Beginning Of Linux Operating System
At the beginning of Linux, due to its original excellent design, it seems to have congenital virus immunity, so then many people believe that there will be no virus for Linux, but Linux is no exception. In the fall of 1996, an organization called VLAD in Australia wrote Staog, the first virus allegedly under the Linux system, in assembly language, which specifically infects binaries and tries to get root privileges in three ways. Of course, the design of the Staog virus is only to demonstrate and prove that Linux has the potential risk of being infected by the virus, and it does not have any damage to the infected system.
In 2001, a Linux worm called Ramen appeared. The Ramen virus can be automatically propagated without human intervention, although it does not have any damage to the server, but it will consume a lot of network bandwidth when it is propagating. Ramen virus is the use of certain versions of Linux (Redhat6.2 and 7.0) rpc.statd and wu-ftp these two security vulnerabilities to spread.
Another year of the Linux worm for the Lion is caused by the actual harm, when Lion spread rapidly through the Internet, and to some users of the computer system caused serious damage. Lion virus can e-mail some passwords and configuration files sent to a mailbox on the Internet, the attacker in the collection of these files may be through the first break when the gap again into the entire system, to further damage Activities, such as confidential information, such as the installation of the back door. When the user’s Linux system infected with the virus, it is possible because the intruder can not determine how to change the system and choose to reformat the hard disk. Moreover, a Linux host in the infected Lion virus will automatically start after the search for other victims on the Internet. Afterwards feedback that Lion virus to many Linux users caused a serious loss.
Other Linux-based viruses are OSF.8759, Slapper, Scalper, Unux.Svat and BoxPoison, and so on, most ordinary Linux users have not encountered them. This is because until now, Linux virus is still very small, the scope of the impact is very small. But with the increase in Linux users, more and more Linux systems connected to the LAN and WAN, the natural increase in the possibility of attack, you can expect more and more Linux virus appears, so how to prevent the Linux virus Become every Linux users should now start to pay attention to the matter.
Linux users may have heard or even encountered some Linux virus, the Linux virus principle and the onset of the symptoms are different, so the way to take precautions are also different. In order to better prevent the Linux virus, first known to some of the Linux virus classification.
Virus/threat type on Linux
Infected with ELF format files
This type of virus in ELF format as the main target infection, through the compilation or C can write to the ELF file infected with the virus. The Lindose virus is a virus that infects the ELF file, and when it finds an ELF file, it checks to see if the infected machine type is Intel80386. If yes, it looks for if the file is larger than 2784 bytes (or hexadecimal AEO), and if so, the virus will overwrite it with its own code and add the code for the corresponding part of the host file, The entry point of the file points to the virus code section.
Prevention: Because Linux has a good authority to control the mechanism, so these viruses have enough authority to spread. In the prevention of such a virus, we should pay attention to manage their own Linux system in a variety of file permissions, with particular attention to do the daily operation do not use the root account, it is best not to run as root unknown unknown executable File, so as not to inadvertently trigger a virus-containing files to infect the entire system.
Script virus refers to the use of shell and other scripting language prepared by the virus. Such a virus is relatively simple to write, do not need to have a very deep knowledge, it is easy to achieve the destruction of the system, such as the deletion of documents, damage the normal operation of the system, and even download and install Trojans. But it is not strong propaganda, usually caused damage on the machine.
Prevention: to prevent such a virus is also careful not to run the source of unknown script, at the same time, to strictly control the use of root privileges.
The worms under Linux are similar to worms under Windows and can run independently and spread themselves to another computer.
In the Linux platform, the worm is usually the use of some Linux systems and services to spread the vulnerability, for example, Ramen virus is the use of certain versions of Linux (Redhat6.2 and 7.0) rpc.statd and wu-ftp these two security The vulnerability is propagated.
Prevention: to prevent such viruses to block the source of worm attacks, from the emergence of several Linux virus outbreak of the incident, they are using the Linux has announced several security vulnerabilities, if the user promptly take the corresponding Security measures will not be affected by them. Unfortunately, many Linux administrators do not keep track of the latest information about their systems and services, so they still have an opportunity for the virus.
Users to do the work of the local security, in particular, should be concerned about Linux security vulnerabilities, once a new Linux security vulnerabilities, we must take timely security measures. In addition, you can also with the firewall rules to limit the spread of worms.
Back door procedures
The backdoor can also be seen as a generic virus, and it is also very active on the Linux platform. Linux backdoor using system services to load, shared library file injection, rootkit toolkit, and even load the kernel module (LKM) and other technologies to achieve, many Linux platform behind the backdoor technology and intrusion technology, very hidden, difficult to clear.
Prevention: to prevent such viruses can use some software to carry out, there are some software can help users find the system in a variety of back door procedures.
In addition to the Linux platform for the Linux virus, but also note that many Windows viruses will exist in the Linux file system, of course, this type of Windows virus is not in the Linux attack, but they have the opportunity to pass to Windows system.
For example, the Linux Samba server can be used as a file server in the entire network. When a user uploads a file containing a Windows virus to a Samba server, the Samba server becomes a virus carrier, although it does not infect the Windows virus, but Other people who have visited Samba services may be infected with the virus.
Prevention: for the overall security, in the Linux system also need to be able to find and kill Windows virus. This requires the use of some specialized anti-virus software.
Destroy the virus
Compared with the Windows virus, from the quantitative point of view, Linux virus is almost negligible, but the Linux virus manufacturers will not stop, they are some proficient in writing code hackers, Linux itself is inevitable fragile Point is likely to be used by them to write a variety of new Linux virus to. Although the Linux virus has not yet begun to flood, but if the user does not prevent the concept, then, once a Linux virus outbreak, it is likely to cause serious consequences. So Linux users should pay attention to the issue of Linux virus as early as possible.
(1) do a good job of system reinforcement work.
(2) pay attention to security bulletin, timely amendments to loopholes.
(3) Do not use root privileges for daily operations.
(4) Do not install a variety of device drivers with unknown origins.
(5) do not run on the important server some unknown executable program or script.
(6) try to install anti-virus software, and regularly upgrade the virus code base.
(7) for the Linux server connected to the Internet, to regularly detect the Linux virus. Worms and trojans exist.
(8) for the provision of file services to the Linux server, it is best to deploy a virus can kill both Windows and Linux virus software.
(9) For Linux servers that provide mail services, it is best to use an E-mail virus scanner.
All in all, for the Linux platform to prevent the virus to take a variety of means, and perhaps because of the Linux virus is now rarely taken lightly.