I have come across two tales of Linux malware. I'm revisiting them now to ask: do these stories suggest that using anti-virus software is necessary or advantageous?
In December 2009, malware was found inside a screensaver on gnome-look.org. The malware was a "script with elevated privileges designed to perform a DDoS attack as well as keep itself updated via downloads".
The moral of the story was clear: don't install software packages from untrusted sources.
The malware script can be found in the Ubuntu forum post linked to in the story above, so I decided to save the script as a text file and send it to VirusTotal, to see how many if any anti-virus programs detect it. I found that somebody had already done this, a couple of days after the malware was discovered, and that no anti-virus program at VirusTotal had detected the script at that time.
I then hit the 'Reanalyse' button to see what the result would be seven months later.
This time, eight anti-virus programs detected the script as malicious.
The two points that can be made here are:
- None of the anti-virus products on VirusTotal (which is most of 'em) would have detected this script as malware during the time it was available to download.
- Even seven months later, only a small number of anti-virus programs would detect this malicious script.