Ransomware: Should you pay the cybercriminals?

Ransomware is a growing threat, threatening to take over your machine, encrypt your files and demand payment in exchange for their safe return. But, as we explore below, paying the ransom is rarely the solution.

What is ransomware?

Ransomware is a type of malware, or malicious software, which has exploded in notoriety in recent years.

The malware is often installed on your machine via a phishing email or a drive-by-download on a compromised website, and a short time later a pop-up message will appear on screen telling the user to pay a ransom (in some cases as much as $300) in order to ‘unlock’ their stolen documents.

Fortunately, the severity of ransomware varies considerably. At the lower-end, most variants simply bombard the user with ‘scareware’ pop-up messages, telling them to pay up to restore normal service. However, these variants  haven’t actually encrypted any files.

That said, there are other versions which block access to the start screen, while ‘filecoders’, like CryptoLocker, will encrypt documents stored on the system’s hard drive.

These warning messages typically claim to be from law enforcement agencies, warning of illegal activities or content. They may alternatively claim that the system’s operating system is a forfeit, or pretend to be an anti-virus solution that has identified an infection.

To date, the most prolific variants of ransomware been CryptoLocker, TorrentLocker, Reveton and CryptoWall although newer versions like CryptoFortress, CoinVault and others have emerged in recent months, sporting newer tactics like making emails appear quarantined and running operations through the Tor or Invisible Internet Project (I2P) anonymizing networks. As ESET found with Virlock, ransomware is increasingly polymorphic, which makes it harder to detect and remove.

Ransomware, described by one malware analyst as a “polished and finished product for the bad guys”, is so widespread now that it’s a big concern for businesses. One study earlier this year found that ransomware had a bigger impact on organizations than widely-publicized advanced persistent threat (APT) attacks.

What you should do

Paying for the ransom is a dangerous option. For starters, there is no guarantee your files will be returned or that the malware has been removed. Will the hacker exploit you again in six months’ time? The truth is you don’t know.

Instead, information security professionals recommend a few useful tips, such as regularly backing up your data and ensuring your computer is running the latest software and anti-virus (ESET protects against CryptoLocker, Cryptowall, CTB locker and many other types of ransomware).

If you do get infected, and haven’t followed the advice above, all is not lost; your best bet is contacting an IT professional although there are free decryption tools online, and ways you can remove the malware via the operating system.

For less sophisticated ransomware that hasn’t encrypted files, you can enter Windows Safe Mode and run an on-demand virus scanner to hopefully remove the malware. Alternatively, you could try and do the same by logging onto the computer from another user account (hopefully bypassing the malware on the start screen), or by accessing the infected PC from a ‘clean’ PC on the same network.

If you can’t get onto the home screen, another option is System Restore, which will restore system files and programs to a state they were in previously. To do this, shut down your computer, reboot and hit the F8 key continuously to enter advanced boot options. You should see an option to repair your computer.

ESET security expert and Editor in Chief of We Live Security says users shouldn’t pay for the following reasons: “If you pay, you will support cybercrime activities by funding them with money; you don’t have any guarantee that your information is going to be decrypted again. Remember, this is not a service, they are cybercriminals. [And] even if you pay, you are not going to be ‘whitelisted’ so you could get infected again so it’s not a real solution for the future either. Prevention is the most important tool against Ransomware, since the infection can be usually cleaned afterwards but not always the information restored.”

Labaca Castro recommends using a security solution to prevent computer getting infected, frequently back-up information so it is somewhere safe and recover it easily, and avoid opening attached files in emails from unknown senders. Additionally, ESET also offers a decryptor for specific variants from Simplocker to recover your information.

by Karl Thomas, ESET

Four Mortal Kombat moves cybercriminals use to attack your security

After a long wait, Mortal Kombat X is finally here. Over the past decade, this fighting video game series has been enjoyed by many generations of gamer. Some of the tricks employed by the characters in the legendary fighting series aren’t a million miles away from those deployed by cybercriminals however…

With security threats increasing all the time, users are in a constant battle to protect their online security – Mortal Kombat style, in fact.

