Linux Malware vs Phishing Schemes

Monday Dec 15th 2014 by Matt Hartley

Are Linux users more threatened by malware or phishing schemes? The difference isn’t even close.

For years now, we’ve been told about the dangers of how various types of malware like worms and other threats were going to catch the growing Linux user base off guard. As of the year 2014, nothing remotely close to this has happened. Malware exists, but for desktop Linux users, it’s a non-issue.

Despite this fact, there continues to be rumors that malware "could" affect desktop Linux users. It seems the mere "threat" holds greater proof of concept than the reality that no one is actually seeing malware threats on their Linux desktop.

In this article, I’ll examine current threats to the Linux desktop and explain why I believe phishing is far more dangerous to most Linux users than malware.

Linux exploits are primarily targeting servers

One of the first things I’d like to point out is that when it comes to the exploits targeting Linux, it’s the server – not the desktop – that is at the greatest risk. Servers are front-facing appliances exposed to the web. This means patches/updates must be applied on a regular basis to minimize the risk of the server being exploited.

While it’s true that the desktop is also facing the web, it’s not the same sort of destination as a web server. See, Linux desktops are far more likely be exploited by an open port and poor firewall settings than an actual "in the wild" exploit. Obviously, there may be exceptions to this in the future. But for the time being, the most dangerous exploit I’ve found with the Linux desktop is human error and complacency, not malware.

As it turns out, the real threat is more human than machine. And the name of that threat is phishing.

Phishing schemes are cross platform

I don’t care how savvy you happen to be, most of us have had close calls with phishing schemes. Some of the easiest to fall into are those shared via social media. A trusted friend shares a link on Facebook, not thinking much of it when you’re asked to log back in and then it hits you -- that wasn’t really Facebook that asked you to login.

Even for advanced users on the Linux desktop can fall prey. Perhaps you're multitasking while working on your laptop, maybe a family member asks you a question or you’re watching TV. The above situation can happen very easily and while you will catch on, it might already be too late. Another example might be Amazon asking you to re-affirm your payment info. Then it hits you that the link you rolled your mouse over in that email isn’t really Amazon at all.

As you can see from my above example, phishing schemes aren’t something that only affect those falling for faked banking emails or spoofed PayPal alerts. Sometimes it’s stuff that’s mundane enough to seem legit, worse yet, these things can happen when you’re not paying close attention.

The media effect

Where things can go from bad to worse, is when the media gets ahold of something legitimate that happens to something with technology. Cross-platform, state-sponsored spying becomes "Linux malware threat." When we read stuff like this, it’s important to take a step back and examine the facts. More often than not, stuff being reported in this space is a non-issue or is simply taken completely out of context.

Making matters worse is when the tech media perpetuates this kind of nonsense. This is the segment of the media we like to believe knows better than to perpetuate Linux FUD. Sadly though, this isn’t always the case.

Personally, I believe the tech media has been chomping at the bit to see Desktop Linux experience one really big malware outbreak. This would serve two ways: One, it provides really juicy news stories for tech writers. And two, it does wonders for writers who have claimed that Linux is just as insecure as other operating systems.

If it executes code…

Old code, new code, if it can be executed, the device running said code is potentially at its mercy. So while there have been great strides in OS security, app containers, and other safety layers from which to feel safe with -- anything that executes code "could" be a risk. The key thing to remember however, is just because something is possible doesn’t mean it’s going to happen. It’s possible I might win the lottery and buy a small island. Yet, when we look at the odds, the numbers simply don’t add up.

Therefore, while malware scares such as Turla might indeed be frightening to think about, one must remember you’re not likely the target of such an attack. In short, this worm simply isn’t targeting end users -- you don’t have data that the creators of this worm are looking for. Sorry to disappoint you, but unless you work for the government or a pharmaceutical company, this isn't the worm you should be watching out for.

Realistically, the most likely malware you "could" stumble upon is from an unchecked, hacked user-specific software repository or a software package designed to run code to screw up your Linux install. However, neither of these things are common or very likely to happen.

The real threat is us

Like I mentioned previously, the most likely attack vector is going to be a combination of human distraction and a phishing scheme. After all, it requires far less coding skill to craft a clever looking webpage to mirror a legitimate one, versus constructing a highly advanced piece of malware.

Still think I’m wrong and you’re too smart to fall for a phishing scheme because Linux users are so tech savvy? How about this: Right now, there is a report going around on Google+ that Google is offering users a free gift credit for using Google Wallet. It’s a legit campaign, but now let’s look at how easily this can be exploited. On G+, you can post a url to your status and remove the actual address itself. The image or title, will show instead. On a smartphone, you’re not going to think twice about clicking this address.

Oops, sorry, that link was in fact a fake. But don’t worry, while you were casually logging into your Google account on that page, your login was being recorded. It happens and it happens all too easily. The same can happen just as easily on the Linux desktop.

Malware a threat on the Linux desktop? Perhaps someday, as malware for Linux technically exists. But it’s going to be phishing schemes on social media that are the bane of our existence. Just watch, it’ll happen sooner than later. My advice is to think twice before clicking on a link. Just because we enjoy the greatest platform in the world doesn’t mean we can’t fall victim to our own egos.

Also see: Best Linux Desktop: Top 10 Candidates

The 9 Best Linux Distros

100 Open Source Replacements for Expensive Applications

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved