Linux vulnerability

Like Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system. Shane Coursen, a senior technical consultant with Kaspersky Lab, claims, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."

However, this view is not universal. Rick Moen, an experienced Linux system administrator, says "[That argument] ignores Unix's dominance in a number of non-desktop specialties, including Web servers and scientific workstations. A virus/trojan/worm author who successfully targeted specifically Apache httpd Linux/x86 Web servers would both have an extremely target-rich environment and instantly earn lasting fame, and yet it doesn't happen."

One may still wish to run a linux-based anti-virus software to scan insecure documents and email which comes over from the windows world. SecurityFocus's Scott Granneman stated,

...some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users."

Because they are predominantly used on mail servers which may send mail to computers running other operating systems, Linux virus scanners generally use definitions for, and scan for, all known viruses for all computer platforms. For example the open source ClamAV "Detects ... viruses, worms and trojans, including Microsoft Office macro viruses, mobile malware, and other threats."

Viruses and trojan horses

The viruses listed below pose a potential, although minimal, threat to Linux systems. If an infected binary containing one of the viruses were run, the system would be infected. The infection level would depend on which user with what privileges ran the binary. A binary run under the root account would be able to infect the entire system. Privilege escalation vulnerabilities may permit malware running under a limited account to infect the entire system.

It is worth noting that this is true for any malicious program that is run without special steps taken to limit its privileges. It is trivial to add a code snippet to any program that a user may download and let this additional code download a modified login server, an open mail relay or similar and make this additional component run any time the user logs in. No special malware writing skills are needed for this. Special skill may be needed for tricking the user to run the (trojan) program in the first place.

The use of software repositoris significantly reduces any threat of installation of malware, as the software repositories are checked by maintainers, who try to ensure that their repository is malware-free. Subsequently, to ensure safe distribution of the software, md5 checksums are made available. These make it possible to reveal modified versions that may have been introduced by e.g. hijacking of communications using a man-in-the-middle attack or via a redirection attack such as ARP or DNS poisoning. Careful use of these digital signatures provides an additional line of defense, which limits the scope of attacks to include only the original authors, package and release maintainers and possibly others with suitable administrative access, depending on how the keys and checksums are handled.

Vulnerability to trojan horses and viruses results from users willing to run code from sources that should not be trusted and to some extent about distributions not by default checking the authenticity of software downloaded while a system was the target of an attack.

Worms and targeted attacks

The classical threat to Unix-like systems is vulnerabilities in network daemons, such as ssh and WWW servers. These can be used by worms or for attacks against specific targets. As servers are patched quite quickly when a vulnerability is found, there have been only a few widespread worms of this kind. As specific targets can be attacked through a vulnerability that is not publicly known there is no guarantee that a certain installation is secure. Also servers without such vulnerabilities can be successfully attacked through weak passwords.

WWW scripts

Linux servers may also be used by malware without any attack against the system itself, where e.g. WWW content and scripts are insufficiently restricted or checked and used by malware to attack visitors. Typically a CGI script (meant for leaving comments) by mistake allows inclusion of code exploiting vulnerabilities in the browser.

Cross-platform viruses

A new area of concern identified in 2007 is that of cross-platform viruses, driven by the popularity of cross-platform applications. This was brought to the forefront of malware awareness by the distribution of an Openoffice.org virus called Bad Bunny.

Stuart Smith of Symatec wrote the following:

"What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plug-ins, ActiveX, etc, can be abused. All too often, this is forgotten in the pursuit to match features with another vendor... [T]he ability for malware to survive in a cross-platform, cross-application environment has particular relevance as more and more malware is pushed out via Web sites. How long until someone uses something like this to drop a JavaScript infector on a Web server, regardless of platform?"

Social engineering

Linux is as vulnerable to malware that tricks the user into installing it through social engineering as other operating systems. In December 2009 a malicious waterfall screensaver was discovered that contained a script that used the infected Linux PC in denial-of-sevice attacks.

To aid the fight against computer viruses and other types of malicious software, many security advisory organizations and developers of anti-virus software compile and publish lists of viruses.

The compilation of a unified list of viruses is made difficult because of naming. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. As the developers of anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names denote the same virus.

Another source of ambiguity in names is that sometimes a virus initially identified as a completely new virus is found to be a variation of an earlier known virus, in which cases, it is often renamed. For example, the second variation of the Sobig worm was initially called "Palyh" but later renamed "Sobig.b". Again, depending on how quickly this happens, the old name may persist.

