What You Need to Know About WannaCry Infecting Linux

Several days have passed since WannaCry has wreaked havoc on the world with its clever use of an SMB exploit found within Windows, yet the malware continues making the news with new information and speculation surrounding its origins, its trajectory, and the potential for more massive attacks.

Some local press organizations around the world have even made wild claims about the virus, sometimes going as far as to say that North Korean leader Kim Jong Un is responsible. Wild assertions like these aside, there is one troubling piece of information that caught my attention suggesting that Linux is not immune to the WannaCry infection, and that’s just not completely true.

wannacry-portable

It’s foolish to assume that Linux is completely impervious to attacks. The Titanic was once called an unsinkable ship, yet today she lays at the bottom of the Atlantic Ocean unable to finish the maiden voyage she embarked on in 1912.

The idea that an attack could be carried out on Linux is kind of scary, and the news that WannaCry could infect the operating system has raised some concerns among its users. Some of them were asking whether this is even possible on forums around the Web.

In fact, the effect was strong enough to warrant a post on openSUSE’s blog halfheartedly implying that while it is technically possible for WannaCry to get some privileged access into Linux through WINE (for the uninitiated, that is the Windows emulator), a metric ton of things would have to go horribly wrong for this to happen in the first place. And most of those things would have to be done by the user.

For example, you would have to provide WINE with a way to gain access to your home directory by letting it run with root permissions (e.g. using “sudo” before “wine” in the terminal). Even then, the worst-case scenario is that WannaCry will gain access to the home folder.

As long as you are not running applications like WINE as root and opening WannaCry through it, you shouldn’t worry about being infected. If you run applications as they are meant to run on Linux, they will do so under an enclosed system with certain restrictions. It is generally harder for an application to overstep the boundaries set for it by the operating system than it would be under Windows. You’d have to practically try to infect yourself with the WannaCry worm in order to encounter any effect from it.

wannacry-root

When something running on Linux tries to get the operating system to do something with root privileges, it will ask you for your password. If you’ve used Linux for a long time, you’re probably already used to the password prompt appearing every time you update an application or install a new one. It’s just part of the daily grind. And if you get a password prompt out of nowhere, that should arouse your suspicion.

Just remember that although Linux is an armored tank, you are the driver. An operating system is a tool (this also applies to Windows, by the way), and how you use it largely determines how safe you will be. Yes, Linux does a great job of protecting you from most threats, but it’s only doing seventy percent of the work. The rest of it has to come from your own vigilance.

Use the tool the way it is meant to be used and don’t get complacent. Most importantly, do not rely on convenience to complete a job. Don’t change folder permissions to a higher level than they should be. Do not run applications as root when they don’t need it. Follow these simple rules and you should be fine.

Do you know more ways that Linux users can protect themselves from potential threats? Let us know in a comment!

5 comments

  1. Hello (sorry for my English: it’s not my native language!),

    I agree!

    I use Linux since 2009 and I never had security issues: when I ran Windows I had to fight against any kind of virus too many times… I think the linux kernel is strong enough and the way Linux is built is different from Windows, so if you allow unknown stuff enter in your PC, it’s just because you WANT! :-)

    Yes, as you say it’s a tool: a hammer can be good but it can hit your thumb as well! :-)

    I also think that a good way to be protected is to use well supported distros: for example I use Debian, which is one of the most stable and well built Linux distros. I use only official repos, or if I want to add some repos, I make a search and see if they are reliable. I try to download from synaptic as much as possible.

    I don’t use Wine but I run Windows on VM with a good updated AV, two antimalwares and a sandbox, avoiding to surf any download, streaming or gaming sites and avoiding cracked software (it’s not only illegal, but it can be dangerous too). My web surfing activity is only with Linux and I try to be careful but not paranoid! I trust Firefox because it’s constantly updated and it’s well supported.

    What else? I don’t open emails from unknown senders, using Gmail on web (Google can spy me ok, but I have nothing to hide and it offers the best email service and an excellent SPAM filter) and I use strong passwords for my accounts, changing them randomly ( but not very often to be honest).

    Well, I’m not a developer, nor programmer, so I cannot be more detailed about security of kernel and the way it’s built (I’m talking about code), but I can say if Windows gave me a lot of issues, Linux made my “cyber-life” better and safer!

    Cheers!

    Bert

  2. From a strictly technical point of view, speaking as an ex-programmer, WannaCry makes me wanna cry. It seems as if it’s creator either wanted it to be stopped or was just trying out some idea(s). I wonder why (s)he used a hardwired domain name rather than a recursively randomly generated one. A randomly generated domain name would have allowed the malware to keep spreading even if it found one of its domain names registered.

    Maybe in its current form, WannaCry presents very little danger to Linux systems. However, with a little tweaking, could it be made into a Linux threat? Or is Linux’s compartmentalization enough to stop it?

    • As far as I can see this all depends on the USER clicking on an email or attachment file? I don’t know how this could even run in Linux without user-intervention. I have been using Linux since 2002/’03 and I have watched a lot of things happen in the IT industry, there have been vulnerabilities and exploits that have existed in the Linux-sphere for decades, but it seems they only get famous when someone reports them…not when someone gets “hit” by them. When you compare this to Windows vulnerabilities and exploits?…..seems they make their news by someone reporting of a company getting hit…or falling victim to it. I just think that regardless of OS a user should be as cautious as if they were walking in a swamp full of methane gas…with a burning torch in their hand!

      As for tweaking WannaCry and if it could be made to become a threat to Linux systems? I feel that most of the Linux-using community would be smart enough to know NOT to run their OS in root mode, and as the article said….if you’re chugging along….working on your laptop or desktop and all of a sudden a pop-up appears asking for sudo privileges?…well that might be the extent of its danger level, as no one enters their root password without first knowing what’s asking for that permission, and WHY they need it. So no….I don’t think there could be a way for this to be tweaked to be a threat to Linux…..even if they figured out a way to get it to execute in the background?…it would be under a standard user’s account…the minute it needs to gain access to the root-level files and folders? the first thing its going to ask for is?……the root password. Which once again would need input from you…the user….which would once again prompt you to find out WHAT is asking for that permission…and WHY they need it? This isn’t to say there aren’t other threats that exist in Linux-land….but these are more script oriented and require less input from the user, things like self propagating fork-bombs….or other forms of hi-jinks that can bring a Linux system to its knees…but once again…as long as you are careful with your computer, and you don’t run it under root?….then you should be fine.

  3. “WINE (for the uninitiated, that is the Windows emulator)”

    LMAO. Guess what? You’re the uninitiated one if you call WINE a Windows emulator. Any Linux user would know that WINE is not an emulator (in fact, even the full name tells you so!).

    • For a general audience, it’s perhaps better to just call it an emulator than to write this: “(for the uninitiated, this is an application environment that says it’s not an emulator while translating Windows API calls into POSIX calls from applications, making it operate rather differently from a virtual environment which requires loading an entire operating system into memory; which is funny considering lots of functions in their source code are ‘m_emulate’ this and ‘gEmulator’ that)”.

      Most people don’t care about semantics, so most people will still call that an emulator. And there is still debate about this. The fact that despite their best efforts, developers sometimes accidentally (or other times ironically) use the word “emulate” in some of their functions should say a lot about this conception.

Comments are closed.

Sponsored Stories