Apparently some malware has been found in both a .deb file claiming to install a screen saver and a theme pack over on Gnome-Look. Which is a shame since I use that site regularly to find new wallpapers and themes.
So Ubuntu is now the target of criminals? All the tech press places all of desktop Linux at 1% of the market and claim in the same breath that figure is a generous estimate. Why then are criminals targeting something that has only 1% of the desktop PC market. It makes no sense unless Linux is much bigger than 1%. It would be interesting to find out what has changed the criminals minds. Are Linux users simply too naive? Too cocky? Too arrogant? Too stupid? Clearly criminals now see Linux desktops as vulnerable targets ripe for the picking.
This is both an interesting and frighting development. However we have at least exposed a vector of infection for Linux systems. Anybody could build a .deb or .rpm package file or even a normal tarball. Clearly without the protection of the community maintained repositories these methods of installation are just as vulnerable to misuse as Windows .exe files. Which is something many people in the Linux community including myself hadn't considered. Normally we tell people an installation script requires permission to run. So we're protected. The trouble is I don't think many people give entering their password a second thought when installing from a .deb package. Most of us simply trust them.
So this is a wakeup call to Linux users and in particular to Gnome and Ubuntu users. Be vigilant. Be careful about your chosen software sources. If you're installing something from a web site be sure to scan it first! Linux has a very good anti-virus application available in the repositories of most decent distributions. It's called ClamAV. While this is a command line application there are several front ends available. The most popular at the moment is ClamTK. Use the following commands to install them to your system. Remember you'll need to enter your password when installing software.
So Ubuntu is now the target of criminals? All the tech press places all of desktop Linux at 1% of the market and claim in the same breath that figure is a generous estimate. Why then are criminals targeting something that has only 1% of the desktop PC market. It makes no sense unless Linux is much bigger than 1%. It would be interesting to find out what has changed the criminals minds. Are Linux users simply too naive? Too cocky? Too arrogant? Too stupid? Clearly criminals now see Linux desktops as vulnerable targets ripe for the picking.
This is both an interesting and frighting development. However we have at least exposed a vector of infection for Linux systems. Anybody could build a .deb or .rpm package file or even a normal tarball. Clearly without the protection of the community maintained repositories these methods of installation are just as vulnerable to misuse as Windows .exe files. Which is something many people in the Linux community including myself hadn't considered. Normally we tell people an installation script requires permission to run. So we're protected. The trouble is I don't think many people give entering their password a second thought when installing from a .deb package. Most of us simply trust them.
So this is a wakeup call to Linux users and in particular to Gnome and Ubuntu users. Be vigilant. Be careful about your chosen software sources. If you're installing something from a web site be sure to scan it first! Linux has a very good anti-virus application available in the repositories of most decent distributions. It's called ClamAV. While this is a command line application there are several front ends available. The most popular at the moment is ClamTK. Use the following commands to install them to your system. Remember you'll need to enter your password when installing software.
- Open a terminal window.
- Type sudo apt-get -y install clamav clamtk then press enter.
- Remember to scan your system regularly.
I think you meant "vigilant" and not "vigilante."
ReplyDeleteSpeeling is over rated.
ReplyDelete