Ubuntu: Which file formats are used to make viruses in Ubuntu? [closed]


Which file formats are used to make viruses in Ubuntu? For example, most Windows viruses are written in .exe format, but I can’t identity the usual format in Ubuntu.


Contrary to popular belief there are Viruses for Linux and quite a lot too. While they are much less common on Linux and require you to allow them into the system most of the time, they still exist.

Viruses are not limited to a file type, on Ubuntu or Windows. There is not a certain type of file to avoid or anything like that, just be careful. Linux is secure, as long as you are careful.

Some things you can do to be safe are:

  1. Don't download from 3rd parties unless you trust what you're downloading.
  2. Use apt or Launchpad (Ubuntu's code hosting service) and similar services to get software from the source.
  3. Avoid copying and pasting terminal commands you find online, especially if you don't understand them.

You can also use an anti virus like clamav if you want to scan your system for any threats.

sudo apt-get install clamav  

Install clamtk for a gui.

Here is some reading on common linux viruses and how to deal with them.


Extensions mean nothing. While windows cares about em, there's non .exe viruses. In linux, your extension matters little. "What kind of file" is a little more elemental.

Essentially in linux, its likely to be some flavour of ELF binary, perhaps as a static or shared object.

It might even hook into the kernel as a module or otherwise as a rootkit, or simply replace a core operating system tool or component with its own one.

Not all of them are though - there's java viruses, as class files, assembly based shellcode exploits or even the possibility of malware written in bash (though how it would be run to start with would be interesting).

So essentially, if you arn't sure, don't trust it ;)


I'm going to address malware in general for this answer, not just viruses.

Viruses on Linux are not restricted to a particular file extension / type.

To better understand what we're talking about, we first need to understand the link between extensions and file types and how viruses actually work.

In Windows, .exe files contain files in a PE (Portable Executable file format, which is a format that contains binary executable data. This executable data gets loaded into memory and is then executed by interpreting the instructions in that data.

This means that the easiest way to run your code is to package it into an .exe. There's other ways as well, however. PDF files are notoriously insecure because they contain parts that can be interpreted by the reader. This means that an embedded script can abuse weaknesses in the reader's security and for example search for and modify other PDF files on the system.

It can get even worse. You can abuse programming mistakes in applications to inject malicious code directly into the computer's memory. Once it's there, those instructions can be run as native code and often with high privileges, with devastating results.

So how does this work under Linux?

Linux, like Windows, has a binary executable format. Windows has the PE format, Linux the ELF format. Unices in general have a much less pronounced file extension requirement, so ELF files usually are extension-less. Linux uses Magic Numbers to identify those files, which is why it doesn't need the extensions.

Binaries are, however, not at all popular as a malware distribution method under Linux. This is because end-users very rarely actually manually open binaries they receive. Binaries are installed and managed by the package manager, not the end-user. So the malware needs other attack vectors to inject its code onto the victim.

This means that those other methods (code injection, scripting) are much more popular as malicious code carriers.


The distinction here is not done by file extension, but by a file property set by a command

chmod +x filename  

This way you can make executable from a binary file as well as from a script file.


ls -l  

you can list the file properties by a safe manner before execution.

Also, you can run:

file filename  

to display more detailed data about a file.


Extensions and executables have little or nothing to do with each other on Windows or Linux, and extensions have nothing at all to do with virus's. When given an explicit file to act on, both operating systems look at the file's header to decide what to do with it. When there is ambiguity in the file name, the two OS's use slightly different strategies to identify the intended target. For example, if you type "echo hello" into the windows run box, the windows terminal or a linux terminal, both will look in each directory in the PATH environment variable for a file called "echo" that has execute permission and attempt to execute it with the argument "hello". Windows will also look for the file "echo.com", "echo.exe", "echo.bat", "echo.cmd", "echo.vb" and a bunch of other extensions that I can't remember off hand, plus any extensions mentioned in the PATHEXT environment variable, before it moves on to the next directory and if it finds a match, it will attempt to execute that.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »