Thursday, September 17, 2015

Will Linux Be Infected By Malware Or Not?

When I came to know Linux, almost all advanced Linux users told me that Linux is impossible to be infected by virus and malware due to its excellent design. Except root or sudoer, nobody has the privilege to do harm on the system including malware. In case your Linux is infected, only you (the user) is affected. Therefore, you are not required to install any anti-virus or anti-malware application on Linux system. Meanwhile, Linux will not infected Windows based malware. Moreover, Linux developers tried to harden the Linux kernel in many ways, such as ASLR, XD/NX, SELinux, Apparmor, and Gentoo's harden-kernel, etc.

After being an Information Security Enthusiast, I recognized that it is totally not true. In my opinion, Linux just like any other operating systems that can be infected by malware and the interference is not limited to your system only. There are many such news recently.

Linux users can be infected with malware in many ways and some malware are cross-platform software too. The most common way to be infected malware is by surfing internet with your browsers. The other most common way is not keeping your Linux system up-to-date. For example, the very famous Heartbleed vulnerability is still vulnerable for over 200,000 devices in the world after more than a year.

Once you are infected, the malware can perform privilege escalation on your Linux system to gain the rights of root. How this to be done? The most common one is vulnerability of the kernel and/or application software. The other is by social engineering. The most insecure part is human being anyway.

Furthermore, most modern Linux distributions implied sudoer. Sudoer has the rights of root. However, most sysadmins or users will set their account name and password in a very weak way. In addition, the password of root can be easily guessed in most cases for those distributions that not using sudoer. I just name some of them here and there are many ways to get root privilege on Linux systems, for example, misconfiguration of Linux system and/or application software.

Hereby, I name some software, skills and tools as well as technologies on Linux malware for your reference. Hope you all understand that Linux is not a bullet-proof system. It is very easy to break for sure. Finally, I would like to introduce how I hardening Ubuntu for my current daily use, here you are.

Open Source Anti Linux Malware

Linux Malware Detect


Linux Forensics and Linux Malware Analysis

REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware

Linux and Disk Forensics

Books for Linux Malware Analysis and Forensics

Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides

Linux Forensics


Don’t believe these four myths about Linux security

Wiki - Linux malware

Wiki - Address Space Layout Randomization (ASLR)

Wiki - Social Engineering

That's all! See you.