This list is incomplete; you can help by expanding it.

Name	Alias(es)	Type	Subtype	Isolation Date	Isolation	Origin	Author	Notes
A and A		MS-DOS Windows 95, Windows 98		unknown			unknown
A-403		MS-DOS Windows 95, Windows 98		1998			unknown
Abraxas		MS-DOS Windows 95, Windows 98		April 1993			unknown	Infects COM file. Disk directory listing will be set to the system date and time when infection occurred.
Acid		MS-DOS Windows 95, Windows 98		1992			Corp-$MZU	Infects COM file. Disk directory listing will not be altered.
Acme								Upon executing infected EXE, this infects another EXE in current directory by making a hidden COM file with same base name.
ABC
Actifed
Ada
Agena
AGI-Plan
Ah
AI
AIDS
AIDS II
AirCop	Air cop-B	MS-DOS		Jan 1990
Ajax
Alabama
Albanet
Alcon
Alien
Ambulance
Amstrad
Ancient
Andre
Andre2
Andromeda
Angelina
Anna
Anna Kournikova		Email VBScript					Jan de Wit
Anninja
ANT
Ant-Cow
Anthrax - Boot
Anthrax - File
ANTI				2-1989				Does not spread under MultiFinder.
AntiCMOS
Anti-D
Anti-Daf
Anti-MIT
Anti-Pascal II
Anti-Pascal
Anti-Tel
Anti-Telefonica
Arab
Aragon
Aragorn
ARCV-n
Argentina
Arka
Arma
Armagedon The Greek
Armagedon
Arriba
Arusiek
ASC
Ash
ASP-472
Astra
AT 144
AT 149
Atas
Atas3321
Atas-400
Atom
Atomic1A
Atomic1b
Atomic2A
Atomic2b
Atte-629
August 16
AusPar
Australian
Azusa
B Ugly
B3
B-52
BA101
Back Time
Bacros
Bad Boy
Bad Brains
Bad Command
Bad Guy
Bad Sectors 1.2
Bad-389
Bak
Bamestra
Banana
Bandit
Baobab 731
Barcelona
Barrotes 2
Barrotes
Basil
Bat
Beach
Beaches
Beast
BeBe
Beeper
Beer
Benoit
Real PvP Flava
Berlin
Best Wishes
Beta
Beva-32
Beva-33
Beva-96
Beware
BFD
Big 2000
Bit Addict
Black Knight				Blackworm
Black Monday
Blackjack
Black Pegasus
Blaze
Bljec
Blood Lust
Blood Rage
Blood
Blood-2
Bob
Bomber
Boot Killer
Bounce (computer virus)
Bouncing Dot
Bow
Boys
Brainy
BrO_AcT		Windows XP						This virus will block most anti-virus programs and disable 'regedit', 'msconfig', and 'task manager'
Brotherhood
Brothers
Browser
Bryansk
Bubbles 2
Bubbles
Bubonic
Budo
Burger
Burghofer
Busted
Butterfly
Butthole
Byte Bandit		Amiga, Bootsector virus		January 1988			Swiss Cracking Association
Byte Warrior		Amiga, Boot sector virus
(c)Brain	Pakistani flu,			January 1986		Lahore, Pakistan	Basit and Amjad Farooq Alvi	Considered to be the first computer virus for the PC
C
Cabanas
Caco-Daemon
CAD Kill
C-A-D
Cannabis
Cansu
Capital
Cara
Caribe
Carioca
CaroEvil
Cartuja
Casc1621
Casc-2
Cascade
Casino
Casper
Casteggio
Catman
Catphish
Caz
CB-1530
CD
CDEF				8-1990
CDFL Mac
CD-10
Century
Cerburus
CFSK
Chad
Chang
Chaos
Chaser
Chasna
Chcc
Cheeba
Cheesy
Chemist
Chemnitz
Chernobyl
Chile Mediera
Chinese Blood
Chr-869
Chrisj13
Christmas Tree
Christmas Violator
CIH
Cinderella
Civil Service
Civil War II
Civil War III
Civil War IV
Civil War V
Civil War
CkSum
Clagger
Clint
Clonewar 2
Clonewar
Clust
Coahuila
CODE 1				11-1993				Renames the hard drive to "Trent Saburo" on any October 31st.
CODE 252				4-1992
Code Zero
Coffee Shop
Collor de Mello
Color
Com16850
Com2S
Comdex
Commentator
Commwarrior								most common mobile phone virus for nokia mobile phones, transmits via bluetooth wireless.
Como
Compiler2
Comspec
Conficker
Cop-Mpl
Copyright
Copyr-ug
Coruna
Coruna3
Cossiga No Grazie
Cossiga