Below, you will see four malicious techniques used by attackers, which would not be out of place in a classical battle between Sub Zero, Kitana, Reptile and their rivals:


This is indeed the best-known move to finish off an opponent, available since the very beginning of the series. Many people will certainly feel the adrenaline rush when hearing the famous “Finish Him” (or “Finish Her”, when fighting against a female character) line, providing the chance to execute a fatal finishing move.

Mortal Kombat fans will remember that Shang Tsung’s specialty move is the “Soul Drain”, which involves him stealing his opponent’s soul.

As computer technology has improved, the video above seems pretty unimpressive; nonetheless, it still keeps certain parallels with what goes on in the world of IT security – think about a ransomware infection, the kind of malware that “kidnaps” information and demands the payment of a ransom to restore access to it. We can say that practically in all cases the compromised files are important, private, confidential and valuable.

Isn’t that also the computer’s soul? Of course it is. Therefore, when blocking access to the system’s files, the ransomware is somehow attacking against the system’s own existence… and taking away its innermost and most valuable contents. Just as a dark sorcerer would do.

A piece of advice – the best weapon is prevention. Make sure you have an adequate security solution, are cautious when browsing, and ensure you keep an appropriate security backup schedule to recover essential files in case they are compromised.


This final move is a combination of successive punches to finish off the opponent and make him explode! As you’d guess from its name, we can’t help thinking about brute force attacks carried out for password stealing purposes.

These attacks allow cybercriminals to automatically compare a list of credentials from a dictionary with the ones stored in the server, generating massive login authentication attempts until retrieving the correct key, explains Denise Giusto from ESET. These credential dictionaries include widely-used words or common expressions.

With the same discipline, strength and speed used by Kitana in the video below where she destroys her opponent, cybercriminals make numerous password-guesses in a matter of seconds, gaining access to accounts for different platforms and services.

A piece of advice – create a strong and safe password so that no one can guess it – not even someone trying with four arms at the same time.

Good practice is to combine letters and numbers, although in those cases it is important to emphasize on the character-length – it should be longer, as long passwords take longer to break.


One of the most polemic additions to the Mortal Kombat series was this final move that consisted of turning an opponent into the baby version of themselves. Many complained that it wasn’t gory or violent enough, while others thought it was funny and original.

The truth is that once turned into a baby, the only thing the character who lost the fight can do is cry or have a tantrum, but, in contrast to the cases in which the other techniques are used, he doesn’t die and, at least his body remains in one piece.

When it comes to threats and computer attacks, cybercriminals perform a kind of Babality when using Social Engineering techniques to turn their victims into innocent creatures who fall for different types of scams – malicious links, fake websites, prizes that will never be handed out, profiles run by bots, fraud under the name of legitimate entities, and more.

Why do we still find inattentive users clicking on an attractive ad claiming he has won a prize for being the millionth visitor to the site?

A piece of advice – many of these threats are spread hidden in email attachments, so you should be careful when the email you receive comes from an unknown sender; a good choice is not to enable macros, and scan the mails with a security solution.

It is also worth checking which URL it’s redirecting the advertised link to, because in many cases it is easy to identify a fake or questionable website by looking at its domain. Moreover, do not forget that Social Engineering is based on exploiting topical events; consequently, look out for these topical scams and avoid falling into a trap.


Friendship is an act of good will towards the weakened adversary. Instead of killing him, the winning character gives him a gift, dances around or shows some attitude that somehow simulates mercy.

And when it comes to fake friendship, we can’t help thinking about the masters of disguise: the rogue. They are programs that claim to be an antivirus or security solution, usually free of charge, but are actually harmful. The attack starts with striking warning windows indicating the existence of malicious software in the system.

Scared, the victim generally downloads a fake security application that installs malware in the computer.

A piece of advice – once more, you should pay attention so that you can always identify a rogue and, therefore, avoid it. If you use an efficient security solution, you will know that your computer is clean and that the disturbing warning is probably a scam.

As you can see, the fatal techniques used in Mortal Kombat have their parallels in the computer world. Adequate security can ensure you aren’t defeated!

