Linux virus classification and prevention methods

 

Linux users may have heard of or even encountered some Linux viruses. The principles and symptoms of these Linux viruses are different, so the preventive methods are different. To better prevent Linux viruses, we first classify known Linux viruses.

 

 

From the current Linux virus, we can summarize it into the following virus types:

 

 

1. Virus Infected with ELF files

 

 

These viruses are mainly infected with files in the ELF format. Through compilation or C, you can write a virus that can infect ELF files. The Lindose virus is a virus that can infect the ELF File. When it finds an ELF file, it checks whether the infected machine type is Intel80386. If yes, check whether some of the files are larger than 2784 bytes (or hexadecimal AEO). If yes, the virus overwrites it with its own code and adds the corresponding part of the host file, and points the entry point of the host file to the virus code part.

 

 

Prevention: Because Linux has a good permission control mechanism, such viruses must have sufficient permissions to spread. To prevent such viruses, you must manage the permissions of various files in your Linux system. In particular, do not use the root account for routine operations, it is recommended that you do not run executable files with unknown records as root, so as not to inadvertently trigger files containing viruses and thus infect the entire system.

 

 

2. Script Virus

 

 

A script virus is a virus written in shell or other scripting languages. This type of virus is easy to write, and requires no advanced knowledge. It is easy to destroy the system, such as deleting files, damaging the normal operation of the system, or even downloading and installing Trojans. However, it is not widely transmitted and is usually damaged on the local machine.

 

 

Prevention: to prevent such viruses, do not run scripts with unknown sources. At the same time, strictly control the use of root permissions.

 

 

3. Worms

 

 

The Linux worm is similar to the Windows worm, which can run independently and spread itself to another computer.

 

 

Worms in Linux usually use vulnerabilities in some Linux systems and services. For example, Ramen uses rpc in some Linux versions (Redhat6.2 and 7.0. statd and wu-ftp security vulnerabilities are spread.

 

 

Prevention: to prevent such viruses from blocking the source of the worm attack, from the perspective of Several Linux virus outbreaks, they all take advantage of several security vulnerabilities that have been released by Linux, if users take corresponding security measures in a timely manner, they will not be affected. Unfortunately, many Linux administrators do not closely track the latest information related to their systems and services, so they still have a chance to access the virus.

 

 

Users must do a good job in local security, especially with regard to Linux security vulnerability information. Once a new Linux security vulnerability occurs, they must take security measures in a timely manner. In addition, you can also use firewall rules to limit the spread of worms.

 

 

4. backdoor program

 

 

Backdoor programs can also be seen as viruses in a broad sense and are very active on Linux platforms. Linux backdoors are implemented using system service loading, shared library file injection, rootkit toolkit, and even kernel modules (LKM, the combination of backdoor technology and intrusion technology on many Linux platforms is very concealed and difficult to remove.

 

 

Prevention: some software can be used to prevent such viruses. Some software can help users find various Backdoor programs in the system, such as chkrootkitR and rootkits, which can detect worms and backdoors.

 

 

5. Other Viruses

 

 

In addition to the Linux virus, we must note that many Windows Viruses exist in Linux file systems. Of course, these windows viruses will not be detected in Linux, but they have the opportunity to pass in to Windows.

 

 

For example, a Linux Samba server can serve as a file server throughout the network. When a user uploads files containing Windows viruses to the Samba server, the Samba server becomes a virus carrier, although it will not be infected with the Windows virus, other people who have accessed the Samba service may be infected with the virus.

 

 

Prevention: to ensure overall security, you must be able to search for and Remove Windows viruses in Linux. This requires some specialized anti-virus software. Currently, some open-source software and commercial software are available for users to choose from, and the number of open-source software is gradually increasing.

 

 

Start from multiple sources and kill Linux viruses

 

 

Compared with Windows viruses, Linux viruses are almost negligible in terms of quantity, but Linux virus makers do not stop. Most of them are hackers who are proficient in coding, the inherent vulnerabilities of Linux may be exploited by them to write a variety of new Linux viruses. Although the Linux virus has not started to spread, if you do not have the concept of precaution, once a Linux virus outbreak, it may cause serious consequences. Therefore, Linux users should pay attention to the Linux virus issue as early as possible.

 

 

Finally, the author summarizes the following suggestions for preventing viruses on the Linux platform:

 

 

(1) reinforce the system.

 

 

(2) Pay attention to Security announcements and promptly fix vulnerabilities.

 

 

(3) do not use the root permission for routine operations.

 

 

(4) do not install any drivers of unknown devices.

 

 

(5) do not run executable programs or scripts with unknown origins on important servers.

 

 

(6) Install antivirus software whenever possible and regularly upgrade the virus code base.

 

 

(7) Linux servers connected to the Internet should regularly detect Linux viruses. Whether worms and Trojans exist.

 

 

(8) For Linux servers that provide file services, it is best to deploy a software that can simultaneously scan and kill Windows and Linux viruses.

 

 

(9) For Linux servers that provide mail services, it is best to use an e-mail virus scanner.

 

 

All in all, you must take multiple measures to prevent viruses on the Linux platform.