Be careful out there .....

for the security minded, new discussion over something i read about a couple years ago… How to write a Linux virus in 5 easy steps

So a KDE or GNOME desktop launcher can execute a file even if the file does not have an executable flag?

Is there a patch for this? Maybe being able to execute files that are not marked as executable are necessary to the way launchers work? I dont see how…(however I am no programmer).

Seems like a rather large security hole to me…God forbid someone were to fall for this while running a root session of KDE or GNOME…which shouldnt be done in the first place…but it happens…more than likely we all have done it at one point or another (logged into a Desktop environment as root)

This seems to be fixed with KDE 4 (at least 4.3 Devel).
If a .desktop file is executed the first time, it shows something like this:

I struggle with this it needs social engineering on a grand scale.

Getting users to open attachments: Check out these nude shots! <==

This the hardest part I tell my mail software not to open any attachements and show in plain text, I would never dream of opening an attachment from anyone I wasn’t expecting one from.

I think calling this a virus is extreme and verging on scare mongering, no one has said that on linux you can’t be exploited by social engineering.

rm -rf / can be disguised in a million ways, then we have the tar bomb etc…

Yes perhaps in the future there may become a need for virus software, but no software will stop social engineering, if I can disguise it and you install it, doesn’t in my eyes make it a virus.

Is this going to attach its self to my address book, send it self out, will it then attach it self to a new user I create, or to other existing users, will it even search for another PC to exploit(I’m thinking not)?

rm -rf /

By the way, this doesn’t work anymore, since --preserve-root is the default.

It’s a known fact that no software can protect from stupidity, but it should at least try to do this - of course not like Windows Vista’s UAC.

I remember something that has happened to me using Dolphin’s terminal:
I wanted to delete a folder, typed rm -r and then accidently switched to another tab (my home directory), so the terminal automatically entered cd /home/lachs0r
It was pure luck that I hadn’t typed rm -rf, so I’ve only lost some of my settings.

I thought it pretty clever way to infect a Linux PC.

IMHO it does require that one be social engineer’d first in order for the user account to first “catch” the trojan. Many Windows virus do not require the social engineering to spread, so from that perspective, if one were to compare Windows to Linux, Windows PCs are far more vulnerable.

Still, lets ignore the Windows to Linux comparison, and consider the possibility that someone did create a trojan specific to attack a Linux PC, and they somehow managed to get trick the user to execute that trojan on a Linux regular users account.

How vulnerable is root? … I thought the hack suggested to “eventually” get root permissions was simple and feasible, albeit it may not spread easily, as it may never be launched.

Presumeably after the user’s account is infected, the trojan scan’s the user’s PC for executeables that are often run with root permissions (such as common editors, scripts, YaST (in the case of openSUSE) and then put in the users home area a virus/trojan with the executeable name, such that when run, the executeable in the user’s home area (which is the virus/trojan) is run instead of the system wide proper executeable, and this home area virus/trojan executeable then downloads or applies code to further infect the root account (and likely also execute the original application (needing root permissions) in order to avoid detection). To infect the root account this way could require days or months, or years, or never happen, … BUT it looks to be possible. Presumeably, once the trojan/virus is mistakenly executed with root permissions (instead of the proper application), the user’s root account could be infected with a root kit, or some other virus.

Still, how does it propogate to someone else’s PC ? … That link in the study looks weak to me. It appears to me to be more effective as a “one PC only” infection, with propogation difficult.

Linux is not a big target (compared to Windows) and its not commen that a socially engineered virus will be setup to infect Linux users, when there are many more juicy windows users to infect. … But this reads to be feasible to me. … Something I think for all of us to keep in mind.

Fascinating link provided. What confuses me is the general talk about Linux being virus and malware proof. Countless times on the forums, not just openSUSE, have people told newbies that they don’t need to worry about virus protection for Linux and at most they should use a firewall.

AFAIK viruses already exist for Linux.

Linux malware - Wikipedia, the free encyclopedia

So…what I’d like to know is why aren’t virus/malware threats taken more seriously on Linux. Unless the computer is off or disconnected from a network, Linux is not virus-proof and the threats are larger than a lot of people think.

Although I could be mistaken and I have been known to be too.

Just my opinion here, but to me there is a difference between a hypothetical threat and a real, honest to goodness threat. Yes, Linux can get viruses but they are almost non-existent in the real world. To me, that’s what counts. Unless something changes I see no reason for alarm.

Someday we may have to get virus protection for Linux I think if/when that happens I may just turn off this PC for the final time.
Then not ever come back,I’ll miss you guys:’(

A virus without a easy and effective means of spreading is useless. Even with Windows viruses you’ll have to be unlucky to bump into one with normal surfing and security things. I used windows for years and I can’t remember actually having a virus slip through. So, if I use the same behaviour in Linux I should be fine. I’m not worried.

