Everyone seems to be talking about Windows malware. This is bound to be looking at the number of Windows PCs that sell worldwide. But it’s used in many countries in the world and there are pockets where this is the only OS that sells. The fastest supercomputers of the world all run on Linux. It’s embedded systems are also popular in handheld devices including smartphones and tablets. Thus, Linux malware is not an unknown quantity. If you have a Linux system, you should be aware of the malware that can affect it and stay protected accordingly.
What are the types of Linux malware?
Linux malware can be in various forms and these include viruses, worms and Trojans and other malware. Malware is spread in Linux by accessing the root system of a network. Linux has a multi-used model where access control plays an important role. When the root system is affected, the malware can spread throughout the network with considerable ease.
Apart from the malware mentioned here, the other forms of Linux malware include web scripts, buffer overruns, cross-platform viruses and social engineering malware.
What is a Rootkit in relation to Linux malware?
In the domain of the malware, a rootkit is an often heard word. The root here specifies the administrator in a Linux network. Kit here specifies a program that allows root-level access without the consent and knowledge of you, the end user. A rootkit works using a blended model where the other two components are dropper and loader.
The dropper is a code that starts the rootkit installation. This process is usually started through human intervention. When you click on a link in an email, you could be the one starting the process. The dropper, when initiated, launches the loader and then gets deleted. The loader causes a buffer overflow and this results in the loading of the rootkit into the machine memory.
How to protect against this malware?
For Linux desktops, the best option is to block all incoming and outgoing traffic using a firewall. Now use a virus scanner to scan the system. Along with the scanning, you should also do the rootkit detection.
For this servers, the traffic should be first stopped and you should then run a scan using a virus scanner. Now you can use one of the many reliable guides to make sure that the rootkit is deleted from the server.
How often should you check?
A Rootkit detection should be run at least once a month. If there is a lot of critical data in your system, you may run the detection every couple of weeks.
ServerPronto offers the best affordable and secure hosting service in all dedicated server packages.
Photo Cred: Yuri Yu. Samoilov
Comments are closed.