For a couple of days we have been dedicating a series of articles to a topic that is never talked about enough, computer security. Now we will see why an antivirus is needed in Linux.
One of the most beloved myths of Linux users has been falling apart in recent years with the appearance of news about serious security problems and creation of new malware. Although Linux has a more secure file system and privilege management scheme than Windows, it is not invulnerable.
What is a computer virus?
A virus is a computer program whose function is to cause damage into a system or steal confidential information. Its distinctive features are:
- Spread: A virus is not limited to the current system, but can spread through emails, documents, scripts or executable files.
- Self-replication: The propagation we talked about in the previous point occurs automatically when the virus is executed.
- Programmable activation: Viruses can be executed at a specific date and time or when a specific event occurs.
- Stealth: Viruses try to go undetected by encrypting their code, changing their digital signature, or hiding behind legitimate files.
- It requires another program to act as a trigger.
Are there viruses for Linux?
First of all, it must be said that the term virus is used in a broad sense to also mention other types of malicious software such as worms, Trojans and spyware. Some examples are:
- Linux.BackDoor.Xunpes: It allows unauthorized access to the system to execute more than 40 commands including capturing keystrokes, taking screenshots, creating, modifying, deleting and transmitting files and folders and executing Bash commands.
- Linux.Ekoms: It spreads via email attachments, web downloads, and infected removable devices. It allows cybercriminals to remotely control infected computers. When it runs, it hides in the system and establishes a connection to a command and control server from which it receives instructions. Among other actions, it can: take screenshots, record microphone sound, take photos using the webcam, detect keystrokes, steal passwords, files and personal data, download and run malicious software, prevent access or delete the hard drive, or generate false messages.
- Windigo (Ebury): At the time, it affected thousands of Linux servers through a backdoor that stole credentials and accessed the system to redirect web traffic or send spam.
- Linux.Encoder: This malware encrypts the files on the affected computer to demand a ransom in exchange for users being able to access their files. It spreads through plugins used by some of the most popular content managers, so it mainly targets web servers. This malware uses an AES (Advanced Encryption Standard) encryption algorithm to prevent legitimate owners from accessing the files, and then produces an RSA (Rivest-Shamir-Adleman) private key which it sends to the command and control server operated by the attackers. Infected files now have the .encrypted extension, and users will see a text file named README_FOR_DECRYPT.txt in each affected folder. This file has the instructions to pay the ransom in cryptocurrency.
As we see, the potential risks of using Linux systems are not non-existent, In addition to that, we must take into account that we interact with other operating systems that have their own security risks. and, although they do not affect us directly, we can be a programming vector.
If we are like the writer of Game of Thrones George RR Martin, who uses a notebook not connected to anything, can probably get by without using antivirus software. Opposite case You should download one of the repositories and keep it updated. Or if you prefer you can choose some of the options trade.
In later articles we will talk about what the alternatives are.