Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Apr 2007
How one gets infected with a rootkit, virus, trojan, etc, on linux?
Most of windows viruses I know (well, I don't even know of any specifically, but only by hearing about them, and by finding them on spam) are actually executable files presented in a way to fool those who are not very used to computers and the menace of viruses. Like mails with "interesting-pictures.exe" attachments.
The somewhat equivalent of those would be some plzrunasrootOMGitssocool.sh, or even something that purports to do what you want and still manages to do some damage without being run as root (can basically delete your entire home folder), but I've never heard of these things actually existing.
So, basically, how one could be infected when using linux?
As far as web browsing is concerned, my personal assessment is that you most likely get infected through Flash. While there are many different browser versions for GNU/Linux around, which would make it hard for malware to find its door in, there is only one or two Flash versions in wide use. As Flash is very platform-independent, we are often vulnerable to the very same security holes as Windows users. A Flash user is therefore subject to the same risks as a Flash user on Windows most of the time.
For example, Adobe - Security Advisories: Security Advisory for Flash Player, Adobe Reader and Acrobat
The second most likewise attack vector I see is having the user run arbitrary software. Especially new users who have just migrated from Windows or Mac are used to visiting webpages in search for some precompiled programs to download and run. Chances are high that you get an infection that way. These inexperienced users may not know yet that the recommended way of installing software on GNU/Linux is through official repositories.
The same holds for running scripts you have read somewhere but have no idea what they do.
Once a trojan has gained foothold with user rights, there is a lot it can do already. For example using networking on unprivileged ports or keygrabbing. Most likely it will install itself in a way that gets it started everytime the user logs in.
In order to gain root rights, it may try to use exploits for the kernel, which may have security loopholes. Or the trojan waits until the user makes a "su", in which case it can just sniff the root password.
Last edited by GNU-Fan; 08-02-2010 at 07:14 AM.Debian GNU/Linux -- You know you want it.
- Join Date
- Apr 2007
Do you (or anyone who may be reading) knows of some "intermediate" level explanations of security on linux? I'm not asking to "google for me", just in case anyone already know something that have found particularly good in this regard. As with many other things, it seems that there's always a gap between too-basic/newbie info, and über-expert stuff that I can read from start to finish without actually learning anything more than I already knew when I finish, not because I already knew, but because it's somewhat like reading a scientific paper on advanced physics if you're not a physicist.
There's even worms on videos (quicktime) according to Trend Micro."Don't think about the work, think about the benefit"
The most important risk on Linux is when you run a server.
Any service available from the net is a possible point of
weakness. If you run any services, HTTP FTP SSH, or whatever,
it is important to keep up with the latest patches and also
to use the wisest configuration practices.
Home users surfing the net have little to worry about.