Frequently Asked Questions

Frequently Asked Questions

What is malware?

Malware is MALicious softWARE.

What is *nix?

*nix is a shorthand term for Unix-like operating systems.

Which operating systems are Unix-like?

The most commonly used *nix systems in 2021 are Linux, Android, and MacOS. Other examples of Unix-like operating systems are FreeBSD, OpenBSD, NetBSD, Solaris, AIX, IRIX, For more information about Unix-like operating systems, check out this Wikipedia article.

Can malware infect *nix systems?

Yes.

What are the different types of malware?

Malware comes in many forms. Some examples are viruses, backdoors, rootkits, trojans, spyware, adware, coin miners, and ransomware.

Why study *nix malware?

I feel that there is a lack of material related to *nix malware. Over the last few years, *nix systems have gained a significant amount of popularity. Right now, Android systems are used on the most devices worldwide.

Most of the security analysts that I know personally are weak with *nix systems compared to Windows systems. While I do not have concrete evidence to explain this phenomenon, I suspect that it is due to the market share of Microsoft products in enterprise environments.

Although Windows systems in enterprise networks continue to dominate the market, many organizations utilize *nix systems for important systems which reside on privileged segments of the network. Examples of such systems are networking equipment (routers, switches, firewalls, proxies, IDS systems, …), databases, security appliances, printers, and industrial equipment.

What is persistence?

Persistence in the context of malware are methods used to maintain access to a system.

What is a GTFObin?

GTFObins are binaries and scripts commonly present on a *nix system which can be abused to provide malware-like functionality.

An example of a GTFObin is ssh. While ssh is intended to be used by systems administrators, attackers can use it to logon to remote systems, transfer files, break out of restricted shells, and read files.

Where can I obtain *nix malware samples?

Obtaining *nix malware samples can be tricky. Many sites are invite only or subscription based.

VirusTotal – Subscription based for obtaining samples.

VirusShare – Invite only.

https://objective-see.com/malware.html

How can I analyze *nix malware?

There are many tools available for static and dynamic analysis of *nix malware.

How can I protect myself against malware?

Apply patches and updates regularly.

Scan your assets for vulnerabilities on a regular basis and action any findings.

Baseline your systems and periodically compare your systems’ states to this baseline.

Implement a backup solution. Periodically test your ability to restore from backups.

Use AV, IDS, and EDR software.

How can I detect malware on *nix systems?

Search for Indicators of Compromise.

Compare your systems to a known good baseline.

Deploy IDS or EDR software.

Hunt for persistence mechanisms.

Are there any courses related to *nix malware?

PentesterAcademy – Linux Forensics

SecurityTube Linux Assembly Expert (SLAE)

SecurityTube Linux Assembly Expert x86_64 (SLAE64)

SecurityTube GNU Debugger Expert

Are there any books related to *nix malware?

Yes. Compared to books which focus on Windows-based malware, the selection for *nix malware books is somewhat limited. Many system development books can be excellent resources for learning about malware.

Leave a comment