Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Wouldn't it be possible to create a virus for Linux
Wouldn't it be possible to create a virus for Linux
Wouldn't it be fairly easy too? For example, you drift onto a website by accident and you download a file without your knowing.
This file runs in the background with no root permissions. What if this file monitors what your doing. One night, you decide to install some new packages and you enter your root password. Bam, that file that you had no clue you downloaded knows your password and then downloads more files to infect your system.
Just a hypothetical question. More curious than anything.
This file runs in the background with no root permissions. What if this file monitors what your doing. One night, you decide to install some new packages and you enter your root password. Bam, that file that you had no clue you downloaded knows your password and then downloads more files to infect your system.
Just a hypothetical question. More curious than anything.
Re: Wouldn't it be possible to create a virus for Linux
LOL... I am not getting dragged into this again. (See here: http://forums.debian.net/viewtopic.php?f=3&t=78078)
The answer to your question is: both yes and no.
Yes in the sense that, given the right set of circumstances, an exploit like the one you've outlined is, at least in principle, entirely possible. Given the really "right" set of circumstances, it might even be easy.
No in the sense that "the right set of circumstances" generally involves either (a) a kernel bug or (b) a system that is not being properly administered/secured (including all manners of ID-10-T errors). Such circumstances also almost invariably involve exploiting some bug/feature/functionality in X.
But the next time you see some numbnut ask "How do I allow root login via the DM?" (or auto-login as root, or some such similar), you'll know why they are forcefully discouraged from even considering the possibility. (Even--or especially!--if they say something like "I understand the risks." By definition, no one who genuinely comprehends the risk of routine use of X by root would ever think about doing so. The mere act of asking the question pretty much guarantees that the poster doesn't have Clue One about the associated risks.)
The answer to your question is: both yes and no.
Yes in the sense that, given the right set of circumstances, an exploit like the one you've outlined is, at least in principle, entirely possible. Given the really "right" set of circumstances, it might even be easy.
No in the sense that "the right set of circumstances" generally involves either (a) a kernel bug or (b) a system that is not being properly administered/secured (including all manners of ID-10-T errors). Such circumstances also almost invariably involve exploiting some bug/feature/functionality in X.
But the next time you see some numbnut ask "How do I allow root login via the DM?" (or auto-login as root, or some such similar), you'll know why they are forcefully discouraged from even considering the possibility. (Even--or especially!--if they say something like "I understand the risks." By definition, no one who genuinely comprehends the risk of routine use of X by root would ever think about doing so. The mere act of asking the question pretty much guarantees that the poster doesn't have Clue One about the associated risks.)
Re: Wouldn't it be possible to create a virus for Linux
I think, it's quite possible, only tricky.
Howto
Howto
- craigevil
- Posts: 5391
- Joined: 2006-09-17 03:17
- Location: heaven
- Has thanked: 28 times
- Been thanked: 39 times
Re: Wouldn't it be possible to create a virus for Linux
Malware hidden on Gnome-Look , this is a from a couple yrs back
http://www.omgubuntu.co.uk/2009/12/malw ... nome-look/
So yes it is possible.
http://www.omgubuntu.co.uk/2009/12/malw ... nome-look/
So yes it is possible.
Raspberry PI 400 Distro: Raspberry Pi OS Base: Debian Sid Kernel: 5.15.69-v8+ aarch64 DE: MATE Ram 4GB
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
-
- Posts: 15
- Joined: 2012-04-10 22:30
Re: Wouldn't it be possible to create a virus for Linux
The Linux security model is different than the Windows security model, malware exists in the linux world. For the home desktop user, java, flash and the browser will be the entry points, you can surf the web while 2 out of 3 are not installed, but you won't be able to watch Youtube videos.
HTML 5 Video would be nice if just to stop flash attack vectors.
Blackhole Exploit pack has drive-by code for Linux via java exploits.
HTML 5 Video would be nice if just to stop flash attack vectors.
