[SOLVED] Detecting Windows Malware on Mint
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
- Level 1
- Posts: 26
- Joined: Sun Jun 13, 2021 10:50 am
[SOLVED] Detecting Windows Malware on Mint
I know that there is very little to no reason to worry about malware on my Mint OS.
I am not asking for recommendations for anti-malware programs for Linux; I know AM is unneccessary to protect my Linux system.
tl;dr: A Windows computer in my house got infected with a mining trojan, and I have a Windows 10 partition, and I transfer files back and forth to both of them. I'm concerned that my immunity to the malware might let me act as a carrier if I'm careless.
I transfer files over to my flatmate's PC using a couple of USB sticks (small stuff - anime, mainly) pretty regularly. When he upgraded to Windows 11, Windows Defender found a coin miner. He had issues with Windows Defender on 10 for a good long time, and this may or may not have been the cause. We don't know how long it's been there. My Win10 partition seems fine - Windows Defender turns up clear, and the CPU usage is what I expect Unfortunately, we didn't find out where the miner came from or when the PC was infected.
I realised it's a possibility that I could have given him an infected file without being infected myself, due to it simply not being compatible with Linux. I'd rather not dismiss this out of hand without looking. Is there a way for me to search for potential Windows malware on Mint, even though Mint itself isn't at risk of that malware?
EDIT:
tl;dr despite being a bit difficult to use, ClamAV is the tool for the job.
I am not asking for recommendations for anti-malware programs for Linux; I know AM is unneccessary to protect my Linux system.
tl;dr: A Windows computer in my house got infected with a mining trojan, and I have a Windows 10 partition, and I transfer files back and forth to both of them. I'm concerned that my immunity to the malware might let me act as a carrier if I'm careless.
I transfer files over to my flatmate's PC using a couple of USB sticks (small stuff - anime, mainly) pretty regularly. When he upgraded to Windows 11, Windows Defender found a coin miner. He had issues with Windows Defender on 10 for a good long time, and this may or may not have been the cause. We don't know how long it's been there. My Win10 partition seems fine - Windows Defender turns up clear, and the CPU usage is what I expect Unfortunately, we didn't find out where the miner came from or when the PC was infected.
I realised it's a possibility that I could have given him an infected file without being infected myself, due to it simply not being compatible with Linux. I'd rather not dismiss this out of hand without looking. Is there a way for me to search for potential Windows malware on Mint, even though Mint itself isn't at risk of that malware?
EDIT:
tl;dr despite being a bit difficult to use, ClamAV is the tool for the job.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 3 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Detecting Windows Malware on Mint
Yes, it's entirely possible, I'm afraid. Linux isn't immune either, but it's certainly far better off. Linux Mint is a distribution of Linux as an operating system, by the way. I'm just being pedantic, but hey, the more you know. Anyway, you can use ClamAV, installable with:
There's also a simple GUI for it, called ClamTK, which you might like:
Or use a GUI to get it, like a software center or something.
Code: Select all
sudo apt-get install clamav
Code: Select all
sudo apt-get install clamtk
I'm also Terminalforlife on GitHub.
Re: Detecting Windows Malware on Mint
If you run Clam, be prepared for a lot of false positives.
Re: Detecting Windows Malware on Mint
Oh yeah, I forgot to mention you can get false-positives; it's sort of a given with any anti-virus thing, though.
I'm also Terminalforlife on GitHub.
Re: Detecting Windows Malware on Mint
You can check any suspicious files on:
Virus Total:
https://www.virustotal.com/gui/home/upload
Hybrid Analysis:
https://www.hybrid-analysis.com/
Virus Total:
https://www.virustotal.com/gui/home/upload
Hybrid Analysis:
https://www.hybrid-analysis.com/
- Pjotr
- Level 24
- Posts: 20111
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Detecting Windows Malware on Mint
As sleeper12 said.
Don't install AV in your Linux, because it'll actually make your Linux less secure:
https://easylinuxtipsproject.blogspot.c ... urity.html
Don't install AV in your Linux, because it'll actually make your Linux less secure:
https://easylinuxtipsproject.blogspot.c ... urity.html
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
-
- Level 1
- Posts: 26
- Joined: Sun Jun 13, 2021 10:50 am
Re: Detecting Windows Malware on Mint
Ach, semantics, indeed. I know how it works but that doesn't help me stop mixing up words :') Though, I overstated safety on purpose - didn't want the thread to get into the fine details of Linux security when it's not my concern.
I saw that Clam had bad ratings on the Software Centre as just not working so I skipped it. Do you have a better experience?
