If the Linux virus showed people only a concept at first, then the Lamian Noodles virus discovered by 200 1 has aroused many people's concerns. Lamian Noodles virus can spread automatically without human intervention, so it is very similar to Morris worm in 1988. It only infects servers that use anonymous FTP services in Red Hat 6.2 and 7.0 versions, and infects the system through two common vulnerabilities RPC.statd and wu-FTP.
On the surface, this is not a dangerous virus. It is easy to find and won't cause any damage to the server. But when it starts scanning, it will consume a lot of network bandwidth.
Since 1996, there are only a handful of new Linux viruses, which shows that Linux is a robust operating system with innate virus immunity. Of course, there are other reasons besides its excellent design.
First of all, early users of Linux are generally professionals. Even today, despite the surge in users, typical users are still those who have a good computer background and are willing to help others. Linux experts are more inclined to encourage novices to support this cultural spirit. Because of this, there is a tendency among Linux users to try to avoid virus infection with a safe experience. Secondly, youth is one of the reasons why Linux is rarely attacked by viruses. In fact, all operating systems (including DOS and Windows) are rarely invaded by various viruses at the beginning.
However, in March, 20001year, GIAC of SANS College in the United States found that a new worm virus targeting computers using Linux system is spreading rapidly through the Internet, which may cause serious damage to users' computer systems. This worm is named "Lion" virus, which is very similar to Lamian Noodles worm. However, this virus is more dangerous. The "Lion" virus can send some passwords and configuration files to a domain name in china.com by email. William Steen, an engineer at Dartmouth College's Institute of Security Technology, said: "After sending these files back, the attacker can re-enter the whole system through the gap at the first breakthrough. This is the difference between it and Lamian Noodles worm. In fact, Lamian Noodles virus is a kind of friendly virus, which will automatically close vulnerabilities after invading the system, but this virus leaves those vulnerabilities open and opens new ones. So if your system is infected with this virus, we can't 100% be sure that this system has the value of saving. A more reasonable choice is probably to transfer your data and reformat the hard disk. "
Once the computer is completely infected, the "lion" virus will force the computer to start searching for other victims online. The system infected with "Lion" virus is less than that infected with Lamian Noodles virus, but the losses caused are much greater than the latter.
With the infection of Klez virus on Linux platform, antivirus software vendors began to remind us that Microsoft's operating system is no longer the only system vulnerable to virus attacks. Even though users of Linux and other mainstream UNIX platforms may not be big users of Microsoft bundled application software, it is impossible to cause virus flooding through these software. Linux and UNIX still have their own unobtrusive vulnerabilities. In addition to Klez, the main threats of other Linux/UNIX platforms are: Lion.worm, OSF.8759 virus, Slapper, scalper and Linux. Svat and BoxPoison viruses, which are rarely mentioned.
The makers of viruses are hackers who are proficient in writing codes. They are far more dangerous than those hackers who change websites at will but know little about writing viruses. Hacked websites can be repaired quickly, but the virus is more hidden and will bring potential security risks. It will remain hidden until it brings irreparable damage to the system.
In addition, the more Linux systems connect LAN and WAN, the more vulnerable they are, because many Linux viruses spread quickly. Linux/UNIX systems using WINE are particularly vulnerable to virus attacks. WINE is an open source compatible software package, which enables the Linux platform to run Windows applications. WINE system is particularly vulnerable to virus attacks, because they will make viruses, worms and Trojans, whether for Linux or Windows, threaten the system.
Virus classification under Linux platform
Executable file virus: Executable file virus refers to the virus that can parasitize in files and mainly infect files. No matter what weapon, assembly or C is used by virus makers, it is easy to infect ELF files. Viruses in this area, such as Lindose, will check whether the infected machine type is Intel 80386 when they find an ELF file. If so, they will find out whether a part of the file is larger than 2784 bytes (or AEO in hexadecimal). If these conditions are met, the virus will overwrite and add the code of the corresponding part of the host file with its own code, and at the same time point the entry point of the host file to the virus code part. A student named Alexander Bartolich published an article entitled "How to Write a Linux Virus", which described in detail how to make a parasitic file virus infect the ELF executable file of Linux/i386. With such inspiring documents published on the Internet, the number of viruses based on Linux will only grow faster, especially the application of Linux is more and more extensive.
Worm virus: 1988 After the outbreak of Morris worm, Eugene H. Spafford gave the technical definition of worm in order to distinguish worm from virus. "A computer worm can run independently and spread its own version with all functions to another computer." (Worm is a program that can run by itself and spread a fully working version of itself to other machines. )。 Under the Linux platform, worms are rampant, such as Lamian Noodles, lion, Slapper and so on, which spread through system vulnerabilities ... These notorious guys infected a large number of Linux systems, causing huge losses. They are nimda, the red team, and open the source code world. In the future, this worm virus will continue to intensify. The more widely Linux systems are used, the stronger the worm's ability to spread and destroy will be.
Script virus: At present, there are many viruses written in shell scripting language. This virus is relatively simple to write, but its destructive power is equally amazing. As we know, there are many script files with. Sh In Linux system, a shell script with only ten lines can traverse all script files in the whole hard disk and infect it in a short time. Therefore, virus producers can easily write such viruses and destroy the system without advanced knowledge. Its destructiveness can be deleting files, disrupting the normal operation of the system, and even downloading a Trojan horse into the system.
Backdoor program: In the broad definition of virus, backdoor is also included in the category of virus. Backdoor, the weapon of intruders, is active in Windows system and also in Linux platform. From simple backdoor to system superuser account, to system service loading, * * * enjoy library file injection, rootkit toolkit, and even load kernel module (LKM), the backdoor technology under Linux platform is very mature, hidden and difficult to remove. It is a headache for Linux system administrators.
Viruses, worms and Trojans basically mean automated hacking. Perhaps it is more likely to be attacked by a virus than by a hacker. The target of hackers' direct attacks is generally the server, and viruses are troublemakers waiting for opportunities. If your network contains Linux systems, especially servers, don't wait until you find out whether Linux viruses, worms and Trojan horses exist. Do some research and choose an antivirus product suitable for your system. They can help you prevent the spread of the virus. As for the future development of Linux platform virus, everything is possible. The history of virus development under Windows may also be repeated on Linux, depending on the development of Linux.