Blackhole Exploit pack has drive-by code for Linux via java exploits.
http://blog.eset.com/2012/03/30/blackho ... nd-carberpThis week Blackhole has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/Exploit.CVE-2012-0507. Earlier this week information was published about the Blackhole update by French malware researcher Xylitol and last week Microsoft shared information about an interesting way of breaching the JRE (Java Runtime Environment) sandbox.
The first information about a working exploit for CVE-2012-0507 was released by the company Immunity with reference to the 7.03.2012 product update of Immunity CANVAS Modules. The first In-the-Wild detections were recognized during the week beginning on March 12, 2012. The CVE-2012-0507 vulnerability was remediated on February 15 as part of a critical patch update advisory. Today a public module for Metasploit Framework was released, working on a range of platforms: Windows, Linux, Solaris and OSX. The Metasploit module for exploitation of CVE-2012-0507 looks the same as the exploit version seen in the updated Blackhole version.
Re: Wouldn't it be possible to create a virus for Linux
+1 with a bullet. I've been saying for some time that the future of malware lies in platform-independent delivery, driven by widespread deployment of mobile devices. (Let's face it, a "smartphone" is really a computer, which happens quite incidentally to be able to make and receive phone calls.)FortuneCookie wrote:...java, flash and the browser will be the entry points
Re: Wouldn't it be possible to create a virus for Linux
Not watch YouTube videos? Yes you can! Just install Minitube - that doesn't require flash.FortuneCookie wrote:The Linux security model is different than the Windows security model, malware exists in the linux world. For the home desktop user, java, flash and the browser will be the entry points, you can surf the web while 2 out of 3 are not installed, but you won't be able to watch Youtube videos.
HTML 5 Video would be nice if just to stop flash attack vectors.
DebianStable
Code: Select all
$ vrms
No non-free or contrib packages installed on debian! rms would be proud.
Re: Wouldn't it be possible to create a virus for Linux
This just in...
Zero-day exploit discovered in wicd. https://bugs.launchpad.net/wicd/+bug/979221
(And yes, it affects Debian.)
Zero-day exploit discovered in wicd. https://bugs.launchpad.net/wicd/+bug/979221
(And yes, it affects Debian.)
Re: Wouldn't it be possible to create a virus for Linux
Its not possible. Its a certainty. It has happened. It will happen again and again and again and again.
Re: Wouldn't it be possible to create a virus for Linux
No amount of tin foil will help if PEBKAC.
Q: Why is the Eunux kernel so bloated?
A: It was made in the image of its founder.
A: It was made in the image of its founder.
Re: Wouldn't it be possible to create a virus for Linux
Its great for that. The low usage numbers is our best defence. There is little reason for attackers to target us because were such a tiny market share compared to Windows and MAC installs. Linux does everything generally better than those with few exceptions.emma157 wrote:thanks for sharing this here. i just need to know if it is good to use linux for my personal comp.
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: Wouldn't it be possible to create a virus for Linux
Here's a backported Wicd 1.7.2 for Squeeze sourced from Sid: http://ubuntuone.com/6aVxJM7GJOw0ZMJOOJHaz4
For those who wisely don't trust just any package on a forum post, the sources are also available. The only files I changed in the source were debian/changelog, control, and rules. You can verify the differences and use the Debian orig.tar.gz file from packages.debian.org to build your own packages, to be sure you are not getting malicious source. Since this is a Python program, it builds into packages very quickly.
For those that use the GTK GUI, the critical packages are python-wicd, wicd-daemon, and wicd. Users of wicd-kde as a GUI ( I have built that) just need to upgrade the first two.
For those who wisely don't trust just any package on a forum post, the sources are also available. The only files I changed in the source were debian/changelog, control, and rules. You can verify the differences and use the Debian orig.tar.gz file from packages.debian.org to build your own packages, to be sure you are not getting malicious source. Since this is a Python program, it builds into packages very quickly.