And should you fancy picking up Mortal Kombat X today, it goes without saying you should buy it through the official channels – plenty of malware comes from fake game downloads around the net!

Apply good defensive practices and enjoy the battle! (Only in the video game, of course!)

by Sabrina Pagnotta, ESET

World Backup Day: Six ways to backup your data

Today is World Backup Day, and it goes without saying that backing up data is a thoroughly sensible thing to routinely get into the habit of doing.

Not only does it make sense in case your laptop is stolen, or your hard disk fails, but it also means that should your computer become infected with ransomware. This is a particularly nasty strain of malware that encrypts your files and threatens to delete them if you don’t pay a ransom within a certain time period. ESET doesn’t recommend giving in to ransomware demands for many reasons both ethical and practical (not least because you mark yourself as a possible target for future attacks), but if your files are all safely backed up, you won’t even feel tempted to negotiate with them in the first place.

There are plenty of options available for people looking to backup up their data, all with their own pros and cons. Here are some of your options, but remember: it’s best to have more than one backup to be safe.

1. USB stick

usb stick

Small, cheap and convenient, USB sticks are everywhere, and their portability means that they’re easy to store safely, but also pretty easy to lose. There are questions about the number of read/write cycles they can take, so should be considered alongside other backup methods.


+ Extremely portable

+ Very cheap

+ Can easily transfer data to other sources


– Portability means they’re small and easy to lose

– Questions over read/write cycle longievity

2. External hard drive

external hard drive

External hard drives are just what they sound like – hard drives that live outside your computer, meaning they can be plugged in to other sources. If using them for backup, it’s best not to use them as an ‘extra every day hard drive’.


+ Relatively cheap

+ Plenty of storage space for larger files


– Potentially open to problems which lost files in the first place (a power surge or malware)

3. Time Machine


For the Mac users out there, Time Machine is an option that backs up to external hard drives automatically. Apple sells  its own brand of dedicated wireless Time Capsules, but you can use any hard disk for it. Using this method, you’ll automatically keep backups hourly for the last 24 hours, daily for the last month and then weekly backups until the machine is full.


+ Automated, meaning you shouldn’t forget to stay up to date

+ Frequency of backups means you should never be too out of date

+ Backs up whole drive, not just the key files


– Dedicated wireless machine is expensive

– Mac only

4. Network Attached Storage


Businesses tend to backup their files to network attached storage, but with more and more homes having multiple computers, the idea has a certain appeal, especially for those looking to save files from more than one source. With prices coming down, a dedicated wireless storage solution is a convenient option which requires less thought.


+ Automatic backups mean you don’t risk forgetting

+ Wireless solutions also work with phones and tablets


– Can be expensive

– Can be awkward to set up and maintain

5. Cloud Storage


While network attached storage is essentially your own Cloud Server, there are plenty of third party cloud storage options around: free, paid, or free with paid extras. iCloud, Dropbox, Google Drive and OneDrive are big names, but others are available.


+ Can be done automatically

+ A certain amount of space is usually free

+ Device agnostic


– Requires an internet connection to work

– You can’t account for their security breaches

– Companies aren’t obliged to keep these services around forever

6. Printing


At a first glance, this might sound a facetious inclusion. But while considerably less technically advanced, printing offers you a hard copy of your most important documents that will survive power outages, and are easy to store and access even if your computer is out of action for a few days. Of course it’s hard to keep documents up to date this way, and it won’t work for video or audio files, but for that novel you’d be devastated to lose, it’s certainly worth considering.


+ A backup that won’t be affected by hardware outages or tech headaches

+ Impossible for hackers to access


– Impossible for certain file types

– Awkward to manage

– Less practical for longer documents

– Not great for the environment

However you choose to backup your data (and it’s smart to consider using more than one solution, at least for your life-or-death files), make sure that you do it. Often people don’t think about what were to happen if their valuable files were to be lost, until it’s too late. Don’t make that mistake, and use World Backup Day to make sure your files are all safe and accounted for.

by Alan Martin, ESET

10 tips for protecting your virtual Bitcoin wallet

One of the most famous recent incidents was the attack on the bitcoin exchange, Bitstamp. On this occasion, 19,000 BTC were stolen after the virtual wallets belonging to the exchange were compromised. The equivalent value of the resulting loss amounted to an astonishing USD 5 million. So, how can you protect yourself? You need to protect both your identity and your wallets from potential digital theft.