These are really cool - the problem is that I have a terabyte of data to check. I'll keep these in my back pocket for smaller files, though, thank you. I'll make use of it for smaller files.sleeper12 wrote: ⤴Sun Jan 23, 2022 5:19 pm You can check any suspicious files on:
Virus Total:
https://www.virustotal.com/gui/home/upload
Hybrid Analysis:
https://www.hybrid-analysis.com/
I'm adding a few more lines to my original post, as it seems I didn't make it clear enough that I am not looking for AM for Linux.Pjotr wrote: ⤴Sun Jan 23, 2022 5:20 pm Don't install AV in your Linux, because it'll actually make your Linux less secure:
https://easylinuxtipsproject.blogspot.c ... urity.html
Re: Detecting Windows Malware on Mint
I've had a mostly good experience with ClamAV. It broke for a while, ages ago, because the database refused to update properly, so I wrote a script which manually updated it. That's about the only real issue I've had with it over the years.SaberClassMor wrote: ⤴Mon Jan 24, 2022 10:32 am I saw that Clam had bad ratings on the Software Centre as just not working so I skipped it. Do you have a better experience?
I imagine people don't like ClamAV because of false positives, but they exist in other anti-virus software too, so it's not like ClamAV is uniquely terrible in that regard. Another thing people might not like about it, are the defaults, but ClamAV has a lot of options to choose from, which you can see if you check out it's man page. The last thing which comes to mind for why people might not like it, is that they tried scanning immediately after installing it, but didn't bother waiting for the actual database to be downloaded.
Then again, maybe a lot of people just hate it because it's anti-virus, since Linux is ... well, Linux. I needn't expand on that.
I'm also Terminalforlife on GitHub.
-
- Level 3
- Posts: 118
- Joined: Fri Jan 21, 2022 2:29 pm
Re: Detecting Windows Malware on Mint
As a community, we should not make this assumption; that we are safe from malware just because we use Linux. I am a member of a couple of security news groups that report on the latest hacks and cracks by some very smart black hat groups. Linux is not 100% safe, and is subject to attacks all the time. There is even a new malware that is actually OS-independent, and capable of attacking Linux, Windows and Mac.SaberClassMor wrote: ⤴Sun Jan 23, 2022 3:10 pm I know that there is very little to no reason to worry about malware on my Mint OS.
And you are correct, since you are in a mixed environment, it is possible that Linux can be a "carrier" for malware that can eventually infect Windows if opened in that environment.
- Pjotr
- Level 24
- Posts: 20111
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Detecting Windows Malware on Mint
Right. Theoretical risks all over the place (nothing new there, yawn....). But practical risks? Examples of real-life malware dangers with a probability above the radar, for the average Linux desktop user?AwesomeOpossum74 wrote: ⤴Mon Jan 24, 2022 5:00 pmAs a community, we should not make this assumption; that we are safe from malware just because we use Linux. I am a member of a couple of security news groups that report on the latest hacks and cracks by some very smart black hat groups. Linux is not 100% safe, and is subject to attacks all the time. There is even a new malware that is actually OS-independent, and capable of attacking Linux, Windows and Mac.SaberClassMor wrote: ⤴Sun Jan 23, 2022 3:10 pm I know that there is very little to no reason to worry about malware on my Mint OS.
And you are correct, since you are in a mixed environment, it is possible that Linux can be a "carrier" for malware that can eventually infect Windows if opened in that environment.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
-
- Level 3
- Posts: 118
- Joined: Fri Jan 21, 2022 2:29 pm
Re: Detecting Windows Malware on Mint
Why do you think there are frequent security updates for our everyday desktop software? Never mind the many web services that get used on millions of Linux servers, that require constant log checking for things "unusual".
Just one way: Bad actors are always submitting code for addition into the kernel, and other application/service/utility that gets used on our desktops. If it gets through the reviewers and is added to the code base, it has potential to give them access in ways not yet understood by the code maintainers.
Now, to desktop vs. server: We desktop users aren't typically the main focus for malware, servers are. But does that mean we shouldn't be on our guard?
- Pjotr
- Level 24
- Posts: 20111
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Detecting Windows Malware on Mint
For fixing security holes, evidently. But stop evading the question: where is the Linux malware that poses a practical real-life risk for Linux desktop users?AwesomeOpossum74 wrote: ⤴Mon Jan 24, 2022 6:04 pmWhy do you think there are frequent security updates for our everyday desktop software?
Yet more theoretical threats. Stop that please. Practical real-life malware risks above the radar are all that counts here.AwesomeOpossum74 wrote: ⤴Mon Jan 24, 2022 6:04 pm Just one way: Bad actors are always submitting code for addition into the kernel, and other application/service/utility that gets used on our desktops. If it gets through the reviewers and is added to the code base, it has potential to give them access in ways not yet understood by the code maintainers.
Yeah, sure we should be on our guard. Just update daily and use your common sense. Nothing new. Yawn....AwesomeOpossum74 wrote: ⤴Mon Jan 24, 2022 6:04 pm We desktop users aren't typically the main focus for malware, servers are. But does that mean we shouldn't be on our guard?
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
-
- Level 3
- Posts: 118
- Joined: Fri Jan 21, 2022 2:29 pm
- Pjotr
- Level 24
- Posts: 20111
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Detecting Windows Malware on Mint
Not OK at all. You're just spreading FUD without giving one real-life example of a practical malware threat for Linux desktop users. Not one. All theory, and only theory. Sad.AwesomeOpossum74 wrote: ⤴Mon Jan 24, 2022 6:27 pmI tried. Your comments to me seem negative and/or denialist. Do some research. If you don't believe what I'm saying, that's ok.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
-
- Level 3
- Posts: 118
- Joined: Fri Jan 21, 2022 2:29 pm
Re: Detecting Windows Malware on Mint
Fine. You don't want to do your own research.