For those that use the GTK GUI, the critical packages are python-wicd, wicd-daemon, and wicd. Users of wicd-kde as a GUI ( I have built that) just need to upgrade the first two.
MX Linux packager and developer
Re: Wouldn't it be possible to create a virus for Linux
I'm glad someone noticed the reference to Wicd.
Thanks for taking time to address the issue. The Debian community owes you yet another debt of gratitude.
Thanks for taking time to address the issue. The Debian community owes you yet another debt of gratitude.
- sunrat
- Administrator
- Posts: 6414
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 116 times
- Been thanked: 462 times
Re: Wouldn't it be possible to create a virus for Linux
Holy necrobump, Batman! This thread is over 9 years old.KellyKa wrote:Unfortunately, viruses for Linux do exist.
...
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: Wouldn't it be possible to create a virus for Linux
You're looking for viruses in a wrong place -> it's all about categorizing the viruses by their impact on our reality.KellyKa wrote:Nowadays, the main target of cybercriminals is data: passwords, bank card data, keys to cryptocurrency wallets, and other personal information.
The most dangerous virus I've ever heard of was created by Boeing, implemented as a hidden functionality in flight control software in their aeroplanes -> it have killed hundreds of people (passengers) by crashing the aeroplanes, and no single member of that "hacker team" have landed in jail -> this is a virus number one, and the most dangerous hacker team in the world.
All other viruses are looking like a joke when compared with that one.
Viruses stealing the user data are the next most widely spread type: the leaders in developing such viruses are: Microshit, Google and Facepalm: their viruses are easily bypassing all the firewalls and anti-virus software, because they are attacking human brains -> such infected humans are behaving like a zombie -> they'll rather chop their hands with an axe before they would resign from using spying, data-collecting and censoring software made by those companies -> a viruses which are using human stupidity as a part of the code.
Regards.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
Re: Wouldn't it be possible to create a virus for Linux
Is that a computer virus, or a software bug? A computer virus replicates itself, a computer bug does not.LE_746F6D617A7A69 wrote: The most dangerous virus I've ever heard of was created by Boeing, implemented as a hidden functionality in flight control software in their aeroplanes -> it have killed hundreds of people (passengers) by crashing the aeroplanes, and no single member of that "hacker team" have landed in jail -> this is a virus number one, and the most dangerous hacker team in the world.
Again, the software to which you refer from Microsoft, Google, and Facebook, may be malicious, but it does not replicate itself. Replication is key quality in the definition of a virus, both software and biological.LE_746F6D617A7A69 wrote: Viruses stealing the user data are the next most widely spread type: the leaders in developing such viruses are: Microshit, Google and Facepalm: their viruses are easily bypassing all the firewalls and anti-virus software, because they are attacking human brains -> such infected humans are behaving like a zombie -> they'll rather chop their hands with an axe before they would resign from using spying, data-collecting and censoring software made by those companies -> a viruses which are using human stupidity as a part of the code.
There have been virus programs written for Linux long before the original poster started this thread in 2012.
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: Wouldn't it be possible to create a virus for Linux
Software bug means an unexpected behaviour which is NOT intentionally implemented -> Boeing have intentionally implemented a hidden functionality which have killed hundreds of people -> the only reason for doing this was simply a greed (their aeroplanes are faulty by design, and they tried to save the money by "fixing" hardware design problem with a hidden software functionality).RU55EL wrote:Is that a computer virus, or a software bug? A computer virus replicates itself, a computer bug does not.LE_746F6D617A7A69 wrote: The most dangerous virus I've ever heard of was created by Boeing, implemented as a hidden functionality in flight control software in their aeroplanes -> it have killed hundreds of people (passengers) by crashing the aeroplanes, and no single member of that "hacker team" have landed in jail -> this is a virus number one, and the most dangerous hacker team in the world.