Costeau
CPXK
Cracker Jack
Cracky
Crash
Crasher
Crazy Eddie
Crazy Imp
CrazyI B
CRF
Cross Over
Crystal
CSL
CV4
D1
DKid
Dada
Damage
Danny
Dark Apocalypse
Dark Avenger
Dark End
DataLock
Datos
Davis
D-Day
Death
Deathead
Deceide 2
Dedicated
Deicide
Demolition
Demon
Den Zuk
Dennis
Deranged
Diablo
Dial
Dima
Disk Killer
Dismember
Dodgy 1024
Dodo 2456
Dodo
Doodle
Dorn
Dose-A
Druid
Dudley
Dutch Tiny
Dutch Earthday Eclypse ECV Ed Edcl EDV Egg Egg is a computer virus that affects the COM. and EXE files. Eggdrop Ein Volk Einstein Ekoterror E1ectr0n Eliza DOS Dec 1991 Elk Cloner Apple II Rich Skrenta The first virus observed "in the wild" Elvirus Elvira EMF 625 EMF Emmie EMO Empire End-of Enemy Enigma Enola Error 412 virus Error Essex Estepa ETC Europe-92 Evil Genius Exper416 Explode Exploration Exterminator Eziarch Family Q Farcus Father Christmas Faust Fax Free Fear Feist Fellowship Fich Fich897 Filedate Filename Filler Fingers Finn-357 Fish 1100 Fish 2 Fish 2420 Fish Boot Fish Flagyll Flash Flex Flip Flower Flu-2 Fly11 Fone Sex Fotomoto Forger2 Form Frajer Francois Frankie Macintosh emulator Targeted pirated versions of the Aladdin emulator. Fratricide Free Frere Jacques Fri13-nz Friday 13th COM Friday 13th Friday the 13th - Version A Frodo Soft Frodo-458 Frogs Fu Manchu Fune Futhark Fvhs-a Fvhs-B F-Word paul eduard G Galicia Ganeu Gedza Geek Gergana Germ Get Password 1 Ghost Boot Ghost COM Ghost Dos-62 Gijon Gliss Goblin Gomb Gorlovka Gotch 4 Gotcha 1 Gotcha 2 Gotcha 3 Gotcha 9e Gotcha Created from original identity 'Gotchix' Spread on Facebook through 'add friend' linkage Got-you Grapje Graveyard Graybird (Backdoor Graybird, Backdoor Graybird P) Green Grog31 Groovy Growing Block Grue Grunt Grunt-3 Guppy H-2 H-457 HA Happy virus Hack-83 HACKER Hacktic Hafen Haifa Hallo Halloechen Halloween Hammer Happy N. Y. Happy Hara Harakiri Hare MS-DOS Windows 95, Windows 98 August 1996 Unknown Famous for press coverage which blew its destructiveness out of proportion Harm Hary Hastings Hate HBT Heevahava Hello Hellween 1182 Hellween Here Hero Hero-394 Hi Hidrag Highland Hiperion Hitchcock Hitler Holland Girl Holo/Holocaust Holiday Horror Horse Boot Horse HS Huge Hungarian Hybrid Hymn IB Demonic I-B Ice 9 ICE9-159 ICE9-199 ICE9-224 Ice9-250 Icelandic II Icelandic Icelandic-3 IDF Idle Ieronim IKV528 Ill ILOVEYOU Incom Infinity INIT 17 4-1993 INIT 29 1988 INIT 1984 13-3-1992 Malicious, triggered on Friday the 13th. INIT 9403 SysX 3-1994 Very destructive, destroys all data. Found only on Italian systems so far. INIT-M 4-1993 Malicious, triggered on Friday the 13th. Inofensivo Inrud-B Internal Intruder Invader Invisible Man Invitation Invol IOU Iranian Iraqi Warrior IT IVP EX1 IVP EX2 IVP Japan Jeefo Jeff Jerk Jeru-1663 Jerusalem Joanna Jobbie John JoJo Joke Joker Joker-1602 Joker3 Jos Joshi Joshua July 13th July 26 June 16th June1530 Junky Justice Kamasutra Kak worm killerjeff.exe L1 Infects .COM files. Affects the computers runtime operation and corrupts data files. Label h1n1 Lamer Exterminator Amiga, Boot sector virus October 1989 Germany Random encryption, fills random sector with "LAMER" Lanc Lanc5476 Lanc5882 Larry Lazy LCV Leapfrog Leech Lehigh Leper AOD Leprosy Infects COM.And EXE. Files after