Web Sequence Diagrams
Create sequence diagrams in seconds for free.
http://www.websequencediagrams.com

Why was this ad not blocked?
Is 2009 the year of Linux malware?
Posted on: 2009-04-03 23:24:27

It is common knowledge that Linux users needn't worry about viruses because users don't run as root. I've never understood the reasoning behind this. Here are a few of the malicious things that a program can do without being root on Ubuntu 8.10:

  • Start a program every time you login
    Add an entry to .config/autostart
  • Configure firefox to route all traffic through a remote proxy
    Change a line in .mozilla/firefox/*/prefs.js
  • Replace everything in your "System Settings" menu with a command that asks you for your password, then does something else before invoking the real program.
    Add a file to .local/share/applications
  • Download and install other programs in the background
    Putting them in .gnome2/system32 seems somehow appropriate
  • Run a server of any kind (web/ftp/irc/etc)
    Just pick a port above 1024, and update the firewall with uPnp
  • Install a new firefox plugin
    put it in .mozilla/firefox/*/extensions/
    call it "Ubuntu System Integration Plugin Helper"

Once malware has its grubby code all over your home folder, you are one fake dialog box away from giving it complete control over your system:

Firefox with suspicious dialog box asking for root password

If you have ever run a program or script that wasn't included in your distribution, then you could have been infected with malware. (You weren't.)

If you are interested in more examples, The Malware Project (PDF) is a great read that takes you step by step through an actual social engineering experiment with users. The results will surprise you.

Ubuntu in particular must be very enticing for malware writers, because:

  • It is easy to get new users to run things. There are thousands of annoyances with desktop linux that can only be fixed by dropping to the command line, or downloading something to do it for you.
  • It has a rich, portable API. Malware writers have access to all unix commands and a rich programming environment that is guaranteed to be available on every desktop, allowing them to search and change any file in your home folder, or even implement complex network protocols.
  • Open source makes it easy to copy other programs. If you can change sources.list, you can then replace top, ps, and System Monitor with exact clones that neglect to display your processes. This is much easier than hacking up the Windows Task Manager internal memory. Or just do everything in kernel mode for ultimate captcha cracking, DDOS power.
  • People are unprepared. The "fact" that linux can't get viruses is constantly repeated all over the web.

Is 2009 the year of the linux desktop malware? How long until we see headlines like, "Researchers find massive botnet based on linux 2.30"?

Further Reading

subscribe to posts

Post comment

Real Name:
Your Email (Not displayed):
Text only. No HTML. If you write "http:" your message will be ignored.

Brandon Thomson

2009-04-04 15:47:05
Linux is not immune and your points are correct and well taken. However... malware will only become a significant problem if linux gets more market share. Malware writers target Windows because that's where they get the most leverage.

So unless 2009 is also the year of the linux desktop in a big way...

mario

2009-04-04 21:22:50
That's factually a very serious problem. Not yet. But it will become.

Once Linux catches a significant market share, less technically informed users will use it. They are obvious targets for social engineering and malware scams.

It's still more difficult to install malware by the commandline. People that actually tinker with sources.list and terminal commands are expected to have a greater understanding of involved risks.

However with new users, this won't be the case. As you describe, some with copy and paste code and commands from formus/bbs.

There is nothing we can do about that. It's inevitable. Maybe the major forums are self-regulating, and malware trickery won't have as a large impact as with the Windows environment. Still, some user education might be in order. As you conclude, we are absolutely unprepared for when that starts.

Jason

2009-08-05 16:42:09
I agree with everyone else too, as long as everyone refuses to install linux, you don't have to worry about linux malware. No need to make any effort to protect your identity or banking info requried. :)

Are people out there that dumb? You've just made a very short list of how easy it is to install malware to keylog someone's banking info if they wanted on linux and it doesn't sink in. Great article!

vertur

2009-10-19 03:04:48
loh chiliyskiy

vertur

2009-10-19 04:06:37
loh chiliyskiy

Pinguim

2010-01-13 13:28:50
Where is the malware ?

LinUser

2010-01-17 23:14:38
I agree that it is not immune to virus. But if i were a virus writer, which version of linux would I write it for? There are a gazillion different distributions with gazillion different versions of desktop.

Statistically if I chose to write for say opensuse, then I infect a few opensuse users. Not to mention a patch will come out as soon as its detected. A virus can be written but its damage will be contained, so quickly and easily.

Other posts by Steve

C++: A language for next generation web apps qb.js: An implementation of QBASIC in Javascript (part 1) A simple drawing program using Javascript and Canvas You don't need a project/solution to use the VC++ debugger Boring Date (comic) barcamp (comic) How IE <canvas> tag emulation works I didn't know you could mix and match (comic) Sign here (comic) It's a dirty job... (comic) Text-to-speech for domain names Pitching to VCs #2 (comic) Building a better rhyming dictionary Does Android team with eccentric geeks? (comic) Comment spam defeated at last Pitching to VCs (comic) How QBASIC almost got me killed Blame the extensions (comic) How to run a linux based home web server Microsoft's generosity knows no end for a year (comic) Using the Acer Aspire One as a web server When programmers design web sites (comic) Finding great ideas for your startup Game Theory, Salary Negotiation, and Programmers Coding tips they don't teach you in school When a reporter mangles your elevator pitch Test Driven Development without Tears Drawing Graphs with Physics Free up disk space in Ubuntu Keeping Abreast of Pornographic Research in Computer Science Exploiting perceptual colour difference for edge detection Experiment: Deleting a post from the Internet Is 2009 the year of Linux malware? Email Etiquette How a programmer reads your resume (comic) How wide should you make your web page? Usability Nightmare: Xfce Settings Manager Usability Nightmare: ktoon cairo blur image surface Automatically remove wordiness from your writing Why Perforce is more scalable than Git A complete blogging system in 1900 lines of php Optimizing Ubuntu to run from a USB key or SD card UMA Questions Answered Make Windows XP look like Ubuntu, with Spinning Cube Effect See sound without drugs Standby Preventer Stock Picking using Python Spoke.com scam Stackoverflow.com Copy a cairo surface to the windows clipboard Simulating freehand drawing with Cairo Free, Raw Stock Data Installing Ubuntu on the Via Artigo Why are all my lines fuzzy in cairo? Handling Unicode Form Data in PHP and Python A simple command line calculator Tool for Creating UML Sequence Diagrams A Class Library for Windows Exploring sound with Wavelets A Fast Calorie Calculator for Windows UMA and free long distance UMA's dirty secrets Creating a Todo list in Ajax Installing the Latest Debian on an Ancient Laptop How to make the MSDN style tree view in Javascript Dissecting Adsense HTML/ Javascript/ CSS Pretty Printer Comment Spam Web Comic Aggregator Experiments in making money online How much cash do celebrities make? Draw waveforms and hear them Cell Phones on Airplanes Detecting C++ memory leaks What does your phone number spell? A Rhyming Engine Rules for Effective C++ Cell Phone Secrets


subscribe to this blog