Malware on GNU/Linux

Balzac's picture
Submitted by Balzac on Sun, 07/13/2008 - 19:00

A response to this post:
How do you get down off an elephant?

Specifically, I disagree with this assertion from the article:
"A virus is simply a Windows program, so it doesn't run in Linux."

That's an inaccurate definition of the term "virus" which seems to suggest there are no virii for any operating systems other than Windows.

Also malware includes not just virii, but worms, trojans and root-kits. These known and widely available tools are not the only options available to intruders either.

GNU/Linux users should not have any false sense of security just based on the fact that viruses designed for exclusively for windows won't run on GNU/Linux.

Here is a list of "Linux computer viruses" according to a page on

The following excerpt lists various kinds of malware, not just virii:

The following is a partial list of known Linux malware:


    * Kaiten - Linux.Backdoor.Kaiten trojan horse[5]
    * Rexob - Linux.Backdoor.Rexob trojan[6]


    * Alaeda - Virus.Linux.Alaeda[7]
    * Bad Bunny - Perl.Badbunny[4][8]
    * Binom - Linux/Binom[9]
    * Bliss
    * Brundle[10]
    * Bukowski[11]
    * Diesel - Virus.Linux.Diesel.962[12]
    * Kagob a - Virus.Linux.Kagob.a[13]
    * Kagob b - Virus.Linux.Kagob.b[14]
    * MetaPHOR (also known as Simile)[15]
    * Nuxbee - Virus.Linux.Nuxbee.1403[16]
    * OSF.8759
    * Podloso - Linux.Podloso (The iPod virus)[17][18]
    * Rike - Virus.Linux.Rike.1627[19]
    * RST - Virus.Linux.RST.a[20]
    * Satyr - Virus.Linux.Satyr.a[21]
    * Staog
    * Vit - Virus.Linux.Vit.4096[22]
    * Winter - Virus.Linux.Winter.341[23]
    * Winux (also known as Lindose and PEElf[24]
    * ZipWorm - Virus.Linux.ZipWorm[25]


    * Adm - Net-Worm.Linux.Adm[26]
    * Adore[27]
    * Cheese - Net-Worm.Linux.Cheese[28]
    * Devnull
    * Kork[29]
    * Linux/Lion (also known as Ramen)
    * Mighty - Net-Worm.Linux.Mighty[30]
    * Millen - Linux.Millen.Worm[31]
    * Slapper[32]
    * SSH Bruteforce[33]

We're all still responsible as individuals for our own information security. It's not good to have a false sense of security just because windows malware doesn't run on GNU/Linux systems.

Should we scan our GNU/Linux system for malware or hostile network activity? I wouldn't recommend against the idea. Neither would I suggest people buy any proprietary software to handle the task. Using proprietary software for your security is ironic, since using proprietary software compromises your privacy, autonomy and security by default.

Getting familiar with Nmap, Snort, Firestarter, Squid, Tor, GPG, and ClamAV would be a good start for those who choose to remain responsible for their own security. One might also try auditing their wireless network with air-crack.

Better to be aware of your vulnerabilities (however few or many they may be) instead of putting absolute confidence in the security of pre-configured software downloaded from repositories.

dave's picture


15 years 40 weeks 20 hours 50 min ago


Don't forget to submit your blog posts

At this point we haven't made it so that blog posts get submitted to the upcoming queue automatically so don't forget to do that with each post. You'll also need to include a link of where people should go to vote up your posts as a comment. If blogs prove popular we will add a voting form into blog entries too. I have submitted your one for you:

3rdalbum's picture


15 years 40 weeks 19 hours 7 min ago


A response

Has anyone seen any of this malware in the wild in the past couple of years?

I agree, the word "virus" does not necessarily refer to a Windows-based phenomina, but I was trying to get across the point that the viruses that the new users are familiar with, are not present on Linux.

There are a fair few inaccuracies in the article I wrote, but I've written it this way to increase the transfer and understandability of the message. The intended audience is not really *us*, so to speak, it's new users who consider "Get anti-virus" to be the configuration step immediately after "Boot the new system and enable Compiz". The utilities you mention, although fantastic for maintaining top-notch security, are also not intended for newbies.

Thanks for your blog post, I appreciate the comments about my article.

dehumanizer's picture


15 years 40 weeks 13 hours 54 min ago


"Has anyone seen any of this

"Has anyone seen any of this malware in the wild in the past couple of years?"

In fact, I haven't gotten any malware on my Windows computer for years. It has to be used wisely too.

By the way, the article poster deserves respect for reacting to the brainless FUD.

3rdalbum's picture


15 years 39 weeks 6 days 16 hours ago



Which article poster, and which FUD, are you talking about? :-)

I used to think that Windows could be safe if used carefully and with a firewall protecting its open ports. That was, until zlob.downloader made its way onto my father's Windows PC and started pestering him to buy this anti-spyware program - how ironic!

After that episode, I convinced him to switch to GNU/Linux, and I publicly apologized on my favorite web forums for trying to convince Windows users to get rid of their anti-virus programs and "just be careful online". Maybe my father was just really really unlucky, but if he (possibly me, I was the previous owner of the computer) could get spyware on Windows, I'm sure anyone can.

Balzac's picture


15 years 40 weeks 10 hours 26 min ago


Microsoft and proprietary security software vendors

seem difficult to distinguish from a protection racket to me.

I agree with you about the general improvement of your security to be gained merely from choosing GNU/Linux over Microsoft Windows.

bogdanbiv's picture


15 years 40 weeks 12 hours 35 min ago


Extending the list to malware should include Rootkits

Rootkits originated in a UNIX environment: hence the name Root Kit.

And remember malware never goes away completely. So, we may never let our defenses down.

Best karma users