  1. Use a versatile Bitcoin client

For the purpose of privacy, and to hide your IP address, you can use a Bitcoin client that allows you to change to a new address with each transaction.

  1. Protect your identity

Be careful when sharing information about your transactions in public spaces like the web, so as to avoid revealing your identity together with your Bitcoin address.

  1. Use an “escrow service”

When you need to buy or sell something and you aren’t sure who is on the other side, you can use an “escrow service.” In these cases, the person who needs to make the payment sends their bitcoins to the escrow service while they wait to receive the item they are buying.

  1. Make a backup of your virtual wallet

With regard to physical storage, as with any critically important backup policy, it is recommended to make frequent updates, use different media and locations, and keep them encrypted.

  1. Encrypt your wallet

Encrypting your wallet is crucial, especially when it is stored online. As you might expect, the use of a strong password is equally essential. With this in mind, you can use tools like DESlock+ to encrypt files that contain any sensitive information. Even better is to encrypt the entire system or user space where these files are located.

  1. Don’t forget about two factor authentication

When using online storage services, it is recommended to use two factor authentication and whenever possible, online services that support the use of hardware wallets.

  1. Avoid using wallets on mobile devices

You should avoid using mobile devices, especially in the case of large sums of money, as they can be lost and/or compromised. In these cases, it is actually better to keep the wallet on equipment that is not connected to the Internet.

  1. Consider using multi-signature addresses

For corporate transactions, or any transactions that require a high level of security, it is possible to use multi-signature addresses, which involve the use of more than one key, the keys usually being stored on separate equipment in the possession of the authorized staff. This way, an attacker will need to compromise all the equipment on which the keys are stored in order to be able to steal the bitcoins, making their task more difficult.

  1. Update your systems regularly

Naturally, any application can have faults, so it is essential to constantly update your Bitcoin clients and your operating system, as well as other products that run on it. Virtual wallets can be affected by any kind of malware that might be hosted on the hardware, so it is recommended to have a properly updated security solution to run full scans on a regular basis.

  1. Get rid of a virtual wallet if you aren’t using it

Lastly, getting rid of a virtual wallet when it is no longer needed requires a careful process to check that it has really been completely destroyed. On Linux systems, you can use the shred command for this purpose, which overwrites the wallet file with random data before deleting it.

Now you know how to protect yourself…

Although it is impossible to guarantee total protection of our assets from digital theft, this shouldn’t stop us from enjoying the use of the technology. So long as we make sure to take the necessary precautions, there’s no reason not to take advantage of the benefits offered by cryptocurrencies as they make inroads into our economy.

by Denise Giusto Bilić, ESET We Live Security


Social Media Users Survey: One in ten had their smartphone lost or stolen

ESET has conducted a survey on social media of smartphone usage ahead of the Mobile World Congress with interesting conclusions: 9.7% of those surveyed users had their phone lost or stolen in the last 12 months, slightly more than 29% do not lock their smartphone, and almost 20% do not backup the content of their smartphone at all.

Last year ESET observed a record number of threats for Android platform – including the first ever file encrypting ransomware for mobile devices. The aim of this survey of around five hundred smartphone users on social media (conducted in February 2015) was to gather data on mobile security.


To protect against any loss of content it is recommended to regularly back up the data stored on a smartphone. Based on ESET’s survey 19.7% of users do not actually back up data at all and 35.7% only do so sometimes, 14.7% do so daily, 19.9% weekly and 10% monthly.


One of the best protection tools against physical breaches of phones is locking the device (security software with Anti-Theft can help locate it as well). However, 29.3 percent do not lock the phone or screen against unwanted access at all, while the majority of those that do – 55.3% – do so with a PIN number, 12.5% use fingerprint and 3% use face detector.


