The 1996 Staog is the first virus under the Linux system, which comes from Australia called VLAD organization (the first virus program under Windows 95 is also the organization). The Staog virus is written in assembly language, specializing in binary files, and trying to get root privileges through three ways. The Staog virus does not have something substantive damage to the system. It should be a demo version. It reveals the potential danger of Linux may be infected by viral infections. The second discovered virus on the Linux system is a Bliss virus, which is an experimental virus that is unlearable to be released. Unlike other viruses, the Bliss itself has an immunoassay, as long as the "Disinfect-Files-Please" option is based on the program, the system can be restored.
If the Linux virus is only a concept, then the Ramen virus discovered in 2001, it has begun to cause a lot of people's concerns. Ramen viruses can be automatically propagated without artificial intervention, so in 1988, people have made people have a lot of hard Morris worms. It only infects the RED Hat 6.2 and 7.0, which uses an anonymous FTP service, which is through two ordinary vulnerabilities RPC.statd and WU-FTP infection systems.
The surface seems to be a dangerous virus. It is easy to discover and will not make any destructive things to the server. But when it starts scanning, a large number of network bandwidth will be consumed.
Since 1996, the new Linux virus refers to the number, which means that Linux is a robust operating system with congenital virus immunity. Of course, this happens, in addition to its own design excellent, there are other reasons.
First of all, Linux's early users are generally a professionals, even today, although their users have surged, typical users are still those who have a good computer background and willing to help others, Linux masters more inclined to encourage Novice supports such a cultural spirit. Because of this, Linux uses a tendency to avoid infectious viruses with secure experience. Second, young, is also one of Linux rarely being attacked by viral attacks. In fact, all operating systems (including DOS and Windows) are rarely affected by various viruses at its beginning.
However, in March 2001, the Global Incident Analysis Center - GIAC in the United States discovered that a new worms for computers using Linux systems were spread quickly through the Internet, which would be possible to The user's computer system causes serious damage. This worm is named "Lion" virus, which is very similar to Ramen worm. However, this virus is more dangerous, and "Lion" virus can send some passwords and profiles to a domain name located in China.com via email. Dartmouth College Safety Technology Research Institute William Steings said: "The attacker can re-enter the entire system through the first breakthrough after sending these files. This is the difference between it is different from the Ramen worm. Position. In fact, Ramen virus is a relatively friendly virus, which automatically shuts down the vulnerability after the intrusion system, and this virus makes the vulnerabilities open and open new loopholes. So if your system is infected this Virus, we can't believe in the value of this system, and more reasonable choice is likely to transfer your data and reformat the hard drive. "
Once the computer is completely infected, the "lion" virus will force the computer to start searching for other victims on the Internet. However, the system infected with "lion" virus is less than infected with RAMEN virus, but the loss it caused is much larger than the latter.
With the infection of Klez viruses on the Linux platform, the anti-virus software vendor begins to remind our Microsoft's operating system no longer the only operating system that is vulnerable to viral attacks. Even if Linux and other mainstream UNIX platforms may not be a large user of Microsoft bundled applications, it is impossible to cause viruses through these software, and Linux and UNIX still have their own fragile points. In addition to KLEZ, the main threats of other Linux / UNIX platforms are: lion.worm, OSF.8759 virus, Slapper, Scalper, Linux.svat and Boxpoison viruses, rarely mentioned. The manufacturer of the virus is some hackers who are proficient in code, they are far more dangerous than those who have known the wording of viruses. A black-off site can be repaired very quickly, and the virus is more concealed, which will bring potential safety hazards, which will always latency until the system will bring irreparable damage.
In addition, the more Linux systems are connected to the local area network and wide area network, the more attacks may be attacked, because many Linux viruses are spreading quickly. The Linux / UNIX system using Wine is particularly vulnerable to viruses. Wine is a compatible package for public code that allows the Linux platform to run Windows applications. The Wine system is particularly prone to virus attacks because they will make Linux still threaten the system for Windows's viruses, worms and Trojans.
Virus classification under Linux platform
Performable file type virus: Executable file type virus refers to a virus that can be parasitic in the file to focused on objects. No matter what weapons, assembly or c, the virus manufacturers are used to infect ELF files. This virus is like Lindose, when it discovers an ELF file, it will check if the infected machine type is Intel 80386, if so, find if there is a portion of the file greater than 2,784 bytes (or hex AEO), if these conditions are met, the virus will cover it with its own code and add the code of the corresponding part of the host file, and point the entry point of the host file to the viral code section. A student named Alexander Bartolich published an article called "How to write a Linux", which describes how to make a parasitic file virus that is infected with the linux / i386 ELF executable. With this inspiring, online-based documents, Linux-based viruses will only grow faster, especially since Linux applications are increasingly wide.
Worm (Worm) Virus: After the 1988 Morris worm broke out, Eugene H. Spafford gave a definition of worm's technical perspective, "computer worms can be run independently, and you can contain all your features. Version spreads to another computer. "(Worm Is a Program That Can Run by Itself and can propagate a fully working version of itself to other machine.). Under the Linux platform, the worm is extremely rampant, ramen, Lion, Slapper ... which uses system vulnerabilities to spread Ramen, Lion, Slapper ... These inexperity guys infected a large number of Linux systems, resulting in huge losses. They are Nimda, red code that opens the original code world. In the future, this worm will still be more intensified, the more wide application of Linux system, the degree of communication and damage ability of worms will increase.
Script virus: There are currently more than a virus written in a shell scripting language. Such viruses are more simple, but the destructive power is equally amazing. We know that there are many script files ending in the Linux system, and a short ten-row shell script can traverse all script files in the entire hard drive in a short time. Therefore, the virus manufacturer does not need to have a very deep knowledge, so that such a virus can be easily prepared, destroying the system, its destructive can be deleted files, destroying the system normally running, and even downloading a Trojan to the system. Back door procedure: In general virus definition concepts, the back door has also been included in the virus. Active in the back door of the Windows system This intruder's tool is equally active under the Linux platform. From the addition of the simple back door of the system super user account, to the use of system service loading, shared library file injection, rootkit toolkit, even load core module (LKM), LINUX platform is very mature, hidden hidden, difficult to clear . It is a problem with the Linux system administrator very headache.
Virus, worms and Trojans basically means automated hackers, perhaps by viral attacks more likely to occur than hacking. Direct hacker attack goals are generally servers, and viruses are troublesome people such as opportunities. If your network contains Linux systems, especially dangerous is server, do not wait for the LINUX virus, worm and Trojans before making a reaction. Do some investigations and choose a gas product that is suitable for your system, which can help you prevent the spread of the virus. As for Linux platform viruses in the future, everything is possible. The history of viral development under Windows, it is also possible to repeated on Linux, depending on the development of Linux
