Understand and Avoid Malicious Code Attacks in Linux
January 21, 2009 at 08:29:55 AM, by Blair Mathis
Linux is a very secure operating system...but here are a few guidelines and examples of commands that Linux beginners should treat carefully.
If there is one thing Linux offers users that Windows does not, it's a false sense of safety for new users. Yes, Linux is a far (far) more secure operating system than Windows--it is not prone to the massive list of viruses and trojans and hijackers that plague Windows users--but there is one area where it is vulnerable, and it's this: malicious code offered by seemingly 'helpful' individuals can often cause far worse damage to your system than a Windows virus.
Of course, this is not a Linux problem, but instead an uneducated user problem. It is not unique to Linux--you can run just as many harmful commands in a Windows (and Mac)--but most Windows users would never run anything from command line, or even realize it's a possibility.
The best way to prevent this type of attack from affecting your computer is to avoid running any command or script that you do not understand. Now, while this is ideal, it is not practical. You will need help learning your way around the unfamiliar operating system, and unless you know someone with Linux knowledge, the Internet is your only resource. The second-best method is educating yourself.
The goal of this guide is to help you avoid the most common attacks, and to understand how these attacks work. You will learn what to be on the lookout for and how to recognize suspicious code.
Warning: Obviously, do not run any of the commands in this article. They are dangerous, and will harm/kill your install.
Tips:
- Don't run anything as 'root'. Root is sort of like an ADMIN account in Windows. It means you have access to all commands and all files, and it's a dangerous power for a Linux newbie.
Most Common Attacks
The most common malicious Linux code will erase your data, your file system, or simply wipe your hard drive clean. These often involve the letters 'rm', as mentioned above; this, however, does not mean you're safe if those letters are not included.
Things to Watch For
There are some bash commands that will key you off to a possible malicious threat. This list is certainly not exhaustive, but it will help you recognize the most common threats to your system, and help you make a decision about running a command.
RM is a bash command that means "Remove Files". You can see how this could end badly for your system.
RMDIR is another dangerous bash, and it means "Remove Folder[s]". This can be just as dangerous.
In conjunction with RM and RMDIR, look for these symbols, in the form of rm-rf:
MKFS is a common culprit of destroyed installs. It means "Make a Filesystem", and will format a partition on your hard drive or your entire hard drive. There are many variations of this--do not run anything with MKFS.
DD is another command to watch out for. It can be used to horribly cripple your hard drive. Unless you know exactly what you are doing, do not run something with DD in it. There are many various of this, with some writing random data over your HDD, others corrupting a few blocks of the hard drive, etc.
A symbol-laden attack is called the fork bomb, and looks like so: :(){:|:&};: This, unfortunately, catches many users attention and just begs to be run. It will cause your system to overload with processes and freeze, at which point you will have to do a hard reset. This is also seen as "fork while fork"
.Similar to a fork bomb is a decompression/Tar bomb. A decompression bomb results when you extract a tar.gz archive and a huge amount of files explode from it, infiltrating the directory you are in and possibly expanding rapidly until your hard drive is full and crashes. Do not open a tar.gz(bz2) from someone you do not trust.
Often, a malicious command will seek to cause harm to your hard drive--usually erasing it-- so watch for these following lines, which indicate your hard drive:
-
/dev/hda
/dev/hda1
/dev/hdb
/dev/sda
/dev/sda1
/dev/sdb
All of these indicate your hard drive, or one of your drives, and is a very good warning that you are messing with potentially fatal code. An example of a potentially maslicious code using the above is SHRED /DEV/HDA.
Another method of attack comes in the form of Shellscripts. Beware of what you download (look at the URL in wget), and do not execute code unless you know what it does and/or who it is coming from. A shell script can be used to execute any attacks above.
Finally, the above attacks can also be run on your system via source code. Do not run or compile code unless you know the person it is coming from. A long piece of source code could be nothing more than rm-rf / or similar, and destroy your system.
Conclusion
If you are a newcomer to Linux, there's a good chance you are converting from Windows. When it comes to protecting your machine, think of it this way:
When you receive code from a stranger, think of it as a file attachment in an email from a stranger. You wouldn't run an unknown exe on your Windows machine from a stranger would you? Treat unknown Terminal commands in the Linux the same way. If you don't know what it means, if you aren't sure you need it, if you don't trust the person offering it, then do not run it.
Page:1/1
Stay up-to-date with the latest mobile technology news and laptop reviews with our free newsletter! Get free tips, news and information from Laptop Logic and find the best laptop deals online.
Comments
There are no comments yet.