Malicious Linux Binaries: A Landscape
Abstract
Linux applications are finding their role on important computer systems. As their use grow, they become target for malware. Therefore, understanding the security impacts of malware infections on them is essential to allow system hardening and countermeasures development. In this paper, we evaluate malicious ELF binaries to present a landscape of current threats. We discuss the challenges and pitfalls of analyzing samples on this platform and compare the identified behaviors to the ones presented by other platforms' samples.
References
0x71 (2016). Cuckoo for linux. [link].
A, M. K. (2015). Automating linux malware analysis using limon sandbox. [link].
Asmitha, K. A. and Vinod, P. (2014). A machine learning approach for linux malware detection. In 2014 Int. Conf. on Issues and Chal. in Intel. Comp. Tech. (ICICT).
Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., and Kruegel, C. (2009). A view on current malware behaviors. In Proc. of the 2Nd USENIX LEET.
Botacin, Geus, and Grégio (2015). Uma visão geral do malware ativo no espaço nacional da internet entre 2012 e 2015. [link].
Cozzi, E., Graziano, M., Fratantonio, Y., and Balzarotti, D. (2018). Understanding linux malware. In 2018 IEEE Sec. & Priv.
Damri, G. and Vidyarthi, D. (2016). Automatic dynamic malware analysis techniques for linux environment. In 2016 INDIACom.
Gebai, M. and Dagenais, M. R. (2018). Survey and analysis of kernel and userspace tracers on linux: Design, implementation, and overhead. ACM Comput. Surv., 51(2).
Grégio, A. R. A., Afonso, V. M., Filho, D. S. F., Geus, P. L. d., and Jino, M. (2015). Toward a taxonomy of malware behaviors. The Computer Journal, 58(10):2758–2777.
Itsfoss (2017). Desktop linux now has its highest market share ever. [link].
KA, A. and P, V. (2014). Linux malware detection using non-parametric statistical methods. In 2014 Int. Conf. on Adv. in Comp., Com. and Inf. (ICACCI).
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. v. d., and Platzer, C. (2014). Andrubis – 1,000,000 apps later: A view on current android malware behaviors. In BADGERS ’14.
Shahzad, F., Bhatti, S., Shahzad, M., and Farooq, M. (2011). In-execution malware detection using task structures of linux processes. In 2011 IEEE Int. Conf. on Communications (ICC).
TrendMicro (2017). Erebus linux ransomware: Impact to servers and countermeasures. [link].
A, M. K. (2015). Automating linux malware analysis using limon sandbox. [link].
Asmitha, K. A. and Vinod, P. (2014). A machine learning approach for linux malware detection. In 2014 Int. Conf. on Issues and Chal. in Intel. Comp. Tech. (ICICT).
Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., and Kruegel, C. (2009). A view on current malware behaviors. In Proc. of the 2Nd USENIX LEET.
Botacin, Geus, and Grégio (2015). Uma visão geral do malware ativo no espaço nacional da internet entre 2012 e 2015. [link].
Cozzi, E., Graziano, M., Fratantonio, Y., and Balzarotti, D. (2018). Understanding linux malware. In 2018 IEEE Sec. & Priv.
Damri, G. and Vidyarthi, D. (2016). Automatic dynamic malware analysis techniques for linux environment. In 2016 INDIACom.
Gebai, M. and Dagenais, M. R. (2018). Survey and analysis of kernel and userspace tracers on linux: Design, implementation, and overhead. ACM Comput. Surv., 51(2).
Grégio, A. R. A., Afonso, V. M., Filho, D. S. F., Geus, P. L. d., and Jino, M. (2015). Toward a taxonomy of malware behaviors. The Computer Journal, 58(10):2758–2777.
Itsfoss (2017). Desktop linux now has its highest market share ever. [link].
KA, A. and P, V. (2014). Linux malware detection using non-parametric statistical methods. In 2014 Int. Conf. on Adv. in Comp., Com. and Inf. (ICACCI).
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. v. d., and Platzer, C. (2014). Andrubis – 1,000,000 apps later: A view on current android malware behaviors. In BADGERS ’14.
Shahzad, F., Bhatti, S., Shahzad, M., and Farooq, M. (2011). In-execution malware detection using task structures of linux processes. In 2011 IEEE Int. Conf. on Communications (ICC).
TrendMicro (2017). Erebus linux ransomware: Impact to servers and countermeasures. [link].
Published
2018-10-25
How to Cite
GALANTE, Lucas; BOTACIN, Marcus; GRÉGIO, André; GEUS, Paulo Lício de.
Malicious Linux Binaries: A Landscape. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 18. , 2018, Natal.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 213-222.
DOI: https://doi.org/10.5753/sbseg_estendido.2018.4160.
