计算机病毒及其防范技术（第2版） 教学课件 作者 978 7 302 25452 2 第7章 Linux病毒.pptVIP

Linux病毒技术 上海交通大学信息安全工程学院 刘功申 本章的学习目标： 了解Linux的安全问题 掌握Linux病毒的概念 掌握Linux下的脚本病毒 掌握ELF病毒感染方法 Linux安全吗？ 一个最大的误区就是很多高性能的安全操作系统可以预防计算机病毒。 另一个误区就是认为Linux系统尤其可以防止病毒的感染，因为Linux的程序都来自于源代码，不是二进制格式。 第三个误区就是认为Linux系统是绝对安全的，因为它具有很多不同的平台，而且每个版本的Linux系统有很大的不一样。 Linux病毒列表 Slapper: The most dangerous Linux worm; its network-aware and in August 2002 it exploited a flaw in OpenSSL libraries in Apache servers with OpenSSL enabled. Bliss: Also a well-known bug, it infects ELF executables, locating binaries with write access and overwrites those with its own code. Staog: Considered the first Linux virus, it infects ELF executables. Typot: A Linux Trojan that does distributed port scanning, generating TCP packets with a window size of 55808. Mydoom : Windows worm have network propagation and process termination capabilities to launch a denial of service (DoS) attack on . TNF： A DDoS agent.Makes ICMP flood, SYN flood, UDP flood, and Smurf attacks. It also has the capability of installing a “root shell” onto the affected system. R16.A: Delete file in the current directory.Overwirte /bin/cp, /bin/ls. Create /usr/SEXLOADER, /usr/TMP001.NOT. RAMEN: The first virus in Linux. Overwrite all index.html in the system. Add two ftp account “anonymous and ftp” in the system. Add itself’s script in /etc/rc.d/rc.sysinit. rpc.statd (port 111/udp ) , wu-ftpd (port21/tcp), LPRng (port 515) LINDOSE.A: A rare cross-platform scourge, able to jump Windows PE and Linux ELF executables. Its a proof-of-concept worm and has not hit the wild. MSTREAM.MST : A DDoS agent. It will open TCP port 6732 and UDP port 9325. Create master and server files. ADORE.A: A internet worm. Overwrite /bin/ps.VExecutes ICMP, and opens port 65535. BIND, wu-ftpd, rpc.statd, lpd. CHEESE.A: Include GO shell script, CHEESE“ perl script, and “PSM” ELF.shell script GO runs perl script CHEESE. Delete all /bin/sh in /etc/inetd.conf. Close inetd. QUASI: It will infect ELF files in the current directory. It has no destructiveness. P