Linux’s popularity has definitely grown, and with it, malware creators’ interest to attack it. Linux, just like the other operating systems, is vulnerable to viruses. And it’s better to accept it and take measures to keep our devices and data safe.
Linux viruses by years
Almost every year since the first virus appeared, there have been Linux viruses. Many of them have been developed as proof-of-concept, not really harmful to users. So we won’t consider them. The list will focus just on the most representative.
In 1996, Staog appeared, the first virus written for Linux systems. It took advantage of some kernel vulnerabilities so the virus could stay on the memory. It basically infected binary files, looking for root privileges.
In 1997, Bliss attacked by trying to get attached to executable files, where regular users don’t access. There was an alpha version that stopped the executables from working properly. This action was easier to detect by users. Bliss didn’t harm strongly due to the user privilege system of Linux.
1999 was for Vit.4096, a cross-platform (Windows/Linux) virus. It infected executable binary files (ELF). It could infect all files on a device just by getting root access through a user with such privileges.
Zipworm, Satyr, and Ramen
In 2001, Zipworm, Satyr, and one more complex worm called Ramen appeared. This last attacked Red Hat Linux systems. It got through security vulnerabilities and, by brute force, replaced “index.html” files with altered versions named “RameN crew”.
The same year, Lion (worm) stole passwords and created backdoors on Linux systems.
In 2002, OSF.8759, a backdoor virus, was infecting ELF executables and later was infecting all files in the directory where it was located. An average of 200 infected files in every execution. It was considered high risk.
2003 was for Alaeda, a virus looking for minimum .text sections to inject with a code. The original file’s entry point was altered to transfer control to the infection process. Regular users were not at real risk but programmers.
And 2007 saw the first malicious attempt targeting OpenOffice, Badbunny worm. It got popular because of the porno image displayed, a man dressed in a bunny suit, with a lady in the forest. It also affected Windows (cross-platform).
In 2009, a waterfall screensaver that users downloaded included a script to infect (social engineering).
In 2010 Koobface virus spread fast through social network websites. It worked by getting login data for FTP and social sites to send an infected message to all user contacts.
In 2016, HummingBad tricked users into clicking on mobile web-ads to get ad revenue (click-fraud). This was the main purpose of attackers, but the malware was far more dangerous. It had the skill to get root access to Android. With such control, attackers could spy and steal critical users’ data.
How to protect from Linux viruses? What did we learn?
Now we know threats can have different formats. Targeted attacks, worms, scripts, cross-platform, social engineering, backdoor viruses… Avoid the risk, following some recommendations:
- Avoid installing random software or device drivers. Choose official repositories or stores.
- Scan very well programs you want to run on your server. Random scripts or executable programs could be a serious danger.
- Use root privileges with caution. Don’t allow them for every user.
- Keep software updated.
- Use anti-virus software and update it regularly.
- For servers, use a firewall and protect the traffic, change ports to make it harder for the attackers, enable anti-virus software to scan e-mails and files, and detect and delete viruses.
Take a note, don’t let Linux viruses have easily root access and frequently update your distro and software. In any case, Linux threats exist, so let’s better pay attention to the matter.