Can Linux be infected by MalWare and is it a big concern? The answer to that question is both Yes and No: Yes, Linux can be Infected and No, it isn’t a big nightmare – yet.
Unless you downloaded the Unreal IRCd (Unreal IRC daemon) and installed it between November 2009 and June 2010 on your Linux server. There was a Trojan downloader in it. A Linux Trojan. See the Softpedia Article
The Trojan went undetected because no one bothered to check for viruses for a whole 7 months. A simple virus scan before installing would have revealed the Trojan. The relative security of Linux had lulled the Sysop on the Unreal IRCd website into not checking for MalWare (Viruses and Trojans). Linux users for the most part don’t scan for viruses because they believe “Linux is Immune”
For 7 months a Trojan went undiscovered in a Linux software package
Out of date knowledge can be dangerous, especially for those who “assume” that “Linux is Immune”. Just isn’t true according to the current information that is out there. I just found out about the Unreal IRCd Trojan today October 27, 2011. I’d never heard of it because I’d never looked for it. I even was aware of the fact that Linux wasn’t immune.
So I spent some time online re-checking the “facts” as I know them. Found that I was mostly correct. Made a few adjustments but also was encouraged because I’ve been scanning downloads to my Linux systems for several years. A “bad” Windows habit that turned out being wise after all.
There are two main ways a virus or Trojan infects a computer system. It’s either self or user executed.
Self executed is a virus or Trojan that uses a system security flaw, or exploit, to install itself without user interaction. Usually comes from an external source like a website or a media device like a USB FlashDrive and without your knowledge
User executed is when you install infected software (the Unreal IRCd comes to mind), execute a file by opening it or by giving permission when prompted to install it.
How big is the current Linux MalWare problem today?
I came across an Ubuntu Community Document called Linuxvirus that’s dated April 9, 2011 and lists 35 total Malwares that could infect Ubuntu Linux, a good number of which are no longer a threat. At the bottom of the page it recommends a Linux Anti-Virus solution called ClamAV that scans for MalWare for all the platforms: Windows, Linux, Macintosh and even Unix.
So if you are not setting up a Linux mail server or are someone who doesn’t indiscriminately download and install software from dubious websites you really have little to worry about. The Unreal IRCd wasn’t “dubious”, it had been hacked!
If you exchange files with Windows users you don’t also have to worry. The Windows user has to worry, though.
If you need or want a anti virus program, how much is enough?
You don’t need an active scanner, one that scans every file as it’s downloaded, opened or executed. Such programs are needed with the higher risk Microsoft Windows platforms but they are intrusive, bog down the PC and aren’t needed on Linux – yet.
All you need is a Basic manual scanner that will scan the downloads before you execute or send them to your friends who use Microsoft Windows.
The ClamAV solution from the Linuxvirus works well enough but has one disadvantage – it’s a command line operated scanner. There is a GUI interface for it but that doesn’t always work. I’ve been disapointed on more than one occasion.
I’ve discovered a simpler solution that has the advantage of being usable from both the Linux and Windows sides of a dual-boot system, has a clean GUI interface and won’t conflict with the full featured Anti-virus program on the Windows side.
ClamWin Portable. A “portable” application is one desinged to be run without being installed on your system. The programs are self-contained and are usually on a USB FlashDrive. With portable software you can use a public PC at an Internet Cafe or Library and use your webrowser with your bookmarks.
In one of the next articles I’ll show in detail how to run a Windows Anti-Virus (ClamWin Portable ) on Linux using the Wine “Not an Emulator” Emulator. It’s a clean, simple solution to the Virus and MalWare hazard that could “bite” you or your friends.
Here is ClamWin 0.97.2 running on Ubuntu Linux