its visual payload on DOS Les Lib1172 Liberty Liquid Code - 2 Liquid Code Lisbon Little Brother Little Girl Little Pieces Little LixoNuke Loa Duong LockJaw Lockz LPT-OFF Lycee Macedonia MacMag Drew, Bradow, Aldus, Peace 12-1987 Magnitogorski 3 Magnum Malage Malaise Malign Malmsey Habitat v3.b Malmsey2 Malmsey Maltese Amoeba Mannequin Manola Manta Marauder Mardi Bros . Marijuana Mark II Marzia Math Test Matura Mayak Mazor Trojan worm/virus 2-2008 infects .exe files MBDF 2-1992 MCWH1022 McWhale MDEF Garfield, Top Cat 5-1990 Meditation MegM Melissa 1999 part macro virus and part worm Memory Lapse MG Michelangelo April 1991 New Zealand Ran March 6 (Michelangelo's birthday) Michelangelo II Mindless Mini Mini-125 Mini-132 Mini-195 Mini-207 Minimax Minimite Minsk-GH Mir Mirror Missouri Mix2 Moctezuma Monika Monkey Mono Monxla Monxla-B More Mosquito Mozkin Mr. G Mr. Vir MS Antivirus Msk Mudd Script Atomical Mugshot Mule Multi Multi-11 Multi-2 Mummy Munich Murphy Music Bug Mutant Mutating Interrupt Mutation Engine Mystic NAPC Nazi Natas Multipartite, stealth, polymorphic 1994 "Priest" N-Beta NCU Li Necro Necrophilia Necrosoft NED New Sunday New Zealand Vesion 1.0.0.0 New-1701 NewBug Newcom Next Generation Neznamy Night Grawler Nina Nines Compliment Ninja No Par No Wednesday Nobock NoCopy No-Int Nomenclature NOP Not-586 Nov17 NPox 2.0 NPox 2.1 Null Number 6 Number of The Beast nVIR 1987 Nygus-KL Nutty Mouse Malfunctions the mouse while putting itself to the system. Offspring Off Stealth Ohio Omt OneHalf Ontario.1024 Ontario.2048 Ontario 1990 Oropax Otto-415 Over4032 Oxana P1 P-45 P529 PA-5792 Page B Page Parite Parity B Payday PC Cyborg PC Flu PCBB11 PCBB3072 PCBB5B PCV PE2 Peach Peek Pegg Peking Penis Size Pentagon Penza Perfume Phantom Phoenix PI Pig Pikachu virus Ping-pong Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A, VeraCruz Boot sector virus Harmless to most computers PL Platinum PLO Popular Porridge Poshkill Possessed Predator Dropper Predator Pregnant Prime Evil B Prime Print Monster Print Screen Prism Prob-734 Problem Proto-T Prudents Quamo Rabbit Infects the operational memory. It's one of the fastest copying viruses and makes the computer totally unuseful. Random Rattle Raubkopi RavMonE.exe RJump.A, Rajump, Jisx Worm 2006-06-20 Once distributed in Apple iPods, but a Windows-only virus Reaper Reader_s A malware that infects a computer and damages system core files, sometimes making BSOD and disabling anti-viruses. This is a high-risk computer virus. Rebo-715 Red Cross Red Team RedX Reklama Relzfu Replicator Reset Revelation Romanian Russian Tiny S-847 Sabath vindu Sacramento Saddam Sadist Saiviur Sakora San Diego Sandra Sandwich Saratoga Satan Saturday 14th Saturday Sayha Waptpu SBC SCA Amiga, Boot sector virus November 1987 Switzerland Swiss Cracking Association Puts a message on screen. Harmless except it might destroy a legitimate non-standard boot block. Schrunch Scores Eric, Vult, NASA, San Jose Flu Spring 1988 Designed to attack two specific applications which were never released. Scott's Valley Scream 2 Screaming Fist Scribble Scroll SCT Scythe2D Sdir Secrets Selectronics Semtex Sentinel Sentinel-X Seoul Serena Sergeant SevenDust Sh Shadow Shake Shaman