On the topic tho, just like any other operating systems there are always exploits, bugs and ways to cause damage. But considering all computers with linux are different in configuration and packages it would be very hard to write a effective virus for Linux in the same way as you can do for Windows. I think we are very, very safe and I love it.

For the first time I do not have to worry about getting virusses looking at pr0n! rotfl!

Agreed, I have also used Windows for years with very good luck concerning security threats, not too many people are though. Maybe it’s just me and my surfing habits. Who knows. But what specifically constitutes normal surfing? AFAIK most people out there are still using Internet Exploiter and no firewall when surfing their particular interests.

Now, I also agree that it would be difficult to write an effective Linux virus, not just because of different configurations, distros, and all that. But what about different architectures? It doesn’t seem like some piece of malware, whether it be a virus specifically or something else, written for i686 would/could ever be effective on an Alpha or SPARC system, because of processing instructions alone.

So if that were the case (that there were effective viri on Linux) using a less common arch like Alpha or SPARC would be more secure?

FTR I am on a Mandriva box which somehow has caught a cold. Not sure what these germs are doing to my system, if anything at all. But I’m still not pleased they’re there. ClamAV (or at least the GTK front end, its name escapes my mind currently) cannot remove it, hmmm…

i started this thread to create some smart pondering about security in general and it’s starting to get lost in semantics a little… whether you call it a virus or a piece of malware… if a method exists for someone to… say, execute a grep (get any creditcard numbers),cp, and ftp (phone home) it ranks as a serious issue…

and if someone did… would you even know? do you currently police your bash history files or routinely monitor your firewall log file? (wait, a smart guy would clean those too)

no its not a “virus” by definition… so what?

I don’t think the thread is dragged down in semantics. … It is important thou for terminology to be correct, so users do understand the point.

While security is a serious issue, it is also important that security be placed in the proper context, so that the correct amount of attention be applied. Too much security can, if implemented inappropriately, over a period of time be almost as disruptive as being subjected to some security violations. This is especially true in the Linux world. One needs an appropriate level PROPERLY focused. Chasing after non-existent virus and Trojans, today, is the WRONG focus.

IMHO those who spend excessive time looking for Linux virus and trojan scanning programs are simply wasting their time. The simple fact, and it is a fact, that despite some conceptual considerations, there is not even a minor virus and trojan threat to Linux. Instead its almost an obscure threat that has not yet reached the stage of being called minor. That is STARK contrast to the MAJOR threat that exists in the MS-Windows computer world.

Thus far articles such as those quoted to penetrate Linux security via a virus or trojan, are concept proposals. These conceptual studies have serious limitations, which probably contributes to the reason why they have not been implemented (while not forgetting also that the major reason being Linux is not a major target). The article quoted fails to make a convincing case for propagation. There are far too many different email programs and ways of accessing email by Linux systems, such that propagation by email method is not convincing in the slightest. Hence how else can a virus or trojan targeted at Linux propagate ? A malicious web site would be discovered and shut down very quickly, and could possibly leave a trail to those implementing such a site. Plus a malicious web site is not as good a propagation method as email, and I have yet to read a convincing viable case for propagation via email on Linux systems.

Its an interesting discussion, and illustrates the Linux security armor may not be as thick as we might hope, but its far from being very vulnerable, and excessive attention to protect against what to date are imaginary conceptual threats, could be very counter productive.

Its far better IMHO to spend one’s time defending against threats that are real, such as setting up one’s home WLAN against hacker penetration, and fortifiying one’s ssh / vlc connection to the real world, to stop hackers from penetrating that way.

This is extremely difficult to do. Extremely. Even for a “smart guy”. There is another thread on this, which IMHO you need to look at.

It is INCREDIBLY difficult to hide all traces of an incursion, and it takes a long time to hide one’s penetration and incursion, against someone who knows what logs are present. By the very act of editing and removing, one leaves signs of their presence.

point taken on removing traces, it’s just not routinely scrutinized by most users.

i agree wholeheartedly about investing time to secure the most probable weaknesses, in fact, the concept of “chasing your tail” on security issues is a easy trap to fall in, thankfully the fact that the major competition in OS’s is a honeypot makes security concerns “seem” trivial.

a very wise guy told me “beware of the default permit”, a security failure that is not flagged might be eventually discovered but it’s after the damage is done.

Haaahaaahaaa you know why because you do not open attachment ever.if you don`t know and make sure you always update your system is like A-Z.
I use stupid microsoft win98 + winxp for 10+years I never have one virus.
Who cares about virus not me Haaaahaaaahaaa.

Good luck to everyone and my system is running 7/24 300days a year,no one hack in my computer.

See yeah later.


Unless your boss sends you a .DOC file and says that you have to make your changes, then send it back … or, if I’m writing an article, the publisher and I are exchanging all sorts of attachments …

(My point is that for some people, not opening the attachment isn’t always an option. I agree that’s the safest way, but it’s not realistic for everyone.)