Security Market Segment LS
Saturday, 10 March 2018 09:18

Linux faces malware threat 'due to operating environment'

Kaspersky Lab senior security researcher David Jacoby. Kaspersky Lab senior security researcher David Jacoby. Supplied

Linux is becoming open to more malware threats because of the applications and programming languages that can be used as a means to attack components of the open-source operating system when used in a server environment, a senior security researcher at Kaspersky Lab claims.

David Jacoby told iTWire on the sidelines of the Kaspersky Security Analyst Summit in Cancun on Friday that the most common form of malware for Linux systems was either a PHP, Perl, Java or Python script, with shell commands chained in.

He pointed out that while the kernel proper did not see many directed attacks, nobody ran the kernel alone on a server.

Many of the scripts he had encountered also had a dropper which left behind some nasties like a backdoored version of SSH or a toolset that attacked other servers on the same network or on other connected networks.

And, when Linux servers were used in conjunction with Windows systems, there was always the chance for Windows malware to attack, because any application that could read or write to files on a Samba server could also attack them.

Thus, he said, while Linux servers could not be infected per se by Windows malware, they needed to be running anti-virus software in order to trap Windows malware – else the Windows hosts on that particular network would be in danger.

Jacoby said another avenue of attack for Linux was through SE Linux, a kernel patch to add security features and patches to applications to allow them to determine the security domain in which to run processes.

One particular case he pointed to involved a vulnerability in SE Linux policies: a PHP script was allowed to open up network functions — dangerous behaviour — while Perl, Python or shell scripts were not allowed to do so.

He also highlighted the case of IoT devices where it was easy to infect devices, mostly through gaining access via the default credentials — which most people did not bother to change — and also through unpatched systems which became vulnerable because the manufacturer would not bother to issue patches beyond a year at the most.

"Practically all IoT devices are running Linux," he pointed out.

One mitigating factor for IoT devices was the fact that they were built atop ARM devices making exploitation was more difficult. "Fewer people know how to write exploits for these processors," he explained.

Jacoby played down the emergence of the cloud, saying it was just another form of hosting. "You have scalability, sure, where you can increase or decrease memory, storage or bandwidth as needed," he said.

"But at the end of the day it is just another form of hosting and it needs security measures just as servers did in the olden days."

Pointing to the example of Hotmail, the webmail service that was built by Sabir Bhatia in the mid-1990s and later purchased by Microsoft, Jacoby asked, "What was Hotmail? That was hosting too and it was a long time back."

He said one should not be carried away by terms like cloud; "it's just someone else's computer and that term didn't emerge from any technical person, but from marketing."

Given this, the security in such environments was needed to the same degree. In the end it depended on contractual obligations and also on the expertise of the person/people administering the cloud instance, he said.

The writer is attending the Kaspersky Security Analyst Summit as a guest of the company.

Photo: courtesy Kaspersky Lab

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News