Virus history and feature classification of Linux

The 1996 STAOG was the first virus under the Linux system, and it came from an organization called Vlad in Australia (the first virus program Boza under Windows 95). Staog virus is written in assembly language, specialized in binary files, and in three ways to try to get root permissions. Staog virus does not have any material damage to the system. It should be a demo version. It reveals the potential danger that Linux may be infected by viruses. The second virus found on the Linux system was the Bliss virus, an experimental virus that was accidentally released. Unlike other viruses, bliss itself carries an immune program that restores the system as long as the program is run with the "disinfect-files-please" option.

If the Linux virus showed people only a concept in the beginning, then the ramen virus, discovered in 2001, has begun to cause many people's concerns. The ramen virus, which can be transmitted automatically without human intervention, is very similar to the Morris Worm, which had made people suffer much in the 1988. It only infects red Hat 6.2 and version 7.0 servers that use the anonymous FTP service, and it infects the system through two common vulnerabilities rpc.statd and wu-ftp.

On the face of it, this is not a dangerous virus. It is easy to spot and does not do anything destructive to the server. But when it starts scanning, it consumes a lot of network bandwidth.

Since 1996, the new Linux virus is numbered, which shows that Linux is a robust operating system with innate virus immunity. Of course, there are other reasons for this, in addition to its own excellent design.

First of all, early Linux users are generally professionals, even today, despite the proliferation of their users, but the typical user is still a good computer background and willing to help others, Linux experts are more inclined to encourage beginners to support such a cultural spirit. Because of this, one of the tendencies in Linux usage is to avoid infecting viruses with security experience. Second, Young is one of the reasons Linux is rarely attacked by viruses. In fact, all operating systems, including DOS and windows, were rarely infested with viruses at the beginning of their production.

However, in March 2001, the Global Accident Analysis Center at Sans College in the United States found that a new worm for computers using Linux systems is spreading rapidly through the Internet, It will likely cause serious damage to the user's computer system. The worm is named the "Lion" virus, which is very similar to the ramen worm virus. However, the virus is more dangerous, the "lion" virus can be e-mailed to send some passwords and configuration files to a domain name located in china.com. William Stiens, an engineer at the Institute of Safety Technology at Dartmouth College, said: "Attackers can re-enter the system once they have sent them back through the gap at the first break." This is the difference between it and the ramen worm virus. In fact, the ramen virus is a friendly virus that automatically shuts down vulnerabilities when it invades the system, which opens up vulnerabilities and opens up new ones. So that if your system is infected with the virus, we cannot be absolutely sure that the system is worth saving, and a more reasonable choice is likely to be to transfer your data and reformat the hard drive. ”

Once the computer is completely infected, the "lion" virus will force the computer to start searching the internet for other victims. However, the system that infects the "lion" virus is less than the system that infects the ramen virus, but it causes much more damage than the latter.

With the spread of the Klez virus on the Linux platform, antivirus software vendors are starting to remind us that Microsoft's operating system is no longer the only operating system that is vulnerable to virus attacks. Even though Linux and other mainstream UNIX platform users may not be large users of Microsoft's bundled apps, it is impossible to spread the virus through these software, and Linux and Unix still have their own vulnerabilities that are not noticeable. In addition to Klez, the main threats to other Linux/unix platforms are: Lion.worm, osf.8759 virus, slapper, Scalper, Linux.svat, and Boxpoison viruses, which are rarely mentioned.

The virus maker is a code-savvy hacker who is far more dangerous than hackers who randomly alter websites but know little about how to write viruses. A hacked web site can be repaired quickly, but the virus is more covert, it will bring potential security risks, it will continue to lurk until the system to bring irreparable damage.

In addition, the more Linux systems are connected to the LAN and WAN, the more likely they are to be attacked, because many Linux viruses are spreading fast. Linux/unix systems using wine are particularly vulnerable to viruses. Wine is a compatible software package that exposes the Linux platform to run Windows applications. Wine systems are particularly vulnerable to viruses because they can pose a threat to the system, both for Linux and for Windows viruses, worms, and Trojans.

Virus classification under Linux platform

Executable virus: Executable virus refers to the virus that can be parasitic in the file, the file is the main object of infection. It's easy for virus makers to infect elf files no matter what weapons they use, assembly or C. This virus, such as Lindose, when it discovers an elf file, checks whether the infected machine type is Intel 80386, and if so, finds whether a portion of the file is larger than 2,784 bytes (or hexadecimal aeo), and if these conditions are met, The virus overwrites it with its own code and adds the code for the appropriate portion of the host file, pointing the entry point of the host file to the virus code section. A student named Alexander Bartolich published an article entitled How to write a Linux virus, detailing how to make a parasitic file virus that infects an elf executable file in linux/i386. With such an enlightening, Web-published document, the number of Linux based viruses will only grow faster, especially since Linux has become more widely used.

Worm (worm) virus: The 1988 Morris worm outbreak, Eugene H. Spafford to distinguish between worms and viruses, gave a technical definition of the worm, "the computer worm can run independently, and can spread its own version of all features to another computer." "(Worm is-a program, can run by itself and can propagate a fully working version of itself to other machines. ）。 Under the Linux platform, worms are rampant, like ramen,lion,slapper that use system vulnerabilities to spread ... Each of these notorious guys is infected with a large number of Linux systems, causing huge losses. They are the Nimda, red Code of the Open source world. In the future, the worm will continue to grow, and the wider the Linux system, the greater the spread and disruption of the worm.

Scripting viruses: There are more viruses that are written using the Shell scripting language. This type of virus is simpler to write, but equally destructive. We know that there are many script files in the Linux system that end with. Sh, and a short dozen of shell scripts can traverse all the script files in the entire hard disk for a short time to infect. Therefore, the virus manufacturers do not need to have very advanced knowledge, you can easily write such a virus, the system to destroy, its destructive can be deleted files, damage the system normal operation, and even download a trojan to the system and so on.

Backdoor: In the broad sense of the concept of virus definition, the backdoor has also been included in the scope of the virus. Back door active in Windows system the intruder's weapon is also extremely active under the Linux platform. From the simple backdoor of adding system Super User account to the use of system service loading, shared library file injection, Rootkit Toolkit, and even loadable kernel module (LKM), the backdoor technology under Linux platform is very mature and difficult to clear. is a serious headache for Linux system administrators.

Viruses, worms and Trojans basically mean automated hacking, which may be more likely to be attacked by a virus than by a hacker attack. A direct hacker attack target is typically a server, and the virus is the troublemaker of such opportunities. If your network contains Linux systems, it is particularly dangerous for servers not to wait for the presence of Linux viruses, worms, and Trojans before responding. Do some research and choose an antivirus product that works for your system, which helps prevent the spread of the virus. As for the Linux platform virus in the future development, everything is possible. The history of viruses under Windows may also be repeated on Linux, depending on the development of Linux.