Logo 
Search:

Unix / Linux / Ubuntu Answers

Ask Question   UnAnswered
Home » Forum » Unix / Linux / Ubuntu       RSS Feeds
  on Nov 30 In Unix / Linux / Ubuntu Category.

  
Question Answered By: Adah Miller   on Nov 30

IMHO none of the typical windows style approaches (anti-virus, popup
blockers, worm, adware, spyware programs) are needed in linux, at all.
The fact is, none of those would have made any difference, because this
was not a windows style malware infestation.

What happened here is that a rather obscure irc server program on a
download server was replaced by a file which would allow local users to
execute commands with root authority.

The bottom line: this file *not* part of linux, and honestly, I'd never
even heard of it before. So the author's hysterical claims of "many
linux servers infected" is way overblown.

The vulnerability requires a naive user with superuser privileges to
find the download site, download the trojan tarball, install it as root,
then start it as root. Each one of these steps would have to be taken on
purpose to create the vulnerability -

Let's keep this in perspective. It shows that if you purposely give root
access to all users on your linux system, users can issue commands with
root powers.

This so-called linux vulnerability. being trumpeted and celebrated by
the microsoft fans, is far cry from the ease of windows virus
infestation - microsoft windows can be quickly and easily infected just
by the reading an email message, or a visit to a website.

The last time I checked, the life expectancy of microsoft windows, if
connected directly to the internet, is something like 4 minutes before
it's compromised. On the other hand, to compromise a linux system, the
local admin really needs to load his gun and purposefully shoot himself
in the foot.

The moral? Always get your linux software packages from your OS vendor
or from well known and trustworthy 3rd party vendors. Downloading
mystery tarballs from the internet, blindly installing them and running
them as root is really silly, don't do it.

Share: 

 

This Question has 8 more answer(s). View Complete Question Thread

 
Didn't find what you were looking for? Find more on I saw this article link about Trojan and malware in Linux Or get search suggestion and latest updates.


Tagged: