Linux virus phylogeny and classification
1996 Staog Linux system is the first virus that comes from an Australian organization called VLAD (Windows 95 under the Boza virus program is also the first system to the organization.) Staog virus is written in assembly language, specifically infected binaries, and three ways to try to get root privileges. Staog virus will not have any substantial damage to the system. It should be a demo version. It reveals the Linux world that could be potentially dangerous infection. Linux system, the second virus was found Bliss virus, it is an accidental release of experimental virus. Is different from other viruses, Bliss itself with the immunization program, just run the program with "disinfect-files-please" option, you can restore the system.
If the beginning of the Linux virus to show only a concept, then, in 2001 found Ramen virus, has begun to attract a lot of people worried. Ramen virus can be transmitted automatically, without human intervention, and make it big in 1988 was subject to its bitter Morris worm is very similar. Only the infection of Red Hat 6.2 and 7.0 server using anonymous FTP service, it adopted two common vulnerabilities RPC.statd and wu-FTP infected system.
On the surface, this is not a dangerous virus. It can easily be found, and will not have the server make any destructive thing. But when it starts scanning, it will consume a large amount of network bandwidth.
From 1996 to date, only a handful of the new Linux virus, indicating that Linux is a robust innate virus immunity with the operating system. Of course, such a situation, in addition to its own design excellence, there are other reasons.
First of all, Linux users are generally early professionals, even today, although its user surge, but still a typical user's computer that has a good background and willing to help others, Linux experts tend to encourage novice to support such a cultural spirit. Because of this, Linux is a tendency to use the group experience is to avoid security virus. Secondly, the young, but also Linux is rarely one of the reasons viruses. In fact, all the operating systems (including DOS and Windows) at the beginning of its formation, but also rarely intrusive viruses
However, in March 2001, the United States SANS Institute's Global Accident Analysis Center (Global Incident Analysis Center - GIAC) found that a new Linux system for the use of the computer worm is spreading rapidly through the Internet, it is likely to the user's computer systems were severely damaged. This worm was named "Lion" virus, and the Ramen worm is very similar. However, the greater the risk of the virus, "lion" virus via e-mail to a number of passwords and configuration files are sent to a domain which is located in china.com. Dartmouth College Institute for Security Technology Engineer William Stephen Barnes said: "The attackers send these documents back after the first break through the gap when re-entering the system. This is it with the Ramen worm, the difference . In fact, Ramen virus is a more friendly virus, which penetrated the system will automatically shut down one of the loopholes, and loopholes that the virus allows the open and open up new vulnerabilities. so if your system is infected with this virus We can not hundred percent sure that the value of this system has saved more reasonable choice is likely that the transfer of your data and reformat the hard drive. "
Once the computer is completely infected, "lion" virus will begin to force the computer to search for other victims on the Internet. However, the infection "lion" virus infected the system is less than Ramen virus system, but its loss is much greater than the latter.
With the Klez virus infection in the Linux platform, anti-virus software vendors began to remind us of Microsoft's operating system is no longer vulnerable to virus attacks is the only operating system. Even some mainstream Linux and other UNIX platforms bundled Microsoft application users may not be big users of software, the software can not be caused by the spread of the virus, Linux, and UNIX still have their own vulnerabilities are not compelling. In addition Klez, other Linux / UNIX platforms are the main threats: Lion.worm, OSF.8759 virus, Slapper, Scalper, Linux.Svat and BoxPoison viruses, which are rarely mentioned.
Virus makers are proficient in writing code hackers, they casually than those who know little altered site Quedui hackers write viruses to be dangerous. A hacked site can be quickly repaired, and the virus is more concealed, and will bring potential security risks, it would have been hidden until irreversible damage caused to the system.
In addition, the more Linux systems to connect to the LAN and WAN, there will be more likely target of attack, because a lot of Linux is rapidly spread the virus. Use of WINE in Linux / UNIX systems are especially vulnerable to virus attacks. WINE is a compatibility of open source software package that allows Linux platform running Windows applications. WINE systems are particularly vulnerable to virus attacks, because they make both for Windows, Linux, or for viruses, worms and Trojan horses can be a threat to the system.
Taxonomy of Viruses under Linux platform
Executable file virus: an executable file virus is parasitic in the document can be to file as the main target of the virus infection. Regardless of what virus writers are weapons, assembly or C, to infect ELF files are easy to do. This virus, such as Lindose, when it found an ELF file, it checks whether the type of the infected machine as Intel 80386, if so, whether to find a part of the file size is larger than 2,784 bytes (or sixteen ary AEO), if these conditions are met, the virus will overwrite it with their own code and add the appropriate host file part of the code, while the host file entry point to point part of the virus code. A student named Alexander Bartolich published an article entitled "How to write a Linux virus," the article describes in detail how to create an infection of the ELF executable files in Linux/i386 parasitic file viruses. With this inspiring, the documentation available online, based on the number of Linux viruses will grow faster, especially since more and more widely after the application of Linux.
Worm (worm) virus: the outbreak of the 1988 Morris worm, Eugene H. Spafford order to distinguish between worms and viruses, worms, given the technical point of view the definition of "computer worm can run independently, and can itself contain all the features of a version transmitted to another computer. "(worm is a program that can run by itself and can propagate a fully working version of itself to other machines.). In the Linux platform, the worm is very rampant, such as use of system vulnerabilities to spread the ramen, lion, Slapper ... ... these guys notorious infected with each of a large number of Linux systems, resulting in huge losses. They are the open-source world nimda, Code Red. In the future, this worm will still be intensified, Linux system, the more extensive application, the worm's spread and undermine the capacity will increase.
Script viruses: the present situation is to use a relatively large number of virus shell scripting language. The virus preparation is simple, but destructive also amazing. We know, Linux system, there are many to. Sh at the end of the script file, and a few dozen lines of shell script that can traverse the entire hard disk in a short time all the script files to infect. So virus writers do not need to have a very deep knowledge, you can easily write such a virus to destroy the system, which can be devastating to delete files, damage to the normal operation of the system, and even download a Trojan horse into the system and so on.
Backdoor: the broad definition of the concept of the virus, the virus back door has also been included in the scope. Active in the Windows system tool for the back door of the intruder in the Linux platform is also extremely active. Increase the system from a simple backdoor super user account to use system services to load, shared library files injection, rootkit kit can even be loaded kernel modules (LKM), Linux platform technology is very mature back door, hidden strong, it is difficult Clear. Linux System Administrator is a very troublesome problem.
Viruses, worms and Trojans basically means automated hacking, virus attacks may be more than likely hacked. Direct hacker attacks generally target server, and other opportunities for the virus is the troublemaker. If your network consists of a Linux system, particularly dangerous is the server, do not respond to wait before looking for Linux viruses, worms and Trojan horses are present. Do some research and then choose a suitable anti-virus products on your system, they can help you prevent the spread of the virus. As for the Linux platform, the development of the virus in the future, anything is possible. The history of Windows, the virus may also be repeated in Linux, depending on the development of Linux.