2016-10-19 (last updated at October 20th, 2016) Michael BoelenInterviews Leave a comment

Interview: MalwareMustDie and their Linux malware research

Linux malware, research, and more With great pleasure, we interviewed unixfreaxjp. He is the leader and founder of the malware research group MalwareMustDie. We want to learn about their activities, Linux malware, and useful skills for security professionals. Keep reading! Interview MalwareMustDie About the MalwareMustDie organization So for those never heard about MalwareMustDie, can you tell us who you are? As stated on our web site. MalwareMustDie, is a white-hat anti cybercrime security research workgroup. launched in August 2012, is an Non […]

2016-07-26 (last updated at November 21st, 2016) Michael BoelenMalware, Threats 2 comments

Linux and rise of Ransomware

Ransomware on the Linux Platform Times are changing when it comes to Linux malware. Since a long time we had backdoors, PHP shells, and even rootkits. But it won’t take long that ransomware will catch up on the Linux platform. We hope you are reading this to counter the threat, not because it is already too late. Ransomware invasion Ransomware is a little devil. It encrypts your valuable data and protects it with a generated key. This key is then […]

2016-02-08 (last updated at April 16th, 2017) Michael BoelenMalware 3 comments

Dealing with Linux Malware, Insights by the Author of rkhunter

Linux Malware Malicious software plague computers for more than 40 years. It is hard to think this threat will ever stop. The Linux platform definitely has their share of malware, although many people never experienced it firsthand. Let’s dive into this subject and discover why your system might actually being compromised at this very moment. The types of malware To understand the risks, you have to understand the threats and weaknesses. When we talk about malware, there are different family […]

2016-01-05 (last updated at June 24th, 2018) Michael BoelenFile Integrity 2 comments

How to see the file type?

Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it. The unknown file You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is […]

2015-04-13 (last updated at January 12th, 2021) Michael BoelenVulnerabilities, Web Leave a comment

Protecting the browser: Web of Trust

Note This is an older blog post and we no longer advise using Web of Trust. See pcmag for more details. Protecting the web browser Usually we focus on the blog on the server side of things, helping to protect the data of users, customers and ourselves. What we commonly overlook is the end of the connection, the web browser of the user. In the upcoming posts we will look at alternative measures we can take, to protect data there […]

2015-02-23 Michael BoelenCompliance, Malware, PCI DSS compliance 2 comments

Using ClamAV for Linux PCI DSS requirement 5: Malware

PCI DSS requirement 5: Malware and Anti-Virus An important part in the PCI DSS compliance, is checking for malicious software, or malware. By using anti-virus software like ClamAV, malware threats can be detected, and in most cases prevented. In this article we focus mainly on Linux environments, but of course most of these tips will apply to other platforms like Mac OS. 5.1. Verify presence of software 5.1 For a sample of system components including all operating system types commonly […]

2015-01-08 Michael BoelenMalware Leave a comment

Monitoring Linux Systems for Rootkits

Monitoring Linux Systems Detecting and preventing rootkits Rootkits are considered to be one of the most tricky pieces of malware. Usually they are loaded onto the system by exploiting weaknesses in software. Next phase is being installed and hide as good as possible, to prevent detection. We have a look at a few security measures you can take to prevent this kind of threat. System Protection Kernel The kernel is the brain of the software system and decides what […]

2014-07-09 (last updated at June 30th, 2018) Michael BoelenIntrusion Detection 3 comments

Detecting Linux rootkits

What is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools. Hiding by manipulation The tools in the rootkit are typically altered binaries that provide an alternative truth. They will display everything a typical command would do, except those parts that […]

2014-03-24 (last updated at July 13th, 2018) Michael BoelenIntrusion Detection, Linux, Malware One comment

Antivirus for Linux: is it really needed?

The question regarding the need for antivirus for Linux is after years still relevant. It is asked at forums and shows up regularly at Quora. As the original author of rkhunter, a malware scanner for Linux and Unix systems, I analyzed many malicious software components. You might be wondering that if there is malware, there is also a need for a scanner, right? It is actually not that easy to answer. It depends… So is antivirus on Linux really needed […]