We recently gave you a brief history of viruses on the Mac  and as requested by a user we wanted to give you a history of viruses  on Linux. Given the tight security integrated into Linux, it is  difficult to take advantage of a vulnerability on the computer, but some  programmers have found ways around the security measures. There are  several free options for anti-virus on Linux that you really should use,  even if it isn't always running - a weekly or monthly scan doesn't  hurt. Free anti-virus solutions include: ClamAV, AVG, Avast and F-Prot.
  	1996:
 	The cracker group VLAD wrote the first Linux virus named Staog. The  virus took advantage of a flaw in the Kernel that allowed it to stay  resident on the machine and wait for a binary file to be executed. Once  executed the virus would attach itself to that file. Shortly after the  virus was discovered the flaw was fixed and the virus quickly became  extinct. VLAD was also responsible for writing the first known virus for  Windows 95, Boza.
  	1997:
 	The Bliss computer virus made its way out into the wild. The virus  would attach itself to executables on the system and prevent them from  running. A user had to have root access for the virus to be affected,  and to this day Debian lists itself as still being vulnerable to this  virus. The threat to Debian is minimal though as users do not typically  run as root. 
  	1999:
 	No significant viruses were reported this year but oddly enough a hoax  message went around stating there was a virus that was threatening to  install Linux on your computer. At the time the Melissa virus was  ravaging PCs worldwide and on April 1, 1999 (April Fools Day) a message  went out warning that a virus named Tuxissa was running about secretly  installing Linux on unsuspecting computers. 
  	2000:
 	A rather harmless virus, Virus.Linux.Winter.341, showed up and inserted  itself into ELF files; ELF files are executable Linux files. The virus  was very small, only 341 bytes, and would insert LoTek by Wintermute into  the Notes section of an ELF file. The virus was also supposed to change  the computer name to Wintermute but never gained control of a machine  to effect the change. 
  	2001:
 	This was an eventful year for Linux viruses; the first was the ZipWorm,  a harmless virus that would simply attach itself to any zip files  located in the same directory it was executed in. Next was the Satyr  virus which was also a harmless virus, it would simply attach itself to  ELF files adding the string unix.satyr version 1.0 (c)oded jan-2001 by Shitdown [MIONS], http://shitdown.sf.**(edited as URL causes Avast to block page). There  was also a virus released called Ramen which would replace index.html  files with their own version displaying Ramen Crew at the top and a  package of Ramen Noodles at the bottom. Later a worm by the name of  Cheese came out that actually closed the backdoors created by the Ramen  virus. There were several other viruses released this year that were  relatively harmless. 
  	2002:
 	A vulnerability in Apache led to the creation and spread of the Mighty  worm. The worm would exploit a vulnerability in Apache's SSL interface,  then infect the unsuspecting victims computer. Once on the computer it  would create a secret connection to an IRC server and join a channel to  wait for commands to be sent to it. 
  	2003:
 	Another harmless virus showed up, it was called the Rike virus. The  virus, which was written in assembly language, would attach it self to  an ELF file. Once attached it would expand the space the file required  and write RIKE into that free space. 
  	2004:
 	Similar to the virus from the previous year, the Binom virus would simply expand the size of the file and write the string [ Cyneox/DCA in to the free space. The virus was spread by executing an infected file. 
  	2005:
 	The Lupper worm began spreading to vulnerable Linux web servers. The  worm would hit a web server looking for a specific URL, then it would  attempt to exploit a vulnerable PHP/CGI script. If the server then  allowed remote shell command execution and file downloads, it would  become infected and begin searching for another server to infect. 
  	2006:
 	A variant of the Mighty worm from 2002 named Kaiten was born. It would  open a connection to an IRC channel and wait for commands to be sent and  executed. 
  	2007:
 	An exploit in OpenOffice led to the spread of a virus named BadBunny.  This virus would infect Windows, Mac and Linux machines. The virus  creates a file called badbunny.py as an XChat script and creates  badbunny.pl, a Perl virus infecting other Perl files. There was also a  trojan horse released by the name of Rexob. Once on the machine, it  would open a backdoor allowing remote code execution. 
  	2009:
 	A website for GNOME users to download screensavers and other pieces of  eye-candy unknowingly hosted a malicious screen saver called WaterFall.  Once installed on the machine it would open up a backdoor that when  executed would cause the machine to assist in a distributed denial of  service attack (DDOS). The DDOS attack was very specific and targeted a  specific website, MMOwned.com. 
  	2010:
 	The koobface virus, a virus that spreads through social networking  sites targets Windows, Mac and, in a more recent variant, Linux  computers. Once infected, the virus attempts to gather login information  for FTP and social networking sites. Once your password has been  compromised the virus will send an infected message to all of your  friends in your social network. 
  	This is by no means a complete list of Linux viruses but it does cover  the major ones. It also points out that most of the viruses found on  Linux are fairly harmless. That doesn't mean they don't exist though. Be  sure to keep an eye on what your downloading and where you're going on  the Internet and you will most likely stay virus free. An occasional  virus scan wouldn't hurt either. 
  	Sources:
         							  
0 comments:
Post a Comment