Malware

Antivirus for Linux: is it really needed?

Is antivirus needed on Linux systems? The answer: it depends. We will look at the risks, the types of malware, and the related security measures to take.

Summary of Antivirus for Linux: is it really needed?

The question regarding the need for antivirus for Linux is after years still relevant. It is asked at forums and shows up regularly at Quora. As the original author of rkhunter, a malware scanner for Linux and Unix systems, I analyzed many malicious software components. You might be wondering that if there is malware, there is also a need for a scanner, right? It is actually not that easy to answer.

Read the full article…

Dealing with Linux Malware, Insights by the Author of rkhunter

Malicious software plague computers for more than 40 years and most likely this threat will never stop. What should you know about it to protect yourself?

Summary of Dealing with Linux Malware, Insights by the Author of rkhunter

Malicious software plague computers for more than 40 years. It is hard to think this threat will ever stop. The Linux platform definitely has their share of malware, although many people never experienced it firsthand. Let’s dive into this subject and discover why your system might actually being compromised at this very moment. The types of malware To understand the risks, you have to understand the threats and weaknesses. When we talk about malware, there are different family types, each with their own threat and method of attack.

Read the full article…

Detecting Linux rootkits

In this post about intrusion detection we have a look at Linux rootkits, what they do and how to detect them. Linux rootkits are malicious pieces and should be detected as soon as possible.

Summary of Detecting Linux rootkits

Malware, or malicious software is also an issue on Linux systems. Let’s have a look into this threat and what actions you can take. What is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools.

Read the full article…

How to see the file type?

Learn how to determine the details of most types of files on Linux, together with the understanding how these tools do their job.

Summary of How to see the file type?

Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it. The unknown file You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal.

Read the full article…

Interview: MalwareMustDie and their Linux malware research

Linux malware, research, and more in this interview with unixfreaxjp, te is the leader and founder of the malware research group MalwareMustDie.

Summary of Interview: MalwareMustDie and their Linux malware research

Linux malware, research, and more With great pleasure, we interviewed unixfreaxjp. He is the leader and founder of the malware research group MalwareMustDie. We want to learn about their activities, Linux malware, and useful skills for security professionals. Keep reading! Interview MalwareMustDie About the MalwareMustDie organization So for those never heard about MalwareMustDie, can you tell us who you are? As stated on our web site. MalwareMustDie, is a white-hat anti cybercrime security research workgroup.

Read the full article…

Linux and rise of Ransomware

The availability of ransomware on Linux is growing. This is the story behind how things started and what we can expect to be next in the near future.

Summary of Linux and rise of Ransomware

Ransomware on the Linux Platform Times are changing when it comes to Linux malware. Since a long time we had backdoors, PHP shells, and even rootkits. But it won’t take long that ransomware will catch up on the Linux platform. We hope you are reading this to counter the threat, not because it is already too late. Ransomware invasion Ransomware is a little devil. It encrypts your valuable data and protects it with a generated key.

Read the full article…

Monitoring Linux Systems for Rootkits

To properly protect your system against malware systems should be monitored. Monitoring for rootkits and other forms of malware, will help with intrusion detection.

Summary of Monitoring Linux Systems for Rootkits

Detecting and preventing rootkits Rootkits are considered to be one of the most tricky pieces of malware. Usually they are loaded onto the system by exploiting weaknesses in software. Next phase is being installed and hide as good as possible, to prevent detection. We have a look at a few security measures you can take to prevent this kind of threat. System Protection Kernel The kernel is the brain of the software system and decides what should be executed by the central processing unit.

Read the full article…

Protecting the browser: Web of Trust

Systems running Linux might be a safe option, yet web browsers and the user will always be under attack from malicious scripts. Web of Trust (WOT) helps to counter common attacks like spam, scam.

Summary of Protecting the browser: Web of Trust

Important Note This is an older blog post and we no longer advise using Web of Trust. See pcmag for more details. Protecting the web browser Usually we focus on the blog on the server side of things, helping to protect the data of users, customers and ourselves. What we commonly overlook is the end of the connection, the web browser of the user. In the upcoming posts we will look at alternative measures we can take, to protect data there as well.

Read the full article…

Using ClamAV for Linux PCI DSS requirement 5: Malware

PCI DSS requirement 5 focuses on anti-virus and malware, or malicious software. Linux systems can also be compliant by using the popular ClamAV software.

Summary of Using ClamAV for Linux PCI DSS requirement 5: Malware

An important part in the PCI DSS compliance, is checking for malicious software, or malware. By using anti-virus software like ClamAV, malware threats can be detected, and in most cases prevented. In this article we focus mainly on Linux environments, but of course most of these tips will apply to other platforms like Mac OS. 5.1. Verify presence of software 5.1 For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists.

Read the full article…