Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    How one gets infected with a rootkit, virus, trojan, etc, on linux?

    Can something like that happen just by browsing, like bypassing those warnings by google?

    Most of windows viruses I know (well, I don't even know of any specifically, but only by hearing about them, and by finding them on spam) are actually executable files presented in a way to fool those who are not very used to computers and the menace of viruses. Like mails with "interesting-pictures.exe" attachments.

    The somewhat equivalent of those would be some, or even something that purports to do what you want and still manages to do some damage without being run as root (can basically delete your entire home folder), but I've never heard of these things actually existing.

    But there is a whole "new generation" of "smarter" virus, right? Like using javascript and that sort of thing. I recall reading something about an image format that can be infected, and the virus would run just by visualizing the image (I don't remember if it was some format that would be used on websites, that could be displayed by a browser, or if it was more like a "working" image format, like xcf or psd).

    So, basically, how one could be infected when using linux?

  2. #2
    Linux Engineer GNU-Fan's Avatar
    Join Date
    Mar 2008
    Quote Originally Posted by the dsc View Post
    So, basically, how one could be infected when using linux?
    In a lot of ways.

    As far as web browsing is concerned, my personal assessment is that you most likely get infected through Flash. While there are many different browser versions for GNU/Linux around, which would make it hard for malware to find its door in, there is only one or two Flash versions in wide use. As Flash is very platform-independent, we are often vulnerable to the very same security holes as Windows users. A Flash user is therefore subject to the same risks as a Flash user on Windows most of the time.
    For example, Adobe - Security Advisories: Security Advisory for Flash Player, Adobe Reader and Acrobat

    The second most likewise attack vector I see is having the user run arbitrary software. Especially new users who have just migrated from Windows or Mac are used to visiting webpages in search for some precompiled programs to download and run. Chances are high that you get an infection that way. These inexperienced users may not know yet that the recommended way of installing software on GNU/Linux is through official repositories.

    The same holds for running scripts you have read somewhere but have no idea what they do.

    As for getting infected by displaying pictures or executing JavaScript, these are usually of lesser concern, even thought not impossible. The big heterogeneity in library versions on the different distributions makes it not feasible to exploit security holes most of the time. This applies for mail-attachments as well. Especially with our less than 1% "market share" we are still considered small fish which are not worth the effort

    Once a trojan has gained foothold with user rights, there is a lot it can do already. For example using networking on unprivileged ports or keygrabbing. Most likely it will install itself in a way that gets it started everytime the user logs in.
    In order to gain root rights, it may try to use exploits for the kernel, which may have security loopholes. Or the trojan waits until the user makes a "su", in which case it can just sniff the root password.
    Last edited by GNU-Fan; 08-02-2010 at 07:14 AM.
    Debian GNU/Linux -- You know you want it.

  3. #3
    Interesting, I didn't know of flash being a security risk, and javascript considerably a smaller one, that's exactly the opposite of what I use to hear about. I've always thought of flash blockers just a thing to have cleaner pages and load only what you want to see, but it has a security function as well then.

    Do you (or anyone who may be reading) knows of some "intermediate" level explanations of security on linux? I'm not asking to "google for me", just in case anyone already know something that have found particularly good in this regard. As with many other things, it seems that there's always a gap between too-basic/newbie info, and über-expert stuff that I can read from start to finish without actually learning anything more than I already knew when I finish, not because I already knew, but because it's somewhat like reading a scientific paper on advanced physics if you're not a physicist.

  4. $spacer_open
  5. #4
    Linux Newbie X.Cyclop's Avatar
    Join Date
    May 2006
    There's even worms on videos (quicktime) according to Trend Micro.
    "Don't think about the work, think about the benefit"

    Leonardo Juszkiewicz

  6. #5
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    the hills
    The most important risk on Linux is when you run a server.
    Any service available from the net is a possible point of
    weakness. If you run any services, HTTP FTP SSH, or whatever,
    it is important to keep up with the latest patches and also
    to use the wisest configuration practices.

    Home users surfing the net have little to worry about.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts