Recent blog posts

Chuck Norris is not a Linux virus

Can Linux-based network routers get it? Yes. Is it malware like Windows' viruses and worms? No.

By sjvn  29 comments

February 23, 2010, 1:39 PM Get a grip people. A recent story about the so-called Chuck Norris botnet implies that it breaks Linux's security. Wrong.

Windows malware, whether it comes in the form of a Trojan, virus, or worm, works by exploiting security holes in either the operating system itself or an application like Adobe Reader or Internet Explorer. Whatever the bug or the method it uses to arrive on a Windows PC, the fundamental way it uses to exploit the system is that Windows itself is inherently insecure.

While Chuck Norris runs on Linux-based DSL modems and routers, it doesn't actually attack Linux at all. Instead, it runs as a normal Linux application. So how does it get there if it doesn't try to crack Linux? It infects routers by trying common and default passwords. That's it. That's all there is to it.

To blame Linux because someone is so dumb as to not change the default password is kind of like blaming Honda or Ford for their car anti-thief systems for not preventing your car from being stolen if you left the doors unlocked and the key in the ignition. At some point, the user has to take responsibility for basic security and this most recent assault on modems and routers is a perfect example.

How do you prevent this from happening to you in the first place? Look up how to change your device's password and give it a new one that's not mindlessly simple to guess. And, how do you get rid of it if you already have it? Reboot the device. Don't know how to do that? Try pulling the plug and then putting it back in. Mission accomplished.

Linux has security problems. This isn't one of them. This is a network security for dummies problem.

Any time you get a device that uses a password -- DSL modem, cable modem, router, whatever -- the first thing you should do after making sure it works is to change the default password to something that combines letters and numbers and isn't easy to guess. That alone will stop Chuck Norris faster than Bruce Lee did in Way of the Dragon and 99% of all other common router password attacks.

29 comments

Anonymous 1 year ago
There are many competing in our lives, Aion Kinah game as is. Click on Buy Aion Kinah to play
Flag comment  |  Permalink Reply
Anonymous 1 year ago
Here’s a recent video of real Chuck Norris pushing down the earth (NO JOKE!) http://www.youtube.com/watch?v=H9Eo-TbivU4 It was recommended to me by a friend to put on my toilet Chuck's new "Official Chuck Norris Fact Book" and watch what happens. Every guest I have over is laughing from the bathroom. Every toilet in America needs one on it. Awesome caricature drawings too in each of the 101 entries. See and check out a few examples at http://www.tyndale.com/x_products/details.php?isbn=978-1-4143-3449-3
Flag comment  |  Permalink Reply
Anonymous 1 year ago
Never realized what a freetard echo chamber this place is. Maybe you guys should spend less time spreading your uninformed FUD around messageboards and more time improving your craptacular OS?
Flag comment  |  Permalink Reply
Anonymous 1 year ago
Aaaah security, It's an industrial scam sucking people out of a bunch of money and simply having them think bad thoughts about their neighbours.
Flag comment  |  Permalink Reply
Anonymous 1 year ago
Users that do not change their default passwords are not necessarily dumb, they just don't realize the risks.
Flag comment  |  Permalink Reply
Anonymous 1 year ago in reply to Anonymous
Heck there are people that dont even know what that "little box" does, I can not tell you the number of times that I have had to explain why some people have "two little boxes when personX only has one" or that one accesses the net and keeps you safe from some forms of attack only to explain you still need virus protection on their windows machines..... ignorance, not stupidity, just uninformed people.
Flag comment  |  Permalink Reply
Anonymous 1 year ago
To find a vulnerability in Linux you have to beat out all the other people also looking. And you would have to deal with the large variation in configurations and the fact those immediately impacted can quickly work to patch it up without waiting for a vendor. Basically, there is much more competition outside of closed source monopolies. Linux uses competitive code and patching. Windows much less so.Also, when you write in the dark, leveraging fewer people and have levels of access within the company that further restrict who has access to what, many dirty things can be snuck inside the code that would be caught and not pass muster out in the open. Not only can you be sloppy in the dark, but you can exercise your bad judgment in many ways end users would not tolerate if they knew the details.Note that Microsoft likes people to write about Windows specific malware as malware on "computers", yet they appear all to eager to see a problem related to computer passwords (which transcends platforms) as a Linux problem if the OS happened to have been Linux instead of Windows.By the way, as an important aside related to the greed and bad judgment of those working within Microsoft, some of the comments on the link below suggest a future we might have waiting for us where a small group of megapatent owners (like ex-softies) dictate just what most people can and can't do and what royalties they have to pay for the privilege of doing those they are allowed to do. This wonderful world is brought to us complements of the patent monopolies irresponsibly granted through the government's broken patent system.The USPTO and the whole patent scam needs to end for all time, certainly when it comes to business method, software, etc, types of patents [ie, process patents]. We need to make sure legislators don't add these things back if the courts remove them. See discussion here http://www.againstmonopoly.org/index.php?perm=593056000000002612
Flag comment  |  Permalink Reply

Add a comment

Post a comment using one of these accounts
Or join now
At least 6 characters

Note: Comment will appear soon after you have activated your account.
Obscene/spam comments will be removed and accounts suspended.
The information you submit is subject to our Privacy Policy and Terms of Service.

ITworld LIVE

SecurityWhite Papers & Webcasts

White Paper

A Proactive Approach to Server Security

Learn why security-conscious organizations are taking a more proactive approach to server security. Download this Spire Research whitepaper to understand how you can eliminate the threat caused by today's more advanced threats and protect your organization's most valuable data.

White Paper

Protection Against Modern Cybersecurity Threats

Download this case study to learn how this accounting and consulting giant uses Bit9's adaptive application whitelisting to offer employees flexibility without jeopardizing enterprise safety.

White Paper

Stop Hackers Before They Attack

Hacktivism, Identify Theft, Financial Gain, Cyber War - regardless of motivation, stopping today's hackers requires a new proactive approach to protecting endpoints. Learn how this New England hospital, breached multiple times by targeted attacks, put an end to the malware with Bit9 Parity. Their IT team can now identify malware and secure PCs and workstations -protecting patient care and privacy.

White Paper

From the Frontline - Preventing APT

Is your company's network secure? Are your endpoints and servers secured? Before you answer, read this case study on a US Military Command that discovered no matter how much you educate users, hackers can get through traditional defenses. This targeted attack blew through all layers of their security, except one: Bit9 Parity's advanced threat protection.

White Paper

Protecting Point of Sale Systems from Targeted Attack

If you are responsible for protecting retail systems, download this case study to learn how this retailer eliminated the threat of malware on their POS systems using Bit9's award winning solutions.

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join Now

New questions

What is the best software for recovery of deleted files?
0 answers
What business apps do you find most useful for tablets?
0 answers
How well do those privacy screen protectors work?
2 answers
Eligibility criteria to work at Microsoft or Google as a software engineer
1 answer
Why not use a prepaid mobile carrier for business use?
3 answers
View more questions

Ask a question

Join Now or Sign In to ask a question.
Ask a Question