One of the best ways to protect access to business networks as well as personal emails is to use 2-factor authentication. Here we can report a welcome trend, 64.9% of those surveyed already used some form of second authentication for online services (e.g. via text message). This can be especially important for services like online banking which is accessed by 53% of surveyed users. In addition, the survey highlighted the importance of protecting the “cloud” of smartphone users, with 26.9% already using solely these cloud services and 23.1% saving the data both locally and in the cloud.

In January, ESET Ireland has surveyed a thousand Irish computer and mobile users, whether they have ever texted or uploaded a photo of themselves, which would cause them embarrassment if it was made public. 70% of those surveyed in the age group 16-24 have uploaded or texted their embarrassing pictures. The age group 25-34 was just a tiny bit better with 62%, then the numbers slowly decrease down to 14% of those over 55. You can read the full report here.

by Raphael Labaca Castro, ESET and
Urban Schrott, ESET Ireland

7 out of 10 Irish youths shared photos that would embarrass them if made public

February 10th is Safer Internet Day, promoting online safety, particularly to young people. ESET Ireland has just completed its latest Irish online security survey which showed worrying results among Irish youth.

Last year news headlines were full of stories of celebrities online accounts hacked and various private pictures including those of Jennifer Lawrence, Kate Upton, Rihanna, Arianna Grande being stolen. Two years ago ESET Ireland commissioned a survey asking Irish computer and mobile device users if they use any data leakage protection and 74% answered they had no clue what that is. Now the situation seems to have gotten even worse, as not only do people not seem to realise data can get lost or stolen, but they actively put themselves at risk.

In the latest survey by ESET Ireland, carried out in January 2015 by Amárach Research, 1002 Irish of all ages and from all regions were asked if they ever uploaded or shared (to social media, online storage, Snapchat, Instagram, etc.), messaged or texted any picture of themselves that would be embarrassing to them if it was made available to the public and the results were shocking!


No less than 70% of those surveyed in the age group 16-24 have uploaded or texted their embarrassing pictures. The age group 25-34 was just a tiny bit better with 62% being irresponsible, then the numbers slowly decrease down to 14% of those over 55. Region wise Dubliners are the worst offenders with 47% across all ages sending their photos about, while Connaught and Ulster were more conservative with 39%. Income wise, those with higher income lead in carelessness with 43% over 40% of those in the lower income group.

People do not yet seem to realise that once a photo is uploaded it is out there. Online services, cloud storage, emails, social media can and have already been hacked and private data uploaded to them can and has been accessed by unauthorised eyes. If you wouldn’t show an embarrassing photo of yourself insufficiently dressed or having too much fun at a party to your grandmother or your boss, then you’d be better off not uploading or texting it at all.

Do you really need antivirus software for Linux desktops?

This is a shortened version of the article that appeared on ESET’s We Live Security. For the full article, go here.

It started, innocently enough, as a question asked in the ESET Security Forum titled “Eset – Do I Really Need Antivirus On My Linux Distros?” However, the answer to that seemingly simple question on Linux antivirus is more complex than a simple yes-or-no response.

That there’s far less malware for Linux than Windows is not in doubt: A search in ESET’s VirusRadar® threat encyclopedia reveals just a scant few thousand pieces of malicious software for Linux. While that may sound like a large number, ESET processes 250,000 malicious samples every day on average, releasing several thousand signatures for Windows-based malware every few days. And, of course, one should keep in mind that the term “signature” is itself very broad these days: A single signature may be able to detect multiple families of malware; while one family of malware may require tens of signatures to detect all known samples.

Yes, the threatscape out there is dominated by malware that targets Microsoft Windows, but as the world’s most-widely used desktop operating system, Windows is also the most heavily-targeted.

There are many reasons that Linux doesn’t have the same sorts of problem with malware that Windows has, ranging across differences in operating system security models, market fragmentation due to the multitude of distros, and its dearth of acceptance by everyday users as a desktop operating system.

But “few threats” does not mean “no threats at all.” And while some of the more rabid fanatics will point out that Linux doesn’t have a computer virus problem, neither does Windows today: Only about 5-10% of malware reported to ESET’s LiveGrid® threat telemetry system on a daily basis is viral in nature.

