Dealing with Linux Malware
Mar. 21, 2016•0 likes•1,804 views
Download to read offline
Report
Technology
We often hear that viruses do not affect Linux systems. If it was only true... To understand why there is malware in the first place, we look at the reasons for evildoers to create harmful software. When that is clear, we move on by defining several types of malware, to finally focus on a very particular one, the rootkit. A quick course into the cleverness of rootkits follows, with the related challenges it offers for detection. We close the session by giving tips on detection and prevention.
Michael BoelenFollow
Recommended
Linux Security Scanning with LynisMichael Boelen
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014Michael Boelen
Handling of compromised Linux systemsMichael Boelen
Linux HardeningMichael Boelen
Linux Security, from Concept to ToolingMichael Boelen
Linux Security for DevelopersMichael Boelen
More Related Content
What's hot
Migrate from windows to linuxMarJose Darang
kali linux.pptxanumeha bhatnagar
Introduction to MetasploitHossein Yavari
Hacke windows med windows - avanserte angrepOddvar Moe
![[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...](https://cdn.slidesharecdn.com/ss_thumbnails/shellshockopensourceday2015english-151205143256-lva1-app6891-thumbnail.jpg?width=384&height=256&fit=bounds)
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...Andrea Draghetti
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
![[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...](https://cdn.slidesharecdn.com/ss_thumbnails/shellshockopensourceday2015english-151205143256-lva1-app6891-thumbnail.jpg?width=1600&height=908&fit=bounds)
Viewers also liked
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockThreat Stack
Real Time Malware Defense System in LINUXDilip Jaiswal
MR201501 Latest trends in Linux MalwareFFRI, Inc.
Malware Defense-in-Depth 2.0Ayed Al Qartah
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
Protecting confidential files using SE-LinuxGiuseppe Paterno'
Similar to Dealing with Linux Malware
On hacking & security Ange Albertini
Understanding and implementing website securityDrew Gorton
![Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]](https://cdn.slidesharecdn.com/ss_thumbnails/overtakingproprietarysoftwarewithoutwritingcode-130505135823-phpapp02-thumbnail.jpg?width=384&height=256&fit=bounds)
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]OpenSlidesArchive
Playing with fuzz bunch and danderspritzDeepanshu Gajbhiye
Bulletproof IT SecurityLondon School of Cyber Security
Renan Mara on What is FOSS and SFD.CP-Union
![Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]](https://cdn.slidesharecdn.com/ss_thumbnails/overtakingproprietarysoftwarewithoutwritingcode-130505135823-phpapp02-thumbnail.jpg?width=1600&height=908&fit=bounds)
![[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들](https://cdn.slidesharecdn.com/ss_thumbnails/20104thcodeengnwindow31artofkeylogging-130720171134-phpapp01-thumbnail.jpg?width=1600&height=908&fit=bounds)
Recently uploaded
How is AI changing journalism? Strategic considerations for publishers and ne...Damian Radcliffe
"The Intersection of architecture and implementation", Mark RichardsFwdays
Omada Pitch Decksjcobrien
"Data Mesh in Kubernetes", Andrii SyniukFwdays
"Software Architecture for Humans!", Eberhard Wolff Fwdays
Product Research Presentation-Maidy Veloso.pptxMaidyVeloso
Dealing with Linux Malware
- 1. Dealing with Linux Malware Rootkits, Backdoors, and More... Utrecht, 19 March 2016 Michael Boelen michael.boelen@cisofy.com
- 2. Agenda Today 1. How do “they” get in 2. Why? 3. Malware types 4. In-depth: rootkits 5. Defenses 2
- 3. Interactive ● Ask ● Share ● Presentation 3
- 4. Michael Boelen ● Security Tools ○ Rootkit Hunter (malware scan) ○ Lynis (security audit) ● 150+ blog posts ● Founder of CISOfy 4
- 5. How do “they” get in
- 6. Intrusions ● Simple passwords ● Vulnerabilities ● Weak configurations ● Clicking on attachments ● Open infected programs 6
- 7. Why?
- 9. 9
- 10. Types
- 11. ● Virus ● Worm ● Backdoor ● Dropper ● Rootkit Types 11
- 12. Rootkits 101
- 13. Rootkits ● (become | stay) root ● (software) kit 13
- 14. Rootkits ● Stealth ● Persistence ● Backdoor 14
- 15. How to be the best rootkit?
- 16. Hiding ★ In plain sight! /etc/sysconfig/… /tmp/mysql.sock /bin/audiocnf 16
- 17. Hiding ★★ Slightly advanced ● Rename processes ● Delete file from disk ● Backdoor binaries 17
- 18. Hiding ★★★ Advanced ● Kernel modules ● Change system calls ● Hidden passwords 18
- 19. Demo
- 20. Demo 20
- 21. Demo 21
- 24. Challenges ● We can’t trust anything ● Even ourselves ● No guarantees 24
- 26. Defense
- 27. Defenses At least ● Perform security scans ● Protect your data ● System hardening 27
- 28. Scanning » Scanners ● Viruses → ClamAV ● Backdoors → LMD ● Rootkits → Chkrootkit / rkhunter 28
- 29. Scanning » File Integrity ● Changes ● Powerful detection ● Noise AIDE / Samhain 29
- 30. System Hardening » Lynis ● Linux / UNIX ● Open source ● Shell ● Health scan 30
- 31. Conclusions
- 32. Conclusions ● Challenge: rootkits are hard to detect ● Prevent: system hardening ● Detect: recognize quickly, and act 32
- 33. You finished this presentation Success!
- 34. More Linux security? Presentations michaelboelen.com/presentations/ Follow ● Blog Linux Audit (linux-audit.com) ● Twitter @mboelen 34
- 35. 35