Linux users may have heard of or even encountered some Linux viruses. The principles and symptoms of these Linux viruses are different, so the preventive methods are different. To better prevent Linux viruses, we first classify known Linux viruses.
From the current Linux virus, we can summarize it into the following virus types:
1. Virus Infected with ELF files
These viruses are mainly infected with files in the ELF format. Through compilation or C, you can write a virus that can infect ELF files. The Lindose virus is a virus that can infect the ELF File. When it finds an ELF file, it checks whether the infected machine type is Intel80386. If yes, check whether some of the files are larger than 2784 bytes (or hexadecimal AEO). If yes, the virus overwrites it with its own code and adds the corresponding part of the host file, and points the entry point of the host file to the virus code part.
Prevention: Because Linux has a good permission control mechanism, such viruses must have sufficient permissions to spread. To prevent such viruses, you must manage the permissions of various files in your Linux system. In particular, do not use the root account for routine operations, it is recommended that you do not run executable files with unknown records as root, so as not to inadvertently trigger files containing viruses and thus infect the entire system.
2. Script Virus
A script virus is a virus written in shell or other scripting languages. This type of virus is easy to write, and requires no advanced knowledge. It is easy to destroy the system, such as deleting files, damaging the normal operation of the system, or even downloading and installing Trojans. However, it is not widely transmitted and is usually damaged on the local machine.
Prevention: to prevent such viruses, do not run scripts with unknown sources. At the same time, strictly control the use of root permissions.
3. Worms
The Linux worm is similar to the Windows worm, which can run independently and spread itself to another computer.
Worms in Linux usually use vulnerabilities in some Linux systems and services. For example, Ramen uses rpc in some Linux versions (RedHat6.2 and 7.0. statd and wu-ftp security vulnerabilities are spread.
Prevention: to prevent such viruses from blocking the source of the worm attack, from the perspective of Several Linux virus outbreaks, they all take advantage of several security vulnerabilities that have been released by Linux, if users take corresponding security measures in a timely manner, they will not be affected. Unfortunately, many Linux administrators do not closely track the latest information related to their systems and services, so they still have a chance to access the virus.
Users must do a good job in local security, especially with regard to Linux security vulnerability information. Once a new Linux security vulnerability occurs, they must take security measures in a timely manner. In addition, you can also use firewall rules to limit the spread of worms.