• United States



by CSO Staff

Viruses on Linux Systems

Nov 08, 20022 mins

It might be mostly Microsoft, but it’s not just Microsoft. As the Slapper virus so clearly demonstrated last month, Linux is vulnerable to viruses too. And as Linux grows in popularity and general use, so will attacks dedicated to dismantling it. Here, according to Sophos antivirus (which says that about 1 percent of its virus library addresses threats to Unix and Linux) are the top three viruses for the geekier Unix and Linux platforms. (For more on this topic, see Page 59.)

Unix/SadMindType: Unix worm

Detected: May 2001

Internet worm that propagates using a buffer overrun exploit on Solaris systems. Actively seeks vulnerable machines while also scanning for Microsoft IIS Web servers to deface with an offensive message directed at the U.S. government and “PoizonBOx.” Patches are available from Microsoft’s and Sun’s websites.Linux/OSF-AType: Linux executable virus

Detected: March 2002

Linux/OSF-A will attempt to infect 200 ELF executables in the current working directory and the directory bin. The virus will avoid the file ps or any files ending in ps. If the virus is executed by a privileged user, then it will attempt to create a backdoor server on the system, allowing the attacker to gain remote control of the server.Linux/Slapper-AType: Linux worm

Detected: September 2002

Exploits a buffer overflow in SSL-enabled Apache Web servers. Once active, the worm can be used as a back door to start up a range of denial-of-service attacks. Linux/Slapper-A can customize its attack to specific versions of the Apache Web server. Sophos recommends removing, or limiting access to, the gcc compiler on production Web servers to limit Slapper’s capabilities.