I disagree.RU55EL wrote:LE_746F6D617A7A69 wrote:Again, the software to which you refer from Microsoft, Google, and Facebook, may be malicious, but it does not replicate itself. Replication is key quality in the definition of a virus, both software and biological.LE_746F6D617A7A69 wrote: Viruses stealing the user data are the next most widely spread type: the leaders in developing such viruses are: Microshit, Google and Facepalm: their viruses are easily bypassing all the firewalls and anti-virus software, because they are attacking human brains -> such infected humans are behaving like a zombie -> they'll rather chop their hands with an axe before they would resign from using spying, data-collecting and censoring software made by those companies -> a viruses which are using human stupidity as a part of the code.
Replication may be significant for biological virus, but not necessarily for software virus, where replication may not be desired -> once You have infected the target system, You may not want to tell that fact to the rest of the world -> it depends on what system You have infected, and what are Your targets.
A computer virus has at least one of the following properties:
1. Its presence is unknown to the owner of the system (f.e.: unwanted software)
2. It performs actions that are not controlled/wanted by the owner of the system.
Replication is needed basically in a single scenario:
- to create a botnet, which can perform a DOS attacks or which can be used as a distributed computing system, like a password cracker or a bitcoin miner
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: Wouldn't it be possible to create a virus for Linux
You don't get to make up your own definition of something as well established as "computer virus". Replication was in the definition from the very beginning, brought over from definition of biological viruses. (disregarding whether bio-viruses are actually life or not--they are in the fuzzy border zones. Reality is fuzzy and fluid, not black and white.)
Do you have an reliable citation for Boeing intentionally embedding actual murderware in their flight software? (Alex Jones does not count)
Do you have an reliable citation for Boeing intentionally embedding actual murderware in their flight software? (Alex Jones does not count)
MX Linux packager and developer
Re: Wouldn't it be possible to create a virus for Linux
I understand that you disagree with the common definition, but it is the common definition, none the less.LE_746F6D617A7A69 wrote:I disagree.
Replication may be significant for biological virus, but not necessarily for software virus, where replication may not be desired -> once You have infected the target system, You may not want to tell that fact to the rest of the world -> it depends on what system You have infected, and what are Your targets.
A computer virus has at least one of the following properties:
1. Its presence is unknown to the owner of the system (f.e.: unwanted software)
2. It performs actions that are not controlled/wanted by the owner of the system.
Replication is needed basically in a single scenario:
- to create a botnet, which can perform a DOS attacks or which can be used as a distributed computing system, like a password cracker or a bitcoin miner
The common definition of a computer virus states that it has at least one property: replication.Wikipedia wrote: A computer virus[1] is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.[2][3] If this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
So, if the software function that killed hundreds of people was not unexpected behavior, Boeing intentionally sabotaged their own plane with the intention of making it crash? And you attribute this to greed? (These questions are rhetorical.) That would be very counter productive to their profit margin. Just look at the financial result!LE_746F6D617A7A69 wrote: Software bug means an unexpected behaviour which is NOT intentionally implemented -> Boeing have intentionally implemented a hidden functionality which have killed hundreds of people -> the only reason for doing this was simply a greed (their aeroplanes are faulty by design, and they tried to save the money by "fixing" hardware design problem with a hidden software functionality).
In any case, I am going to have to agree to disagree with you. You are untitled to you opinion and I am untitled to mine.
-
- Global Moderator
- Posts: 2639
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 192 times
Re: Wouldn't it be possible to create a virus for Linux
Actually this is ignorant, and stupid.LE_746F6D617A7A69 wrote:Boeing have intentionally implemented a hidden functionality
The system as designed had multiple redundant inputs. The system as sold did not. No 'software engineer' intention (ie. conscious motive) made it past the sign off. The customers pressured the sales people for a simpler cheaper option, management signed off. There is no intention of failure anywhere.
To the OP point, when linux has a majority share of targets the virus's will be released that evening.