Over 99% of the malware observed by ESET on a daily basis is written for the sole purpose of supporting some kind of economically-motivated criminal activity, whether it be a  (Distributed Denial of Service) attack, identify theft, spam, or plain-old robbery, albeit through somewhat newfangled methods of stealing account and transaction credentials for various financial institutions and services.

However, this is not an article about Windows-borne malware, or, at least, that wasn’t the intended topic.  When it comes to Linux and how it fits into criminals’ online activity, the threatscape is a bit different.  Linux has long been a staple of the webhosting world, and if you peer into the silver lining of cloud computing, it often looks more like Tux than, say, Clippy on the inside.  This becomes even more apparent when you look at modern supercomputers:  In 2014’s TOP500 list, just two of the systems listed ran some version of Windows.

I would like to point out then that when I am discussing Linux, I’m referring to the various Linux distributions (or distros, for short) out there, not just the Linux kernel itself.  For that matter, it would be best to extend this concept to cover not just to the distro, but the stack of software that is running on top of it, whether it be a classic LAMP stack for serving up web pages or inside networking gear moving bytes around.

A large part of the Internet runs on Linux, often far away from public view in vast data centers.  Even when Linux is right in front of us, it is often invisible because it is running unnoticed on such devices as modems, routers and set top boxes.  I would like to focus first, though on those data centers.

Linux is very big…

So, what exactly is it that makes Linux ideal for data center environments?  Data centers consist of thousand, tens of thousands or even hundreds of thousands of servers, and managing that many computers rapidly becomes very challenging.  Licensing costs for server operating systems vary, but Linux distros essentially start at free, although enterprises often end up paying for documentation, support and maintenance, or the costs of devoting staff to customizing it as needed.

Likewise, Linux’s support of various network protocols, scripting languages and command shells—that support being typically more diverse than Windows, at least out of the box—means that it is comparatively easy and inexpensive to script management of systems.  And this tends to scale well.

And then there’s performance.  As one of the first operating systems to originate in the Internet era, and coming from an educational rather than commercial background, Linux was designed from the ground up to connect with other systems using standard protocols such as TCP/IP. Indeed, it took Microsoft Windows server operating systems years before they could match Linux in various raw network throughput tests.

…and Linux is very small

Just as Linux scales up to very large computers, it can also be tailored to run on very small devices.  Google’s Android, which largely powers the smartphone and tablet industries, is based on Linux.  You might find devices running Linux throughout your home:  In your family room, such devices as DVRs, media players, set-top boxes and the Smart TVs in your entertainment center might be running Linux, while the broadband modem and network router that connect everything to the Internet run Linux as well.  If smart, digitally-connected kitchen appliances take off, you may also be cooking with Linux one day.

Regardless of what these small devices around your home or office do, though, they have one thing in common:  They don’t look very much like traditional computers.  They don’t have keyboards, or even monitors (unless, perhaps, they are built into your monitor), and you probably access them remotely through your web browser so as to configure and manage them.  If they communicate with you at all, it is perhaps with an LED light or two to let you know they’re working.

The Linux Threatscape

So, what exactly are the threats facing Linux today?

Well, as previously mentioned, Linux usage tends to concentrate in two areas: The very large (data centers) and the very small (embedded in appliances and the like).  In the former case, unless you work around servers all day, you may not be aware of how Linux is behind many of the most popular web sites and relied-upon services we use every day.  And in the latter case, you may simply not be aware that your home router, DVR, set-top box or other “smart” home appliances are running some form of Linux.  Even though both of these cases are not what we traditionally what we think of as “desktops,” it does not mean they are immune to the same kinds of threats, either.

Hosted Linux servers in data centers have long been a part of the malware ecosystem, although probably not in the way most people think of it.   There are many web site hosting companies out there that run outdated, insecure software and have poor system management practices.  They often end up hosting command-and-control servers used by Windows-based malware to phone home for updates and instructions, serve as drop zones used by malware to store stolen information en route to the criminals who have stolen it, and so forth.