Prime example of bad code submissions: https://itwire.com/open-source/torvalds ... trust.html
High level Linux malware info, with lists: https://en.wikipedia.org/wiki/Linux_mal ... jan_horses
And more: https://hacked.com/linux-ransomware-not ... o-protect/
Please make sure you read it all; you shouldn't miss anything. I could keep going, and reference the uptick in Linux malware in the last couple of years, but honestly, I'm done feeding your attitude.
These things affect all of us, not just servers. To assume you're safe just because you're just using desktop, is to fool yourself.
Since you're basically calling me a liar, I feel it's a good time for me to show myself out of this conversation with you.
Prime example of bad code submissions: https://itwire.com/open-source/torvalds ... trust.html
High level Linux malware info, with lists: https://en.wikipedia.org/wiki/Linux_mal ... jan_horses
And more: https://hacked.com/linux-ransomware-not ... o-protect/
Please make sure you read it all; you shouldn't miss anything. I could keep going, and reference the uptick in Linux malware in the last couple of years, but honestly, I'm done feeding your attitude.
These things affect all of us, not just servers. To assume you're safe just because you're just using desktop, is to fool yourself.
Since you're basically calling me a liar, I feel it's a good time for me to show myself out of this conversation with you.
Re: Detecting Windows Malware on Mint
They do? I have yet to see one post in this forum about anybody getting a Linux malware. And nobody is assuming anything . . . keep up to date (OS and browser) and don't do anything dumb. That's about as deep as you need to get: relax, you're running Linux.AwesomeOpossum74 wrote: ⤴Mon Jan 24, 2022 8:35 pm These things affect all of us, not just servers. To assume you're safe just because you're just using desktop, is to fool yourself.
Re: Detecting Windows Malware on Mint
yes fudPjotr wrote: ⤴Mon Jan 24, 2022 6:29 pmNot OK at all. You're just spreading FUD without giving one real-life example of a practical malware threat for Linux desktop users. Not one. All theory, and only theory. Sad.AwesomeOpossum74 wrote: ⤴Mon Jan 24, 2022 6:27 pmI tried. Your comments to me seem negative and/or denialist. Do some research. If you don't believe what I'm saying, that's ok.
how many reports of infection--zero
Everything in life was difficult before it became easy.
- Pjotr
- Level 24
- Posts: 20111
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Detecting Windows Malware on Mint
Exactly. It's real-life risks that are frequent enough to be counted as practical risks, that we have to act upon. Risks that are (almost) purely theoretical, need not concern the average user.
In theory, you can get hit by a meteorite as soon as you step out of the door. Come to think of it: you can even get hit by a meteorite (provided it's big enough) when you stay indoors all the time. Good God.
Total guaranteed security is impossible; we simply have to live with that, in all aspects of life. No choice. And in a hundred years, we'll all be dead. As the French say: c'est la vie.... So shrug your shoulders, smile and make yourself a strong café au lait from freshly ground, good beans. With a fresh croissant to accompany it.
As a bonus, an appropriate song for the Dutch speaking readers:
https://www.youtube.com/watch?v=6XxJ-HAPfcE
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
-
- Level 1
- Posts: 26
- Joined: Sun Jun 13, 2021 10:50 am
Re: Detecting Windows Malware on Mint
Alas, no matter how much I tried to avoid it, another great debate over Linux and malware...sigh.
I'm not sure what the anguish over false positives is - maybe I have nerves of steel, but it wasn't some soul-crushing disaster that I had to google "BC.Gif.Exploit.Agent" Thank you for the rec!
Took your rec and...yeah. The setup wasn't super easy! I'm putting the step I had to take in another reply so it's easier to search.Termy wrote: ⤴Mon Jan 24, 2022 1:57 pmI've had a mostly good experience with ClamAV. It broke for a while, ages ago, because the database refused to update properly, so I wrote a script which manually updated it. That's about the only real issue I've had with it over the years.SaberClassMor wrote: ⤴Mon Jan 24, 2022 10:32 am I saw that Clam had bad ratings on the Software Centre as just not working so I skipped it. Do you have a better experience?
I imagine people don't like ClamAV because of false positives, but they exist in other anti-virus software too, so it's not like ClamAV is uniquely terrible in that regard. Another thing people might not like about it, are the defaults, but ClamAV has a lot of options to choose from, which you can see if you check out it's man page. The last thing which comes to mind for why people might not like it, is that they tried scanning immediately after installing it, but didn't bother waiting for the actual database to be downloaded.
Then again, maybe a lot of people just hate it because it's anti-virus, since Linux is ... well, Linux. I needn't expand on that.
I'm not sure what the anguish over false positives is - maybe I have nerves of steel, but it wasn't some soul-crushing disaster that I had to google "BC.Gif.Exploit.Agent" Thank you for the rec!