Carelessness busts Linux security

Summary:No operating system can ever properly protect a computer from trojans as long as users continue to do silly things. Just because Linux is immune to your standard drive-by viruses it does not mean that it can escape trojan horses.

No operating system can ever properly protect a computer from trojans as long as users continue to do silly things. Just because Linux is immune to your standard drive-by viruses it does not mean that it can escape trojan horses.

The latest reminder to be vigilant comes via the users unfortunate enough to download and install a malicious screensaver from gnome-look.org.

Although the malicious content is now removed, the code fragments left show what the trojan's potential may have been.

The program inserted a bash script into /usr/bin/ by using wget and then executing the script. Originally the script's contents were a ping command but this was later changed to:

rm -f /*.*
echo "You see this? It's changed, before it was set to ping?"

Thankfully, the delete command above will be mostly ineffectual in Linux systems. But just as Windows users need to be wary of downloads from third-party sites, so too should Linux users not trust non-repository content.

The fix for this "infection" is rather simple, but despite the simplicity and ineffectiveness of this trojan, it should still serve as a Linux security wake-up call. Not for the operating system itself, but for the people using it.

If users continue to trust arbitrary code, then security risks will occur.

Topics: Security, Linux, Open Source

About

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.