Earlier this year, ESET’s researchers uncovered Operation Windigo, an attack mostly targeting Linux servers (some *BSD, Mac OS X Server and even a few Windows servers were also affected), that over the last two years affected over 25,000 servers.  At first glance, 25,000 systems may not seem like a large number, given that many botnets scale to ten or thirty times that size, but when you consider that a single server might host tens, hundreds or even thousands of web sites, the actual number of end users affected by the attack was very large, indeed.

A true anecdote from my own experiences:  A web forum on which I am active was affected by the Windigo campaign for many months.  When I notified the site administrator that I was seeing attempts to pop up advertisements for pornography being blocked by my security software, he told me to check my Windows-based PC for viruses.  It was only several months later that the hosting provider for the forum—a large web host known more for their wallet-friendly pricing than for support or security—admitted that the server on which the site was running had been compromised for the better part of a year.

At the other end of the computing spectrum, we have all of those appliances with computers embedded in them running some version of Linux.  These include devices you might not necessarily think of as computers, such as Smart TVs and DVRs, as well as devices to which you may connect your computer, but do not necessarily think of as having a discrete operating system in them, such as routers, printers, NAS and so forth.  We have seen numerous Smart TVs from companies such as Samsung, Philips and LG that can be taken over remotely, might spy on their users’ viewing habits, or even on the users themselves via built-in webcams.  And there are also worms like RBrute, which modified routers’ DNS settings in order to inject ads, steal credentials and redirect search results.

Threats on the Desktop

Just as the threats targeting Linux servers are very different from those faced by embedded systems, the kinds of attacks on Linux desktops tend to vary as well.

The first thing to understand about attacks on Linux desktops is that these systems are rarely infected by malware such as worms, trojans, viruses and so forth.  While this is partially due to Linux’s security model, the greater reason for this is simply the lack of market penetration by Linux in the desktop space.

These days, malware is used almost exclusively for financial gain by criminals.  In fact, this is so often the case these days that when malware is written for some other purpose, it becomes newsworthy simply for that reason alone.  Case in point:  Win32/Zimuse.  When we do see malware specifically for Linux, it often seems to be written either as a proof of concept or for other research purposes, and is rarely found in the wild on customers’ computers.

This, however, does not mean that Linux is immune to malicious software, especially when it comes to cross-platform threats.  HTML, Java, JavaScript, PDF (Portable Document Format), Perl, php, Ruby and even SWF (Adobe Flash) are all frameworks or languages that are supported under Linux, and these can be just as easily targeted under Linux as under Windows or Mac OS X, although the underlying operating system may still be more difficult to exploit.  Still, having anti-malware software installed means you can receive warning of potential threats.

Likewise, it is not unusual for Linux users to receive file attachments via email, or to be on networks with file shares, both of which can serve as vectors of malware, even if they only target Microsoft Windows.  And, of course, if a Linux-specific worm such as Linux/Ramen was spreading across the network, one would want to protect one’s desktop from it.  But even if the only malware on the network is targeting Windows, having anti-malware software installed can serve as a kind of “early warning” system to notify Linux desktop users that they are connected to an infected network.

As another anecdote, a friend of mine, whom I will call Richard, does exactly this.  A technical writer by vocation, he switched to a Linux-only environment after some bad experiences with Windows Vista.  Richard does maintain an isolated Windows XP system for occasions when he must do something in Windows that cannot be done under Linux, but, regardless of the operating system, all of his computers run anti-malware software.  When people at his office accidentally send an infected file to his Linux desktop, he lets them know in the kind of clear, concise and unambiguous terms used by professional wordslingers.

Closing Thoughts

While Linux desktop systems are not magically immune to malware, they are not saturated with it either, especially in comparison to their Windows brethren.  But, as both Operation Windigo and the escalating increase in Android malware have shown us, wherever a particular platform finds success, criminal elements are not far behind.  While Linux on the desktop remains comparatively malware free today, that may not be the case in the future.  Whether it’s a requirement for compliance reasons, or simply a desire to have an ounce of prevention, anti-malware on the Linux desktop can act as a form of insurance against future attacks.

by Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher


Get every new post delivered to your Inbox.

Join 90 other followers