Is the safety of linux from viruses & malwares deprecated... I just found this

Chat about Linux in general
Post Reply

User avatar
xenopeek
Level 24
Level 24
Posts: 24136
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by xenopeek » Fri May 31, 2019 3:44 am

From the analysis in the actual publication https://www.intezer.com/blog-hiddenwasp ... x-systems/ I surmise the malware can only install itself when the bash deployment script has root. There's no mention of the deployment script using privilege escalation to gain root. It does describe that it may be likely the malware is intended for systems that have already been compromised by the same group.

A red flag would be if you have a ld.so file on your system in which the string /etc/ld.so.preload isn't found. So, from that this command would check for that I think:
grep -Ls /etc/ld.so.preload /lib{,64}/{,*/}ld-*
It should not return anything. If it does return something, you may have an issue. Other red flag would be existence of sftp user that has login. You can check for that:
grep sftp /etc/passwd

Unclear to me whether the malware can hide itself from above checks on a running system.
Image

rambo919
Level 4
Level 4
Posts: 228
Joined: Wed May 22, 2013 3:11 pm

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by rambo919 » Fri May 31, 2019 5:59 am

Never underestimate the gullibility of even experienced users, malware can easily slip in under the guise of technical help that looks legit.

Hoser Rob
Level 15
Level 15
Posts: 5605
Joined: Sat Dec 15, 2012 8:57 am

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by Hoser Rob » Fri May 31, 2019 8:41 am

Linux doesn't have a virus problem but it's never been malware free.

User avatar
Portreve
Level 8
Level 8
Posts: 2143
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by Portreve » Fri May 31, 2019 9:56 am

Some thoughts from the cheap seats...

Viruses in the classical sense don't seem to be anywhere near as commonly produced these days as they were circa the late 1980s through the late 1990s/early 2000s. It's been a progressive thing where what's created are system design exploitation "programs", and network based "malware" particularly with the rise of the so-called "script kiddie" generation.

GNU+Linux had always been at least somewhat harder of a nut to crack for authors of this sort of software for several reasons, not least of which are system architecture, the fact that, as demographics go, there's a much higher percentage of coders in the GNU+Linux world than the Apple II, Atari ST, Commodore, Amiga, Mac OS X, MS-DOS, or Windows 1.x -> 10 worlds, and the fact that, as things have come down the pike for other extant platforms, there's been a decent amount of lead time for the coders here to fix things so that by the time someone might get around to writing a "port" of something for GNU+Linux, it wouldn't have worked anyhow.

None of this is to say GNU+Linux is impervious or immune. It isn't. I simply take comfort in the knowledge we have a lot more eyeballs looking at the code, and a lot more brainpower available at large for us, than any proprietary OS platform maker can afford for themselves.
Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

Xi does look like Winnie the Pooh. FTCG.

ZakGordon
Level 4
Level 4
Posts: 346
Joined: Thu Feb 12, 2015 11:07 am

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by ZakGordon » Fri May 31, 2019 10:33 am

Arstechnica has an article too:

https://arstechnica.com/information-tec ... detection/

Sounds nasty.
Laptop overheating issues? Check links below:
TLP
itsfoss guide
If none of the above fixes the issue, moving from Cinnamon to XFCE will give around -5 to -10 degrees C improvements.

User avatar
Portreve
Level 8
Level 8
Posts: 2143
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by Portreve » Fri May 31, 2019 11:37 am

So, I've some questions for xenopeek, gm10, Pjotr, and any other OS contributors here...

What is required for such a thing as a rootkit to be able to be written? Is it possible to design a system such that it isn't possible* to design a rootkit for it?

(What I mean by "possible" is not in the sense of defending against it, but in the sense that, if I don't possess a piano, it is impossible to steal one from me.)

Given that (I presume) none of this stuff works without getting sufficient privileges on the box, might there be a way to initially intercept the attempt to gain higher privileges and either guard against that, or if the way it goes about this is a normal path and blocking it would undesirably block everything, might there be a way, kind of like how we already get prompted to give escalated privileges, or a (non-irritating, more intelligent and thoughtful) way like how Windows Vista and 7 would prompt that escalated privileges are required for this task, and "do you the user even know this is being attempted/did you actually initiate this"?

I have no independent knowledge of how things are designed to work under the hood, I'm not a coder, and so I'm asking because I want to be educated. I honestly have no personal opinion on this one way or the other.
Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

Xi does look like Winnie the Pooh. FTCG.

User avatar
xenopeek
Level 24
Level 24
Posts: 24136
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by xenopeek » Fri May 31, 2019 11:44 am

That's the same thing on Linux; you're prompted to authorize actions that require elevated privileges with your password. Don't run unknown or untrusted scripts as root (with sudo). You can also set up a secondary user account that isn't an administrator so that when logged in to that account you can't authorize actions that require elevated privileges.
Image

gm10
Level 19
Level 19
Posts: 9784
Joined: Thu Jun 21, 2018 5:11 pm

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by gm10 » Fri May 31, 2019 11:55 am

xenopeek wrote:
Fri May 31, 2019 11:44 am
You can also set up a secondary user account that isn't an administrator so that when logged in to that account you can't authorize actions that require elevated privileges.
Actually same as on Windows, if you do that then the graphical PolicyKit authorization will automatically prompt you for the password from the administrator account.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

User avatar
Portreve
Level 8
Level 8
Posts: 2143
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by Portreve » Fri May 31, 2019 12:02 pm

[This post is a wholly separate thought from my immediately preceding one.]

I only authorize privilege escalation for things I know I've initiated (software installation or updates, installing HP's plug-in for my printer, etc.) and so it would stand out to me if I were suddenly and out of the blue prompted for an escalation. It's a sad but true fact that one cannot guard against the willful stupidity and lack of interest or curiosity of others. This can be taken in many different contexts. :wink:
Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

Xi does look like Winnie the Pooh. FTCG.

User avatar
Pjotr
Level 21
Level 21
Posts: 13751
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by Pjotr » Fri May 31, 2019 12:02 pm

xenopeek wrote:
Fri May 31, 2019 11:44 am
Don't run unknown or untrusted scripts as root (with sudo).
+1

The most dangerous virus, and in desktop Linux indeed the only dangerous virus, exists between keyboard and chair. :mrgreen:
Tip: 10 things to do after installing Linux Mint 19.2 Tina
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
Portreve
Level 8
Level 8
Posts: 2143
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by Portreve » Fri May 31, 2019 12:08 pm

Pjotr wrote:
Fri May 31, 2019 12:02 pm
The most dangerous virus, and in desktop Linux indeed the only dangerous virus, exists between keyboard and chair. :mrgreen:
*hands Pjotr a beer*
Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

Xi does look like Winnie the Pooh. FTCG.

User avatar
Pjotr
Level 21
Level 21
Posts: 13751
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is the safety of linux from viruses & malwares deprecated... I just found this

Post by Pjotr » Fri May 31, 2019 12:14 pm

Portreve wrote:
Fri May 31, 2019 12:08 pm
Pjotr wrote:
Fri May 31, 2019 12:02 pm
The most dangerous virus, and in desktop Linux indeed the only dangerous virus, exists between keyboard and chair. :mrgreen:
*hands Pjotr a beer*
Thanks. Cheers!
Image
Tip: 10 things to do after installing Linux Mint 19.2 Tina
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

Post Reply

Return to “Chat about Linux”