Linux how to protect against viruses Linux virus method

One, beware the Linux virus

At the beginning of Linux, because of its original excellent design, seems to have innate virus immunity, so many people believe that there will be no virus for Linux to appear, but Linux is finally no exception. In the autumn of 1996, an Australian organization called Vlad in assembly language wrote the STAOG, supposedly the first virus under the Linux system, which specializes in binary files and tries to get root permissions in three ways. Of course, the STAOG virus is designed only to demonstrate and prove that Linux is potentially at risk of virus infection, and it does not perform any damage to infected systems.

A Linux worm named Ramen appeared in 2001. Ramen virus can be transmitted automatically without human intervention, although it does not do any damage to the server, but its scanning behavior during propagation consumes a lot of network bandwidth. The ramen virus is propagated using the RPC.STATD and wu-ftp vulnerabilities of some versions of Linux (Redhat6.2 and 7.0).

In the same year, another worm Lion for Linux caused real harm, when lion quickly spread through the internet and caused serious damage to some users ' computer systems. The lion virus can send some passwords and configuration files to a mailbox on the Internet via email, and the attackers may be able to re-enter the system through the gaps in the first breakthrough and further sabotage, such as obtaining confidential information, installing a backdoor, etc. When a user's Linux system is infected with the virus, it is possible to reformat the hard drive by not being able to tell how the intruder changed the system. Also, a Linux host automatically starts searching the internet for other victims after infecting the lion virus. Afterwards, the feedback shows that the lion virus has caused serious losses to many Linux users.

Other Linux platforms include osf.8759, Slapper, Scalper, Unux.svat, and Boxpoison, and of course, most ordinary Linux users rarely encounter them. This is because until now, the virus on Linux is still very small, the impact of the scope is very low. But with the increase of Linux users, more and more Linux systems connected to the local area network and WAN, naturally increased the likelihood of attack, can be foreseen to have more and more Linux virus appears, so how to prevent the Linux virus is every Linux users should now start to pay attention to things.

Second, seize the weakness, all break

Linux users may have heard of even encountered some Linux viruses, these Linux virus principles and symptoms vary, so take the precautionary approach is also different. To better protect against Linux viruses, we first classify some of the known Linux viruses.

From the current appearance of the Linux virus, can be summed up to the following types of virus:

1, virus infected with the ELF format files

This type of virus is the main target of infection in ELF format files, and can be compiled or C to write viruses that can infect elf files. The Lindose virus is a virus that infects elf files, and when it finds an elf file, it checks to see if the infected machine type is Intel80386. If so, find out if a portion of the file is larger than 2784 bytes (or hexadecimal aeo), and if so, the virus overwrites it with its own code and adds code to the corresponding portion of the host file, pointing the entry point of the host file to the virus code section.

Prevention: Because Linux has a good control mechanism, so this kind of virus to have sufficient authority to carry out. When preventing this type of virus, we should pay attention to manage the various files in their Linux system permissions, especially in the day-to-day operation do not use the root account, it is best not to run as root of unknown executable files, so as not to inadvertently trigger the virus-containing files to infect the entire system.

2. Script virus

A script virus is a virus written in a scripting language such as a shell. This kind of virus writing is simpler, do not need to have very advanced knowledge, it is easy to realize the system to destroy, such as delete files, damage system normal operation, even download installation Trojan. But it does not propagate very strongly, and is usually caused by damage on this machine.

Prevention: Prevention of such viruses is also to be careful not to run the script from unknown source, at the same time, to strictly control the use of root permissions.

3. Worm virus

The worm under Linux is similar to the worm virus under Windows, which can run independently and propagate itself to another computer.

Worm viruses on Linux platforms often use vulnerabilities in Linux systems and services to spread, for example, the ramen virus exploits the RPC.STATD and wu-ftp vulnerabilities of some Linux versions (Redhat6.2 and 7.0).

Prevention: To prevent such viruses to plug the source of the worm outbreak, from the emergence of several Linux virus outbreaks, they are using Linux has been published several security vulnerabilities, if the user to take the corresponding security measures will not be affected by them. Unfortunately, many Linux administrators do not closely track the latest information related to their systems and services, so they still have an opportunity for the virus.

Users to do a good job of the security of the machine, especially to care about Linux security vulnerabilities information, once a new Linux security vulnerabilities appear, it is necessary to take timely security measures. In addition, the firewall rules can also be used to limit the spread of worm viruses.

3. Backdoor procedure

Backdoor programs can also be seen as a generalized virus and are also very active on Linux platforms. Linux backdoor use of system services loaded, shared library file injection, Rootkit Toolkit, and even load kernel module (LKM) and other technologies to achieve, many Linux platform under the backdoor technology and intrusion technology combined, very covert, difficult to clear.

Prevention: Prevent this kind of virus can use some software to carry on, some software can help the user to find out the various backdoor procedures in the system, for instance Chkrootkitr, rootkits can discover worm, backdoor and so on.

4. Other viruses

In addition to the Linux platform facing the Linux virus, but also note that many windows viruses will exist in the Linux file system, of course, this type of Windows virus is not in Linux, but they have the opportunity to pass to the Windows system.

For example, a Linux Samba server can act as a file server throughout the network, and when a user uploads a file containing Windows viruses to a Samba server, the Samba server becomes a virus carrier, although it does not infect the Windows virus. But other people who have visited the samba service may be infected with the virus from it.

Prevention: For overall security, you also need to be able to find and kill Windows viruses in your Linux system. This requires the use of some specific anti-virus software. There are already some open source software and business software available for users to choose from, and the number of them is gradually increasing.

Third, many Parties to start, suppress the killing of Linux virus

Compared to the virus in Windows, the Linux virus is almost negligible in number, but the manufacturer of the Linux virus will not stop, many of them are proficient in coding hackers, The inevitable vulnerabilities of Linux itself are likely to be exploited by them to write a variety of new Linux viruses. Although the Linux virus has not started flooding, but if the user has no concept of prevention, once a Linux virus outbreak, it is likely to have serious consequences. So Linux users should pay attention to the problem of Linux virus early.

Finally, the author of the Linux Platform for the prevention of viruses summed up the following recommendations for reference only:

(1) Do the system strengthening work well.

(2) Pay attention to safety bulletin and fix the loophole in time.

(3) Do not use root permission for daily operation.

(4) Do not install a variety of unknown device drivers.

(5) Do not run some unknown executable programs or scripts on important servers.

(6) Install anti-virus software as far as possible and regularly upgrade the virus code base.

(7) for Linux servers connected to the Internet, periodically detect the Linux virus. Whether worms and Trojans exist.

(8) For a Linux server that provides file services, it is best to deploy a software that can simultaneously detect Windows and Linux viruses.

(9) For the provision of mail services to the Linux server, it is best to cooperate with an e-mail virus scanner.

In short, the Linux platform for the protection of viruses to take a variety of means, must not be because the Linux virus is rarely taken lightly.

Original link: http://www.2cto.com/Article/200511/7084.html