ^ "Threat Detail - ESET Virusradar". virusradar.com. Archived from the original on 15 April 2016. Retrieved 3 April 2016.
  41. ^ Mohit Kumar (31 March 2016). "Advanced Malware targeting Internet of the Things and Routers". The Hacker News. Archived from the original on 3 April 2016. Retrieved 3 April 2016.
  42. ^ njccic (28 December 2016). "Mirai Botnet". The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Archived from the original on 12 December 2016. Retrieved 28 December 2016.
  43. ^ Krebs, Brian (21 September 2016). "KrebsOnSecurity Hit With Record DDoS". Brian Krebs. Archived from the original on 15 November 2016. Retrieved 17 November 2016.
  44. ^ Hackett, Robert (3 October 2016). "Why a Hacker Dumped Code Behind Colossal Website-Trampling Botnet". Fortune.com. Archived from the original on 22 October 2016. Retrieved 19 October 2016.
  45. ^ Newman, Lily Hay. "What We Know About Friday's Massive East Coast Internet Outage". WIRED. Archived from the original on 22 October 2016. Retrieved 21 October 2016.
  46. ^ Liam Tung (25 September 2014). "First attacks using shellshock Bash bug discovered". ZDNet. Archived from the original on 21 December 2014. Retrieved 25 September 2014.
  47. ^ Catalin Cimpanu (5 September 2016). "LuaBot Is the First DDoS Malware Coded in Lua Targeting Linux Platforms". Softpedia. Archived from the original on 6 September 2016. Retrieved 5 September 2016.
  48. ^ Catalin Cimpanu (17 September 2016). "LuaBot Author Says His Malware Is "Not Harmful"". Softpedia. Archived from the original on 18 September 2016. Retrieved 17 September 2016.
  49. ^ Infodox (12 June 2012). "Hydra IRC bot, the 25 minute overview of the kit". Insecurety Research. Archived from the original on 7 February 2014. Retrieved 12 June 2012.
  50. ^ Dan Goodin (21 March 2013). "Guerilla researcher created epic botnet to scan billions of IP addresses". Ars Technica. Archived from the original on 20 March 2013. Retrieved 21 March 2013.
  51. ^ John Leyden (9 September 2014). "Use home networking kit? DDoS bot is BACK... and it has EVOLVED". The Register. Archived from the original on 12 September 2014. Retrieved 9 September 2014.
  52. ^ John Leyden (31 October 2016). "A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet". The Register. Archived from the original on 1 November 2016. Retrieved 31 October 2016.
  53. ^ unixfreaxjp (28 November 2016). "MMD-0061-2016 - EnergyMech 2.8 Overkill Mod". MalwareMustDie. Archived from the original on 19 January 2017. Retrieved 28 November 2016.
  54. ^ "Linux.Encoder.1". drweb.com. Archived from the original on 17 November 2015. Retrieved 10 November 2015.
  55. ^ Lucian Constantin (10 November 2015). "First Linux ransomware program cracked, for now". Computerworld. Archived from the original on 12 November 2015. Retrieved 10 November 2015.
  56. ^ "Lilocked". Archived from the original on 7 September 2019. Retrieved 7 September 2019.
  57. ^ Goud, Naveen (6 September 2019). "LiLocked Ransomware hits Linux Servers". Archived from the original on 21 February 2021. Retrieved 7 September 2019.
  58. ^ Leyden, John ( 21 November 2012), Evildoers can now turn all sites on a Linux server into silent hell-pits Archived 2016-11-16 at the Wayback Machine, The Register, retrieved 21 November 2012
  59. ^ Kovalev et al Effusion – a new sophisticated injector for Nginx web servers Archived 2016-01-06 at the Wayback Machine, Virus Bulletin
  60. ^ rsa.com. "Thieves Reaching for Linux—"Hand of Thief" Trojan Targets Linux #INTH3WILD » Speaking of Security - The RSA Blog and Podcast". Blogs.rsa.com. Archived from the original on 15 August 2013. Retrieved 11 August 2013.
  61. ^ Vaughan, Steven J. "Linux desktop Trojan 'Hand of Thief' steals in". ZDNet. Archived from the original on 16 November 2014. Retrieved 11 August 2013.
  62. ^ Florio, Elia (February 2006). "Linux.Backdoor.Kaiten". Archived from the original on 14 May 2013. Retrieved 8 March 2008.
  63. ^ Florio, Elia (December 2007). "Linux.Backdoor.Rexob". Archived from the original on 14 May 2013. Retrieved 8 March 2008.
  64. ^ Vervloesem, Koen (December 2009). "Linux malware: an incident and some solutions". Archived from the original on 18 November 2016. Retrieved 16 September 2010.
