Announcement

Collapse
No announcement yet.

Are the Virus made for a specific system?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Are the Virus made for a specific system?

    Hello everybody,
    Please do you know if a virus for Kubuntu 20.04 is the same as a virus for Ubuntu 18.11, Mint, Fedora, Arch Linux, Debian, and so on?

    #2
    It probably depends. Linux 'viruses" are extremely rare, so it it hard to say. Most are going to target specific types of systems, usually large servers, not desktops. But I think it would not be hard for one to run on any type of Linux system, though the hard part is installing it -- it would probably need someone to physically install it, in person, or trick you into installing it manually yourself.

    Comment


      #3
      Thank you very much claydoh.
      The answer is: it depends on the system: Ubuntu 18.11, Mint, Fedora, Debian,Alpine Linux, Arch linux, Whonix, OpenBDS and Qubes are increasingly difficult to hack.

      Comment


        #4
        It is more of a standards issue. The more standard-compliant a system is, the easier to target. Yet, linux viruses are rare and root-kits are more common.

        Comment


          #5
          In the early 2000s virus makers attempted to expand their markets to Linux users. With that in mind, many companies which made anti-virus software also had databases that listed the viruses and their exposure. That ranged from fewer than 3 computers, to a couple more groups of larger numbers of "vulnerable" users. I don't remember the size of those groups, except for the first. I found it convenient that a virus would be found on 3 or less computers, unless it was the computers used in the labs those companies had for testing their product. Did they write the virus? I always thought so, and still do to this day.

          During those days a typical database would list a million or two viruses that were for the Windows platform. The Linux viruses were usually between one and two dozen. At least half were years old, even back then, and hadn't been seen in the wild for years. Then, in one year, the number of Linux viruses jumped to over 400. ALL of the new viruses were jpg viruses. The claim was that a specific jpg virus could infect either a Linux or Windows machine. Comparing the viruses I noticed that they had the same names, except that the word "linux-" was prepended to the name given to the Windows virus. And, those with the same names were also identical in size.
          I downloaded almost 1/4th of those jpg viruses and tried them out in a virtual system with no Internet connection. Nothing happened with any of them. No new additional files or folders were discovered. I came to the conclusion that the files were faked in order to promote sales of Linux AV subscriptions by the AV makers. For three or four years Kapersky had an annual sale on Linux AV software, in mags like PCMagazine, Byte, etc., surrounded by horror stories of compromised systems and stolen data. Then those ads disappeared. They probably didn't make up in sales the costs of those ads.

          Things changed since the AV software houses tried to trick people into buying their software because of fake jpg viruses.

          Jpg viruses are real, and a jpg virus can infect either a Linux or a Windows machine. The technique takes advantage of modularity. The jpg virus depends on you running a specific graphics view program that while displaying the jpg can execute embedded commands, not ELF or EXE commands, but javascript commands determine the OS type and then do an http get command to a remote server to download one or more specific ELF or EXE files that carries the brunt of the payload.

          The Linux platform uses the ELF binary executable and the Windows platform uses the EXE binary executable. An EXE won't execute on Linux unless you have WINE installed. Even then it may be tricky or doomed to failure. And, there are a few steps you have to do manually for this to happen:
          1) download the suspect virus or detach it from an email and save it to the disk. Remember, EVERYTHING in Linux is a file.
          2) mark it executable
          3) run it from the CLI.

          Moral: DO NOT download any software from any other source than the repository available to your distro, or from a site or developer you specifically trust. Never from a random website or from "Honest Abe". Especially, do NOT detach email attachments and attempt to run them, even if they are from a friend. He or she may not have actually sent you that email, the virus on their Windows machine did it.

          A bigger risk is social engineering. Some sexy voice on the other end of the phone telling you a tale of woe that brings tears to your eyes and would you be oh so nice as to help them out? Do it and you are toast.

          There is, however, malware appearing that is specific to Linux. One of the latest is FontOnLake.
          The good news is that you and I are generally not targets of viruses or hackers because we have nothing of value on our machines that would cause them to risk thousands of dollars in fines and years in jail to steal.

          Rkhunter, chkrootkit and unhide.rb are the three tools in the repository to track down and eliminate known root kits in Linux. I used to run them regularly but gave it up. ALL the warnings were artifacts, not root kits.

          My recommendation: Run a good firewall and keep your software updated. The ufw uses iptables and is excellent. The gufw is the graphical interface to it. It comes preloaded with commands to set up games like Minecraft, etc. IOW, it is easy to use.
          Last edited by GreyGeek; Mar 29, 2022, 04:41 AM.
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.

          Comment


            #6
            Originally posted by nicrnicr View Post
            Thank you very much claydoh.
            The answer is: it depends on the system: Ubuntu 18.11, Mint, Fedora, Debian,Alpine Linux, Arch linux, Whonix, OpenBDS and Qubes are increasingly difficult to hack.
            Hacking and viruses are not the same attack paradigm. You asked about viruses in #1. Were you giving a quiz?

            The distros you mention are designed by their developers for specific kinds of users. Septor, Tails, Kodachi and similar distros are designed for folks who think they need the highest security. Ubuntu is not, but it can be armored up if the user knows how. You can add Tor and a VPN, you can turn on ufw and give your internet connection all greens at GRC's "ShieldsUp!". But, why, unless you live in one of many states run by psychopathic dictators? Or, you are doing invasive clinical research and need to keep it secret.

            Besides, the biggest threat to your own personal information is your own government, especially if you live in America, Russia, China, Cuba, the UK, Britian, and probably Japan, the Mideast, and a host of other countries whose leaders want to sustain their positions of power.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #7
              Thank you GreyGeek for these informations!

              Comment

              Working...
              X