Saturday, May 18, 2013

Linux Viruses: Fact or Fiction?

Imagine you are a malicious virus writer. Your goal is to spread some toxic code to as many people as quickly as possible without getting caught. You have three operating systems to choose from: 

-Linux, an OS that only about 1% of the population uses. It is riddled with different platforms along with a close-knit community to filter any malicious code that enters their user-repositories and also has additional security levels to break through. 

-Mac OSX, the second most popular OS that shares many of linux's security features but without the community or varied platforms. 

-Windows, the most popular desktop OS by a significant margin with completely closed-source code and few security features.

Which OS would you choose? Windows, obviously. What is your second choice? Mac. At least with Mac you know what you are dealing with. Writing viruses for Linux, though, is kind of like going to an archery range blindfolded while trying to hit a quarter-sized target 25 yards away. Sure, if you shoot enough arrows, you might hit your target, but you've got to have a lot of luck and a lot of spare time. 

Let's imagine, though, that you did have the time and luck. How would you go about infecting a linux computer? Well, you would first choose the distribution you would like to infect. That's not exactly the easiest thing to do, as there are hundreds of distributions to choose from. Generally speaking, though, these can be broken down into three different file formats: .deb, .rpm, and .tar.gz. If you want to infect Fedora or a BSD, choose .rpm. If you want to infect Arch, choose .tar.gz. If you want to infect Ubuntu, choose .deb.

Once that is decided, you then have to work your way through user permissions. Generally speaking, linux distributions have users with fewer rights than root. That means if you do successfully infect a linux computer, you can only go as far as the user allows. You would actually have to prompt the user to give you his root password to infect the entire computer. Otherwise, you would just have to settle with a measely home directory. That means you've got to be pretty sneaky to trick a user into installing your virus with the appropriate permissions.

The linux desktop environment also changes much faster than Windows or Mac, with popular distributions offering new releases every six months and some distributions offering immediate, bleeding-edge software packages. This means that your virus would have to stay current or else attack a package that does not update regularly. 

In addition, almost all distributions have a central repository to download software from that has definitely been checked for viruses and malware, which means that most linux users, unlike Windows users, do not download software online. You could, potentially, sneak your virus in to a non-official repository (such as the AUR), but even then packages are checked by the community members who use them. 

When it's all said and done, if you do try to write a virus for linux, you have a lot to go through for very little reward. That being said, there are a number of viruses (some of which are "proof of concept" viruses) that can infect your computer. On top of that, your linux computer can carry viruses to be sent through e-mail to Windows (or Mac) devices. If you intend to set up any sort of mail client, a virus-scanner is a must!

Bottom line: if you use linux do not think you are impervious to attacks. That is simply not the case. Any online information, such as your banking account, can be subject to attack and some malicious code can be snuck into any of your downloaded content. Be careful when downloading new content from online or non-official sources. Be sure the packages you use have high approval ratings. Above all, though, use common sense. If you ever seem to be alone on the internet or are the only user downloading a particular item, close your broswer or crash your code! Just because your machine is unlikely to get a virus does not mean you should put it at risk. 

It is also expected that the number of linux viruses will increase in the upcoming years due to the increasing popularity of the OS as a gaming platform and thus as a viable desktop operating system. If you are using a popularized distribution, like Ubuntu, you might be one of the first at risk. Even if you are not using a popular distribution, it is not good practice to go without a virus scanner on your computer.

A few weeks ago, a virus known as darkleech began attacking Apache servers everywhere, followed quickly by Cdorked. More technical information on Cdorked can be found here. These are both backdoors that allow hackers to upload malicious code directly to the infected server or drive traffic to malicious websites. We should be careful moving foward with Apache in the future because of this. I will probably return to the idea of viruses in more detail later (I'm becoming interested). 

Agian, though your own system might not be in as much risk as a Windows device, you might want to look into a virus scanner or two. I know from personal experience that the CLI for avast is decent for detecting Windows-only viruses. For linux viruses, sophos along with rkhunter and Chkrootkit should find them.

As always, thanks for reading and be safe out there.
-Leios.

No comments:

Post a Comment