Another Reason Linux trumps Windows any day!
I ran across this article on Cnet today:
“Comparisons between two mass Javascript injection attacks suggest they may be related, according to a security company. The latest attack has compromised various sites including one United Nations and several UK government sites with links to malicious servers.
On Tuesday Websense reported seeing distinct similarities between attacks staged earlier this month and over the weekend. Specifically, they cite the use of the same tool to execute the attack being resident on the malicious server. Last summer various groups used the MPACK toolkit to propagate a similar series of Javascript injections.
Javascript injections are browser attacks and require no more effort than appending a script tag to the end of the URL. If a legitimate site is vulnerable to script injection, an attacker can add a script tag to the Web-facing page of the site so that subsequent views will automatically download whatever content is within the script tag. Often the script tag contains calls out to a malicious server.
A user need only stumble upon a compromised site to become infected. In this case, when viewing a compromised site, the injected Javascript loads a file named 1,js. The file is located on a malicious server, which then attempts to execute eight different exploits targeting Microsoft applications.
As of Tuesday, two other files named McAfee.htm and Yahoo,php were no longer active.
A quick review by CNET News.com found that travel and academic sites continue to host the injected Javascript code.”
Yes, the virus was inserted through a vulnerability through the browser/site, and not Windows, but that is not the point I am trying to make here. The key phrase in this story is ” attempts to execute eight different exploits targeting Microsoft applications.” As I have mentioned before, one of the biggest reasons that viruses are less common on Linux systems, besides the fact that the OS itself is significantly more secure, is that pretty much all viruses designed these days are for Windows, and, recently for Macs. I use Ubuntu Linux, as you know if you have spent 2 minutes on this blog. I have never gotten a virus. Admittedly, I have not used Ubuntu that long, but In the amount of time that I have used Ubuntu, I would, at the rate I caught viruses on Windows, through AVG, have probably 7-10 on here by now. I feel much safer when browsing the internet, and take a lot more risks. I know that I can safely go onto any site I want, and not suffer any ill effects, because I am invulnerable to outside attack. I would like to point out though, just to prove that I am being fair here, that browser-specific viruses can still be caught, while on Linux. No matter what the Operating System, a virus designed for Firefox will still penetrate Firefox. However, there are still ways to circumvent this. Firefox is good, because the majority of the browser-specific viruses are targeted for IE6/7. Also, Opera is another alternative, although it might be vulnerable to some of the Firefox-specific viruses, since it uses the same plugins as it.