  65. ^ "Backdoor.Linux.Tsunami.gen". Securelist. Archived from the original on 6 January 2016. Retrieved 9 May 2014.
  66. ^ "The 'Penquin' Turla - Securelist". securelist.com. Archived from the original on 20 November 2015. Retrieved 10 November 2015.
  67. ^ Joey-Elijah Sneddon (9 December 2014). "Yes, This Trojan Infects Linux. No, It's Not The Tuxpocalypse - OMG! Ubuntu!". OMG! Ubuntu!. Archived from the original on 1 October 2015. Retrieved 10 November 2015.
  68. ^ unixfreaxjp.wirehack7,shibumi (29 September 2014). "Linux/XOR.DDoS : Fuzzy reversing a new China ELF". MalwareMustDie. Archived from the original on 2 October 2014. Retrieved 29 September 2014.{{cite web}}: CS1 maint: numeric names: authors list (link)
  69. ^ Akamai Technologies (29 September 2015). "OR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines, Says Akamai". Archived from the original on 18 March 2016. Retrieved 18 March 2016.
  70. ^ Samuel Gibbs (6 July 2016). "HummingBad malware infects 10m Android devices". TheGuardian.com. Archived from the original on 19 June 2019. Retrieved 6 July 2016.
  71. ^ David Bisson (17 October 2016). "NyaDrop exploiting Internet of Things insecurity to infect Linux devices with malware". Graham Cluley. Archived from the original on 5 November 2018. Retrieved 4 November 2018.
  72. ^ Catalin Cimpanu (25 August 2016). "PNScan Linux Trojan Resurfaces with New Attacks Targeting Routers in India". Softpedia. Archived from the original on 26 August 2016. Retrieved 25 August 2016.
  73. ^ Tara Seals (4 February 2019). "SpeakUp Linux Backdoor Sets Up for Major Attack". Archived from the original on 29 November 2019. Retrieved 4 February 2019.
  74. ^ herm1t (August 2008). "Linux.42: Using CRC32B (SSE4.2) instruction in polymorphic decryptor". Archived from the original on 7 January 2011.{{cite web}}: CS1 maint: numeric names: authors list (link)
  75. ^ Ferrie, Peter (September 2008). "Life, the Universe, and Everything". Archived from the original on 13 August 2012. Retrieved 17 January 2010.
  76. ^ herm1t (August 2006). "Infecting ELF-files using function padding for Linux". Archived from the original on 22 January 2012.{{cite web}}: CS1 maint: numeric names: authors list (link)
  77. ^ Kaspersky Lab (May 2007). "Virus.Linux.Alaeda". Archived from the original on 13 July 2009. Retrieved 8 March 2008.
  78. ^ McAfee (December 2004). "Linux/Binom". Archived from the original on 24 January 2005. Retrieved 8 March 2008.
  79. ^ Rieck, Konrad and Konrad Kretschmer (August 2001). "Brundle Fly 0.0.1 - A Good-Natured Linux ELF Virus". Archived from the original on 14 May 2008. Retrieved 8 March 2008.
  80. ^ de Almeida Lopes, Anthony (July 2007). "Project Bukowski". Archived from the original on 14 May 2013. Retrieved 8 March 2008.
  81. ^ herm1t (February 2008). "Caveat virus". Archived from the original on 23 December 2018. Retrieved 17 January 2010.{{cite web}}: CS1 maint: numeric names: authors list (link)
  82. ^ Ferrie, Peter (July 2009). "Can you spare a seg?". Archived from the original on 17 January 2012.
  83. ^ TMZ (January 2019). "Linux.Cephei - ESET Virusradar". Archived from the original on 5 July 2018.
  84. ^ herm1t (October 2007). "Reverse of a coin: A short note on segment alignment". Archived from the original on 3 March 2012. Retrieved 17 January 2010.{{cite web}}: CS1 maint: numeric names: authors list (link)
  85. ^ Ferrie, Peter (September 2009). "Heads or tails?". Archived from the original on 17 January 2012.
  86. ^ herm1t (October 2007). "Hashin' the elves". Archived from the original on 10 October 2014. Retrieved 17 January 2010.{{cite web}}: CS1 maint: numeric names: authors list (link)
  87. ^ Ferrie, Peter (August 2009). "Making a hash of things". Archived from the original on 17 January 2012.
  88. ^ herm1t (June 2008). "README". Archived from the original on 6 February 2012.{{cite web}}: CS1 maint: numeric names: authors list (link)
  89. ^ Ferrie, Peter (February 2008). "Crimea river". Archived from the original on 17 January 2012.
  90. ^ Kaspersky Lab (December 2001). "Virus.Linux.Nuxbee.1403". Archived from the original on 2 March 2012. Retrieved 8 March 2008.
  91. ^ herm1t (November 2007). "INT 0x80? No, thank you!". Archived from the original on 23 December 2018. Retrieved 17 January 2010.{{cite web}}: CS1 maint: numeric names: authors list (link)
  92. ^ Ferrie, Peter (September 2009). "Flying solo". Archived from the original on 17 January 2012.
  93. ^ Ferrie, Peter (April 2007). "Linux.Podloso". Archived from the original on 30 May 2013. Retrieved 8 March 2008.
  94. ^ Ferrie, Peter (April 2007). "The iPod virus". Archived from the original on 2 March 2008. Retrieved 8 March 2008.
  95. ^ herm1t (December 2009). "From position-independent to self-relocatable viral code". Archived from the original on 24 May 2019. Retrieved 7 May 2010.{{cite web}}: CS1 maint: numeric names: authors list (link)
  96. ^ Kaspersky Lab (August 2003). "Virus.Linux.Rike.1627". Archived from the original on 2 March 2012. Retrieved 8 March 2008.
  97. ^ Kaspersky Lab (January 2002). "Virus.Linux.RST.a". Archived from the original on 7 November 2007. Retrieved 8 March 2008.
  98. ^ "The ways of viruses in Linux HOW SAFE?" (PDF). Archived from the original (PDF) on 17 May 2014. Retrieved 21 August 2009.
  99. ^ Kaspersky Lab (March 2000). "Virus.Linux.Vit.4096". Archived from the original on 7 November 2007. Retrieved 8 March 2008.
  100. ^ Kaspersky Lab (October 2000). "Virus.Linux.Winter.341". Archived from the original on 10 November 2007. Retrieved 8 March 2008.
  101. ^ Rautiainen, Sami; et al. (March 2001). "F-Secure Virus Descriptions: Lindose". Archived from the original on 21 June 2008. Retrieved 8 March 2008.
  102. ^ "The Wit Virus: A virus built on the ViT ELF virus" (PDF). Archived (PDF) from the original on 3 March 2016. Retrieved 31 December 2008.
  103. ^ TMZ (January 2015). "Linux.Zariche - ESET Virusradar". Archived from the original on 30 November 2018. Retrieved 23 January 2015.
  104. ^ Kaspersky Lab (January 2001). "Virus.Linux.ZipWorm". Archived from the original on 13 July 2009. Retrieved 8 March 2008.
  105. ^ Kaspersky Lab (May 2001). "Net-Worm.Linux.Adm". Archived from the original on 30 October 2007. Retrieved 8 March 2008.
  106. ^ Rautiainen, Sami (April 2001). "F-Secure Virus Descriptions: Adore". Archived from the original on 12 May 2013. Retrieved 8 March 2008.
  107. ^ Smith, Stuart (May 2007). "Perl.Badbunny". Archived from the original on 14 May 2013. Retrieved 8 March 2008.
  108. ^ Kaspersky Lab (May 2001). "Net-Worm.Linux.Cheese". Archived from the original on 28 October 2007. Retrieved 8 March 2008.
  109. ^ Rautiainen, Sami (April 2001). "F-Secure Virus Descriptions: Kork". Archived from the original on 12 May 2013. Retrieved 8 March 2008.
  110. ^ Mohit Kumar (30 November 2013). "Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability". The Hacker News. Archived from the original on 30 November 2018. Retrieved 4 December 2013.
  111. ^ Joe Casad (3 December 2013). "New Worm Attacks Linux Devices". Linux Magazine. Archived from the original on 6 December 2013. Retrieved 4 December 2013.
  112. ^ McAfee (June 2005). "Linux/Lupper.worm Description". Archived from the original on 24 November 2005. Retrieved 10 October 2010.
  113. ^ Kaspersky Lab (October 2002). "Net-Worm.Linux.Mighty". Archived from the original on 7 November 2007. Retrieved 8 March 2008.
  114. ^ Perriot, Frederic (February 2007). "Linux.Millen.Worm". Archived from the original on 16 May 2013. Retrieved 8 March 2008.
  115. ^ Rautiainen, Sami; et al. (September 2002). "F-Secure Virus Descriptions: Slapper". Archived from the original on 27 June 2012. Retrieved 8 March 2008.
  116. ^ Voss, Joel (December 2007). "SSH Bruteforce Virus by AltSci Concepts". Retrieved 13 March 2008.[permanent dead link]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Linux_malware&oldid=1216637291"