Virus Infecting Linux Computers Since Six Years

A Linux virus has been circulating on the Internet since February 2002, and Sophos feels servers' display of the uptime makes them precious for bot-herders to use as key control locations.

The virus, dubbed as Linux.RST.B, infects the active bin/directory and its 'executable and linkable format' (ELF) files. In addition, with the help of a socket, it constructs a backdoor and waits for the package, containing the origin of the attacker and his commands for execution.

Linux-based computers mean a great deal of value to hackers. They are often converted into servers, ascertaining their necessity for a central point of control so that hackers can target computers widely. Also, users of Linux believe that their systems are bulletproof against malware and a malicious program rarely attacks open source bases.

Conversely, a Windows-based computer, which is often used as a desktop system in offices and as home machines are regularly shut down, and therefore, serve little as control points, but a perfect machine to be turned into zombies or infantry.

The Linux.RST.B virus is a unique Linux malware as it can multiply itself across distributions. The parental virus of Linux RST.B was caught in a Linux server, having a tailored Secure Shell (SHH) daemon with an easily accessible username and password.

To develop new anti-malware software, logs that download files and record activities of the hacker are used as reference. The virus commonly infects systems by blending with the malware that hackers use in their attacks. According to McCourt, such attacks are not new for Windows hacking appliances and are frequent mediums for the W32.Parite-B virus.

McCourt also said that hackers typically like IRC bots, File Transfer Protocol (FTP) and SHH scanners, as well as User Datagram Protocol (UDP) flooders, and sometimes try to gain root access through various other mediums.

Senior Security Consultant, Sophos, Carole Theriault, said that while the total malicious code in existence counts to approximately 350,000, only a few of them target Linux. But hackers are leveraging benefit of this pre-conceived notion in users about security, as reported by Daniweb on February 14, 2008.

Security researchers working in Sophos therefore recommend that affected users reload their Linux operating software for they could be exposed to secondary threats.

Related article: Virus Infects Through USB Drives

» SPAMfighter News - 2/21/2008