Ask Slashdot: Is GNU/Linux Malware a Real Threat?

New submitter m.alessandrini writes "I've been using Debian for a long time, and I'm not a novice at all; I install system updates almost daily, I avoid risky behaviors on Internet, and like all Linux users I always felt safe. Yesterday my webcam suddenly turned on, and turned off after several minutes. I'm pretty sure it was nothing serious, but I started thinking about malware. At work I use noscript and other tools, but at home I have a more relaxed browser to be used by other family members, too. Here I'm not talking about rootkits or privilege escalation (I trust Debian), I think more of normal user compromise. For example, these days much malware come from malicious scripts in sites, even in advertising banners inside trusted sites, and this is more 'cross-platform' than normal viruses. So, what about non-root user malware? How much could this be real? And how can you diagnose it?"

Do you deal with customers?

[Doug Otto]

When I ran Linux on my laptop for work I always ran some form of AV. I really wasn't concerned about my own machine being compromised. The scenario that bothered me was the potential for a client to send me an infected file which could get forwarded to another customer. Do to the nature of our business, at the time, that would've been rather embarrassing.

Re:Preinfected

[CheshireDragon]

It would help if the manufacturers would preinfect their software so we could stop worry about "if" we are infected and move towards just accepting it.

This is actually happening with phones now. just read some of the permissions of Facebook, Chrome, Firefox and a few others. They can take a photo or record audio without your permission.

Re:Linux's Biggest Threat is Human Engineering

[Time_Ngler]

Also, do not ever copy and paste commands directly in your terminal from an untrusted website, even if you do understand them:

http://thejh.net/misc/website-terminal-copy-paste [thejh.net]

Re:Don't worry

[Anonymous Coward]

How was the rootkit installed? Can you please elaborate on what security failures were involved?

Not sure if you are looking for how he did it, or indirectly doubting the story, but in case this is in doubt - there are plenty of Linux rootkits.

http://blog.sucuri.net/2013/02/linux-based-sshd-rootkit-floating-the-interwebs.html [sucuri.net]
http://www.securelist.com/en/blog/208193935/New_64_bit_Linux_Rootkit_Doing_iFrame_Injections [securelist.com]
http://arstechnica.com/security/2012/11/new-linux-rootkit-exploits-web-servers-to-attack-visitors/ [arstechnica.com]
http://packetstormsecurity.com/UNIX/penetration/rootkits/ [packetstormsecurity.com]
http://www.slideshare.net/AndrewCase/omfw-2012-analyzing-linux-kernel-rootkits-with-volatlity [slideshare.net]

list could go on for quite a while..

Re:lsof is your friend

[buchner.johannes]

Should be /dev/video*

Re:someone's spying on you

[ozmanjusri]

As for this specific case? As somebody who works on systems 6 days a week? Yeah...smells like he has an infection.

I doubt it. You're just too used to Windows.

The Australian Communications and Media Authority's statistics breakdown shows of about infected 16,500 devices online at any one time, 20 Windows viruses make up more than 16,400 of the active IPs. Rarer Windows viruses, and Mac, iOS, Linux and Android infections all total less than 100 infections.

http://www.acma.gov.au/WEB/STANDARD..PC/pc=PC_600121 [acma.gov.au]

If the OP's computer IS actually compromised, it's far more likely to be a targeted attack or insider job than a random infection. My money's on a friend, family or associate with access to the machine.