Shanghai Shankar's Virus W97M.Marker.o Polymorphic Virus Sam Rogers? Infects Word Documents Shatin Shiny Happy Shock Therapy Show Game Silence Silent Banker Silly Willy Silver Dollar Silver3b Simile The Mental Driller Simple 1992 Simulati Sis Sk Sk1 Skeleton Skew 469 Skism 808 Skism SkyTap Gen Slant Slayer Slovak Slow Sma-108a Small 129 Small 132B Small 146 Small 157 Small 178 Small 185 Small 187 Small Small-38 Smily Smithsonian Solano Something Snow White and the Seven Dwarfs Soupy SoftIns E-Free Music Installs anonymous software and adds insulting names to numerous applications Fileins E-Free Music Loads files on to a public server and switches user files with large corrupted files Musicins E-Free Music Adds different sound effects and alters sound volume to music download in Limewire Sov Soyun Spanish April Fool Spanish Spanz Spar Sp0rk3h Spyer SQR Squawk Squeaker Squisher SRE Staf Stahl Platte Stealth_C Boot Sector Virus Stealth_C causes the total system and available free memory, to decrease by 4,096 bytes. Steve Perillo Stoned Striker Stupid Subliminal SubZero Suicide Sunday Sunday-2 Sundevil Suriv 402 Suriv A Suriv B Surrender Susan SVC 5.0/6.0 Sverdlov SVir Swap Boot Swen - "News" spelled backwards Swiss 143 Swiss Phoenix SX Sylvia Sys Syslock/3551 saplad, roberto T-1 T4 6-1992 Included in GoMoku 2.0 and 2.1. T297 Tabulero 2 Taiwan Taiwan3 Taiwan4 Taocheng Techno Tecla Telecom Boot Telecom File Telekom Teletype Teletype-2 Tentacle Tequila Terror Tester Tigraa Poland Piotr Bania aka Lord Yup aka dis69, 29A group member Peter Ferrie's analysis TMTM TP Tremor2 TridenT Triple Shot Troi Two Tschantches T-series TU-482 Tuesday Tula Tumen V0.5 Tumen V2.0 Tumen Turbo Turkey Tver Twin Peaks Twin-351 twoneight Typo Boot Ucender Ugur Undressed Unk Uriel Uruk 300 Uruk 361 Uruk-Hai Unknown USSR USSR 1049 USSR 2144 windows extract USSR 256 USSR 257 USSR 3103 USSR 311 USSR 394 USSR-394 USSR 492 USSR 516 USSR 600 USSR 696 USSR 707 USSR 711 USSR 830 USSR 948 V1 0 V1 1 V1028 V125 V1463 V163 V1-Not V2 0 V2000 V2100 V270X V299 V2P2 V2P6 V-351 V-388 V400 V483 V5 V600 V800 V801 V82 V914 V961 VA Vacsina VCL VCL-HEEvE Vcomm VCS VDV-853 VHP VHP-2 V-Label VM VP VTS VVF-34 Venge-E Vera Cruz Victor Vienna/648 Vietnamese Violator Viper Viperizer B Viral Messiah Virdem Virflop virus-101 virus-90 Voco Vootie Voronezh Vote/Vote1000 Vriest W32.Myzor.FK@yf W13 WAVE Warbiest Terminator 2008 For Windows XP Only. Warbiest Terminator v.2.0 2009 For Windows XP and Vista. WWT Walkabout Walker Warez Warrior 2 Warrior Wazoo WDEF 12-1989 Affects only Macintosh System 6. Weak Whale Wharps WhoCares Why win Wilbur 3 Wild trojan Wild Thing A Willistrover III Willow Willow 2 WinAble 2004 Windows systems only. Disrupts system performance by displaying pop-ups. Starts only when computer is on, and slows internet performance as well. Windmill Winvir Wisconsin Wizard 3.0 Wolfman Wonder Word Atom Macro Word Color Macro Word Concept Macro Word Hot Macro Wordswap World Peace w32.myzor.FK@yf Wsnpoem X-1 X-2 X-3A X-3B X77 Xabaras Xpeh XTAC Xuxa Yale Yan2505a Yankee Yankee - 2 Yap Year 1993 Yerg Youth Yukon Z10 ZK900 ZRK ZU1 Zak2 Zaragosa Zeppelin Zero Bug Zero Time ZeroHunt ZMist ZMistfall, Zombie.Mistfall Z0mbie Zoda Zohra