Sign in with
Sign up | Sign in

How to Write a Linux Virus in 5 Easy Steps

By - Source: Tom's Hardware US | B 67 comments

It's easy for people to pick at Windows for being prone to virus and malware attacks. It's almost a given belief that if you're running a PC with a Windows operating system, you're much more susceptible to attacks than users with other operating systems.

But let's quickly look at the reasons for this. First, it isn't really Microsoft's fault. It isn't that Windows is technically inferior, it's that the majority of the world runs on Windows. This fact alone is very attractive for any virus coder or exploiter. As a virus writer, you'd want to attack the majority, not the minority.

Secondly, because the vast majority of the world's computers runs on Windows, everyone from very tech savvy users to the greenest of novices is included in this pool. There are many who are just not as educated--for various reasons--about software and Internet safety. So here we have a huge pool of people, many of which aren't informed. These are two main reasons why a Windows desktop is the prime target for attacks.

In recent years however, the popularity of the Linux operating system has shot up tremendously. Ubuntu for example, is a favorite among enthusiasts. Linux is revered for many industrial strengths, but it too has security issues. A Linux computer that's improperly configured, can also take a beating from malware, hackers, and the like. Thankfully, popular builds like those from Ubuntu, are distributed pre-locked down. At the local environment however, Linux is by nature, significantly stronger than Windows in terms of user and multi-user security.

Despite its strong underpinnings, Linux has become too popular to ignore. Now, a blogger by the name of "foobar" has written a guide on how to efficiently infect a Linux user's system, stating even not to "underestimate the ignorance of a Linux user." A snippet from foobar's guide:

There is this rumor going around that Linux is virus free. It is said that the old-fashioned multi-user heritage of Linux (and other *nix OSs) prevents malware, since users are not normally running their programs in admin mode (as root user). We are reminded that execute bits are needed to run anything – contrary to Windows – and that execute bits aren't set on any attachments or files saved from emails or from a web-browser.

Therefore, we are told, the very architecture of Linux is so much more superior to Windows that it's just not possible to successfully spread malware. Of course – it is acknowledged – a low-level bug, a buffer overflow or other issue is exploitable. But nevertheless, users can't just catch a virus by email or downloading malware from the Internet, contrary to “those Windows users”. Linux will protect them from their own stupidity.

foobar is setting out to prove that Linux is no more secure to malware than Windows is. Despite writing up the how-to guide on writing a virus for Linux, foobar doesn't actually point out the actual malware coding part, and instead instructs a would-be malware coder on how to infect a Linux system.

In a related playing field, Apple is famous for claiming that its computers are bullet proof from malware and viruses too, often indicating so in advertisements that show how "sick" a PC can get versus a Mac. Because of its relatively low usage rate compared to Windows computers, Macs have traditionally been more secure only because no one really wanted to spend time to attack a small minority group. The landscape however, is changing too for Macs. With popularity increasing, viruses and attacks are becoming more popular, with the most recent infection spreading through a torrent of Apple's iWork '09 office suite.

Do you believe that the security of a system lies on the technical aspects of the operating system in use? Or do you firmly believe that the security lies soley on the sholders of the user? Do you think foobar's claims are correct?

Discuss
Display all 67 comments.
This thread is closed for comments
Top Comments
  • 11 Hide
    mitch074 , February 19, 2009 11:40 AM
    @Mr Pink: Old News (most recent is dated 2005).

    Slapper: Apache bug, not Linux specific; at the same time, 25% of the Windows machines in the world were taken down, neutered and made unrecoverable by Win32.Tchernobyl, using a core system component abused through a drive-by attack on an on-by-default useless system service.

    New Apache worm: not Linux-specific, it could run on any Apache-enabled machine. At the same time, IIS 5.0 (installed, run as a system service and running by default on all Windows 2000 Server machines) was hacked and created a botnet strong of dozens of thousands.

    Linux hacked more often than Windows: following the inquiry, it appears that the compromised Linux servers hadn't been set up properly and were basically unpacked, run as-is (by default, most services in a distro are set into test- and developer-mode, with instructions on how to lock them down for production use) and left alone. At the same time, more than half of attacked Windows machines (which are supposed to have an administrator behind them) successfully got hacked. As such: Linux server where the admin RTFM was safe.

    Worm attacks: needs 2 things, unpatched (that's 1) web server/page generator running as root (that's 2) instead of its own user. The first took 9 years to solve under Windows, the second still isn't solved.

    Mystery Infestation: weak admin password in large hosting farms at fault. Solution: use stronger password. Valid on any OS.
  • 11 Hide
    SAL-e , February 18, 2009 10:28 PM
    There is no away to idiot-prove any system. If the user don't know what he/she is doing, he/she will be victim of social-engineering attack. For that you don't need to write any viruses. Just ask them for their username and password and they happily will give them to you.
    Even if some one writes a virus for Linux that some how runs automatically or by users action the worst damage would be to the users profile, not the core of the system. You need to spend really great time and effort to misconfigure the Linux in order to have the same level of problems like Windows. I think MS is taking notice of that and the new Windows Server 2008 is much better. Who is going to take on the task to teach the users?!
  • 10 Hide
    batkerson , February 18, 2009 9:51 PM
    I sincerely believe that the security any computer system is primarily the responsibility -- i.e., the result of design and implementation -- of the OS. The dept. of justice dropped the ball a few years back when, ultimately, it did not require the breakup of MS into operating system and applications companies. If MS truly would concentrate on the efficiency, and security, of the OS rather than on bells and whistles that few people need and even fewer actually want, then, oh, what a Windows we would (probably) have. MS is so intent on adding "functionality" or appearance that their security division (or whatever it's called internally) has a moving target to protect. To MS: stop adding functionality for an OS cycle or two and pour all your money into efficiency and security THEN, when the OS is ready, move forward with the other "stuff".

    My 2 cents.
Other Comments
  • 0 Hide
    jsloan , February 18, 2009 8:51 PM
    oh, poor babies, welcome to the real virus ridden world.
  • 0 Hide
    tipoo , February 18, 2009 9:12 PM
    As a vrius writer, i'm offended at being included in an article about viruses!


    lol, more typo's.
  • 9 Hide
    ogre9001 , February 18, 2009 9:35 PM
    To all of the brilliant Linux virus writers....Why is it that you keep making these claims, but nothing ever comes of them?
    I have read for the past decade about all of these threats that will show linux to be just as vulnerable as windows to viruses.
    Did I miss some news?
    I don't remember hearing about the massive virus attack that took down thousands of linux servers and turned linux workstations into spambot networks numbering in the hundreds of thousands.
    I look at this the same as I look at the annual threat of an attack that will completely lock down the internet.
    Deleted by Moderator
  • 8 Hide
    echdskech , February 18, 2009 9:50 PM
    from the linked article:

    Quote:
    f course, that also means that the mail attachment will have this extension as well. Some users may notice, many others will not.


    This type of malware doesn't exploit the OS so much as it does the user's intelligence. As we all know, no matter how id10t-proof we make systems, someone just builds a better id10t.

    Ofcourse, maybe the reason for Linux's reputation of security comes as much from the min IQ requirement of using 'ye olde Linux arcane distros as it is in the OS design. Recent distros are becoming more and more user friendly and therefore lowering aforementioned requirement.

    I suppose it is a necessary evil if it ever hopes to appeal to as broad an audience as Windows. I just hope the dev guys can keep up to prevent it from being a cesspool. =/
  • 10 Hide
    batkerson , February 18, 2009 9:51 PM
    I sincerely believe that the security any computer system is primarily the responsibility -- i.e., the result of design and implementation -- of the OS. The dept. of justice dropped the ball a few years back when, ultimately, it did not require the breakup of MS into operating system and applications companies. If MS truly would concentrate on the efficiency, and security, of the OS rather than on bells and whistles that few people need and even fewer actually want, then, oh, what a Windows we would (probably) have. MS is so intent on adding "functionality" or appearance that their security division (or whatever it's called internally) has a moving target to protect. To MS: stop adding functionality for an OS cycle or two and pour all your money into efficiency and security THEN, when the OS is ready, move forward with the other "stuff".

    My 2 cents.
  • -7 Hide
    eddieroolz , February 18, 2009 10:00 PM
    batkersonI sincerely believe that the security any computer system is primarily the responsibility -- i.e., the result of design and implementation -- of the OS. The dept. of justice dropped the ball a few years back when, ultimately, it did not require the breakup of MS into operating system and applications companies. If MS truly would concentrate on the efficiency, and security, of the OS rather than on bells and whistles that few people need and even fewer actually want, then, oh, what a Windows we would (probably) have. MS is so intent on adding "functionality" or appearance that their security division (or whatever it's called internally) has a moving target to protect. To MS: stop adding functionality for an OS cycle or two and pour all your money into efficiency and security THEN, when the OS is ready, move forward with the other "stuff".My 2 cents.


    Splitting Microsoft wouldn't change anything. Besides, by having it together, it would actually offer them better interoperability and releases on schedules.

    Besides, the any OS is just as vulnerable as the other. They're simply lines of codes, some better implemented than others. They still can be brought down to its knees.
  • 3 Hide
    cadder , February 18, 2009 10:06 PM
    With the MAC ads on TV and elsewhere thumbing up their noses at viruses, I think it's only a matter of time before virus writers take up the challenge, that is unless virus writers are MAC people themselves.
  • 11 Hide
    SAL-e , February 18, 2009 10:28 PM
    There is no away to idiot-prove any system. If the user don't know what he/she is doing, he/she will be victim of social-engineering attack. For that you don't need to write any viruses. Just ask them for their username and password and they happily will give them to you.
    Even if some one writes a virus for Linux that some how runs automatically or by users action the worst damage would be to the users profile, not the core of the system. You need to spend really great time and effort to misconfigure the Linux in order to have the same level of problems like Windows. I think MS is taking notice of that and the new Windows Server 2008 is much better. Who is going to take on the task to teach the users?!
  • 2 Hide
    Flameout , February 18, 2009 10:37 PM
    There's no such thing as 100% security, even for Linux. It may have something to do with how Linux is coded, but for the most part, it's because Linux runs only on about 1% of the worlds computers. Whenever I install a linux distro on someones pc, I don't say "you'll never get a virus or malware/spyware" I say "the chances of getting a virus or malware/spyware is about 1 in 100"
  • 6 Hide
    scryer_360 , February 18, 2009 11:10 PM
    I've heard of these claims before: that Linux systems are just as vulnerable. But I've never seen any evidence of an actual effective form of attack. Of course, you can still do all sorts of network based-attacks, to bring down a connection, but to actually take control over a Linux system? I've never seen it.

    And there are many things in a Linux system that keeps it safe, sometimes by being overly simplistic even. I don't think any OS is bullet-proof: if it can be built, it can be torn down, if torn down, it can be built. Still, I do believe their are varying degrees of difficulty. This is what keeps people strong in the belief of Linux.

    Besides, if Linux were so easy to crack, then I'd imagine we'd here much, much more often about how servers at major companies and institutions are being taken over by crackers.
  • -5 Hide
    ozarkamax , February 18, 2009 11:23 PM
    ogre9001To all of the brilliant Linux virus writers....Why is it that you keep making these claims, but nothing ever comes of them?I have read for the past decade about all of these threats that will show linux to be just as vulnerable as windows to viruses. Did I miss some news? I don't remember hearing about the massive virus attack that took down thousands of linux servers and turned linux workstations into spambot networks numbering in the hundreds of thousands.I look at this the same as I look at the annual threat of an attack that will completely lock down the internet.Instead of telling us over and over again how big your cock is, why don't you go ahead and whip it out. I for one am up for the laugh.


    quite possibly because nobody gives a hoot about linux. i don't believe this is a quest to prove the better OS. it is simply to prove that going with linux over windows because it is more "secure" , the in thing, makes you feel smart, is very naive.

  • 0 Hide
    ozarkamax , February 18, 2009 11:28 PM
    batkersonI sincerely believe that the security any computer system is primarily the responsibility -- i.e., the result of design and implementation -- of the OS. The dept. of justice dropped the ball a few years back when, ultimately, it did not require the breakup of MS into operating system and applications companies. If MS truly would concentrate on the efficiency, and security, of the OS rather than on bells and whistles that few people need and even fewer actually want, then, oh, what a Windows we would (probably) have. MS is so intent on adding "functionality" or appearance that their security division (or whatever it's called internally) has a moving target to protect. To MS: stop adding functionality for an OS cycle or two and pour all your money into efficiency and security THEN, when the OS is ready, move forward with the other "stuff".My 2 cents.


    you can't fix stupid. no matter how secure you make it, somebody somewhere will turn it off no matter what it is. that said, the security of the system is the responsibility of the owner. MS norton AVG all those companies can only provide tools but they cant make you use them or force them upon you.

    nor can you claim any such company is liable for damages caused to your computer as a result of a 3rd party/software infecting your system with malicious intent.
  • 5 Hide
    Anonymous , February 18, 2009 11:43 PM
    There's quite a few people that believe Microsoft security "flaws" are actually backdoors left there on purpose. If this non-flaming post is quickly downgraded or not posted at all, I believe that should be sufficient evidence that it's true ;) 
  • 4 Hide
    Anonymous , February 18, 2009 11:44 PM
    Dream on - the real answer is in the design of the OS itself. Windows is terribly flawed by design as a head for tail OS design. Popularity has very little to do with it at all. Its more a matter of the vulnerability of the design. Its time to rewrite Windows from the ground up. Also, as it has been said so many times before - all this talk - still nothing in the wild. Even the supposed Mac virus required the - quote 'Id10t User' unquote - to enable it to run. No such rules protect the head for tail design implemented in Windows. Lets stop this nonsense and do away with this so often repeated Stockholm Syndrome. Please!
  • 5 Hide
    salem80 , February 18, 2009 11:56 PM
    Windows infected by virus even with .Pictures and video clips "in flv too ".
    just look for " HTML.IFrame.TB Trojan "(it's come with Picture while u surfing the web)..
    if there's more games in Linux i will never use window again ...
  • -3 Hide
    jhansonxi , February 19, 2009 12:04 AM
    ozarkamaxquite possibly because nobody gives a hoot about linux. i don't believe this is a quest to prove the better OS. it is simply to prove that going with linux over windows because it is more "secure" , the in thing, makes you feel smart, is very naive.
    A very large number of servers on the Internet run Linux for a good reason - it's more secure. Even foobar's "worm" only works because of a bad design decision in KDE and Gnome, and does not work with XFCE and it's file manager Thunar. It's not a Linux problem as it affects any OS using KDE and Gnome. You obviously have no clue about Windows and Linux administration. Tuan Nguyen is ignorant and just trolling for clicks. I'm running Adblock Plus to compensate.
  • -7 Hide
    jhansonxi , February 19, 2009 12:10 AM
    FlameoutThere's no such thing as 100% security, even for Linux. It may have something to do with how Linux is coded, but for the most part, it's because Linux runs only on about 1% of the worlds computers. Whenever I install a linux distro on someones pc, I don't say "you'll never get a virus or malware/spyware" I say "the chances of getting a virus or malware/spyware is about 1 in 100"
    It's all around you - just look:

    http://toolbar.netcraft.com/site_report?url=http://www.tomshardware.com
    Netblock Owner IP address OS Web Server Last changed
    BSO Communication, Paris 212.73.209.9 Linux BSOCOM WebCache 12-Feb-2009
  • 1 Hide
    cruiseoveride , February 19, 2009 2:04 AM
    "It isn't that Windows is technically inferior"

    --- Ohhh it most certainly is.
  • 0 Hide
    Anonymous , February 19, 2009 2:18 AM
    Agree that: - Under Linux, no viruses because it is not popular, it is absurd!
    Linux, * BSD, MAC OS, used in
    servers and workstations - usually where security is needed.
    Linux, BSD, Darwin - do professionals from all over the world! Use of mainly professionals.
    Proposed fee for the virus code for these systems - * money is not who is not won;)
    Viruses under these systems do not.

    PS No need to confuse the virus, here is this;
    #! / bin / bash /
    rm-R *.*
    :) 
  • -7 Hide
    Darkk , February 19, 2009 2:30 AM
    Folks - I don't give a rat's ass which is OS superior over the other. It's really user education on how to safely read e-mails and not go to the known sites that constantly try to infect your PC with some kind of a malware.

    I don't think Linux is any different. I personally been using Ubuntu for the past several months and it's not perfect. I do have CLAMAV running in the background but most of the viruses are designed for Windows so makes me wonder why I even bother to run it in the first place? I guess it's a sense of false security I've had with windows.

    It's really common sense for people NOT opening unknown e-mail attachments and visit dangerous websites.

    So honestly Linux isn't secure as windows, just it's harder to get infected if the user pays attention to the pop up warnings.

Display more comments