Linux malware

Rick Moen, an experienced Linux system administrator, counters that: [That argument] ignores Unix's dominance in a number of non-desktop specialties, including Web servers and scientific workstations.

A virus/trojan/worm author who successfully targeted specifically Apache httpd Linux/x86 Web servers would both have an extremely target-rich environment and instantly earn lasting fame, and yet it doesn't happen.

Shane Coursen, a senior technical consultant with Kaspersky Lab, said at the time, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ...

Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses.

Privilege escalation vulnerabilities may permit malware running under a limited account to infect the entire system.

Careful use of these digital signatures provides an additional line of defense, which limits the scope of attacks to include only the original authors, package and release maintainers and possibly others with suitable administrative access, depending on how the keys and checksums are handled.

Reproducible builds can ensure that digitally signed source code has been reliably transformed into a binary application.

[8] Typically, a CGI script meant for leaving comments, could, by mistake, allow inclusion of code exploiting vulnerabilities in the web browser.

However, as of 2009 most of the kernels include address space layout randomization (ASLR), enhanced memory protection and other extensions making such attacks much more difficult to arrange.

Stuart Smith of Symantec wrote the following: What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plug-ins, ActiveX, etc, can be abused.

[9]As is the case with any operating system, Linux is vulnerable to malware that tricks the user into installing it through social engineering.

In December 2009 a malicious waterfall screensaver that contained a script that used the infected Linux PC in denial-of-service attacks was discovered.

The ClamTk GUI for ClamAV running a scan on Ubuntu 8.04 Hardy Heron