Linux Virus Found!!!!!

[The Unknown]

Avast today, found a new virus in my redhat fedora system. It is from Nutcracker Family of viruses. It is in one of the file from /usr. Should i delete it or not?

[vignesh]

Can you post which file ?

[mehulved]

http://www.fedoraforum.org/forum/sho...d.php?p=577427 remove the crap.

[eddie]

Its twice in very few days that I am seeing this Avast reporting false positives. Sounds a very crappy app to me...

[praka123]

^afaik no AV needed for Linux,if u got to serve ur windows users some files,then Only these AV's which are nothing but win32 virus scanners are needed:

Quote:

One of the most common questions I hear new Linux users ask is "What program should I use for virus protection?" Many of them lose faith in me as a source of security information when I reply, "None." But you really don't need to fear malware on your new platform, thanks to the way Linux is built.

Savvy Windows users have to watch their virus checkers as closely as the head nurse in the ICU keeps an eye on patient monitors. Often, the buzz in the Windows security world is about which protection-for-profit firm was the first to discover and offer protection for the malware du jour -- or should I say malware de l'heure? The only thing better than having backed the winning Super Bowl team come Monday morning at the office coffeepot is having the virus checker you use be the one winning the malware sweepstakes that weekend.

If a rogue program finds a crack in your Windows armor, paying $200 per infection to have your machine scrubbed and sanitized by the local goon^H^H^H^H geek squad not only helps to reinforce the notion that you have to have malware protection, but that it has to be the right protection, too. The malware firms are aware of this, and all of their advertising plays upon the insecurity fears of Windows users and the paranoia that results. Chronic exposure and vulnerability to malware has conditioned Windows users to accept this security tax.

It's no wonder, then, that when Windows users are finally able to break their chains and experience freedom on a Linux desktop, they stare at me in disbelief when I tell them to lay that burden down. They are reluctant to stop totin' that load. They have come to expect to pay a toll for a modicum of security.

I try to explain that permissions on Linux make such tribute unnecessary. Without quibbling over the definitions of viruses and trojans, I tell them that neither can execute on your machine unless you explicitly give them permission to do so.

Permissions on Linux are universal. They cover three things you can do with files: read, write, and execute. Not only that, they come in three levels: for the root user, for the individual user who is signed in, and for the rest of the world. Typically, software that can impact the system as a whole requires root privileges to run.

Microsoft designed Windows to enable outsiders to execute software on your system. The company justifies that design by saying it enriches the user experience if a Web site can do "cool" things on your desktop. It should be clear by now that the only people being enriched by that design decision are those who make a buck providing additional security or repairing the damage to systems caused by it.

Malware in Windows Land is usually spread by email clients, browser bits, or IM clients, which graciously accept the poisoned fruit from others, then neatly deposit it on their masters' systems, where malware authors know it will likely be executed and do their bidding -- without ever asking permission.

Some malware programs require that you open an attachment. Others don't even require that user error. By hook or by crook, malware on Windows often gets executed, infecting the local system first, then spreading itself to others. What a terrible neighborhood. I'm glad I don't live there.

On Linux, there is built-in protection against such craft. Newly deposited files from your email client or Web browser are not given execute privileges. Cleverly renaming executable files as something else doesn't matter, because Linux and its applications don't depend on file extensions to identify the properties of a file, so they won't mistakenly execute malware as they interact with it.

Whether newcomers grok permissions or not, I try to explain the bottom line to them: that because they have chosen Linux, they are now free of having to pay either a security tax up front to protect themselves from malware, or one after the fact to have their systems sterilized after having been infected.

So Linux is bulletproof? No. Bulletproof is one of the last stages of drunkenness, not a state of security. Linux users, like users on every operating system, must always be aware of security issues. They must act intelligently to keep their systems safe and secure. They should not run programs with root privileges when they are not required, and they should apply security patches regularly.

Misleading claims and false advertising by virus protection rackets to the contrary, you simply don't need antivirus products to keep your Linux box free of malware.

Slashdot

http://security.linux.com/article.pl...37251&from=rss

but for new UNIX*/Linux users:DOnt ever try internet or network as root user,i know it may be tempting.but stay away from this habit.root is the admin or super user.most of the distros simply disables root user login in gdm itself,for the same reason.

[The Unknown]

Quote:

Originally Posted by vignesh

Can you post which file ?

Code:

2007-05-01 21:05:14	Found virus 'Nutcracker family' in file '/usr/share/locale/pa/LC_MESSAGES/redhat-artwork.mo/PartNo_0#860842075'.

Quote:

Originally Posted by praka123

^afaik no AV needed for Linux,if u got to serve ur windows users some files,then Only these AV's which are nothing but win32 virus scanners are needed:
http://security.linux.com/article.pl...37251&from=rss

but for new UNIX*/Linux users:DOnt ever try internet or network as root user,i know it may be tempting.but stay away from this habit.root is the admin or super user.most of the distros simply disables root user login in gdm itself,for the same reason.

Thanx for the tip. I browse the internet as root.

Quote:

Originally Posted by eddie

Its twice in very few days that I am seeing this Avast reporting false positives. Sounds a very crappy app to me...

I don't think so. I had backed up some files from one of my old lappy. That lappy has Win 95, a virus. Avast Linux; said 2 files had viruses. I deleted them.

[mehulved]

I told you remove the crap.

[The Unknown]

Quote:

Originally Posted by tech_your_future

I told you remove the crap.

Can u explain, what is "crap"?

[mehulved]

avast

[The Unknown]

Quote:

Originally Posted by tech_your_future

http://www.fedoraforum.org/forum/sho...d.php?p=577427 remove the crap.

Thanx for the link. It is windows virus.

Quote:

Originally Posted by tech_your_future

avast

Avast is the crap??

[mehulved]

They're showing the false positive since FC4 till now. And if they can't fix it after such a long time, it's nothing but crap.

[The Unknown]

Quote:

Originally Posted by tech_your_future

They're showing the false positive since FC4 till now. And if they can't fix it after such a long time, it's nothing but crap.

Agree

[Pathik]

^^ then remove it..
Moral of the story: u dont need antiviruses on linux..

[praka123]

^and dont browse as root user.for root powers try 'sudo' instead.

[The Unknown]

Quote:

Originally Posted by praka123

^and dont browse as root user.for root powers try 'sudo' instead.

Please explain "sudo" with an example

[anantkhaitan]

By default 'sudo' is not enabled for general user in Fedora as I experienced..
U can use 'sudo' for executing a command with root priviledge, Mind it one command! Once u r done, u r again a normal user unlike 'su'.
use it like this

Quote:

$ sudo <command>

For enabling sudo in fedora follow this 'Enanling SUDO' thread.

[The Unknown]

Quote:

Originally Posted by anantkhaitan

By default 'sudo' is not enabled for general user in Fedora as I experienced..
U can use 'sudo' for executing a command with root priviledge, Mind it one command! Once u r done, u r again a normal user unlike 'su'.
use it like this

For enabling sudo in fedora follow this 'Enanling SUDO' thread.

Thanx

[mehulved]

or

Code:

man sudo

type this in the terminal or on google

[GNUrag]

besides, the directory /usr/share/locale/ contains localisation data, and language translations. there is no change of a virus being hidden in language translations.

haha, if that would have been case, you would see the virus' body in your file menu, help about dialog and where not

[vignesh]

Quote:

Originally Posted by The Unknown

Thanx for the tip. I browse the internet as root..

I don`t think thats a very good idea.. Linux is safe but still using the root account is not a very good think to do.