Re: Virus Scanner 64 bits version ??

To: Michele Concina <psycosm1981@yahoo.it>
Cc: debian-amd64@lists.debian.org
Subject: Re: Virus Scanner 64 bits version ??
From: Karl Magdsick <kmagnum@gmail.com>
Date: Mon, 17 Oct 2005 23:41:56 -0400
Message-id: <[🔎] cd8ecdef0510172041k67e19387h2e30994039aa05da@mail.gmail.com>
In-reply-to: <[🔎] 2PW4f.42071$133.11766@tornado.fastwebnet.it>
References: <[🔎] pan.2005.10.16.17.11.57.943992@wanadoo.fr> <[🔎] 20051017065329.GK16411@mail.lowpingbastards.de> <4Yx8I-83h-3@gated-at.bofh.it> <[🔎] 2PW4f.42071$133.11766@tornado.fastwebnet.it>

Don't get lazy just because you're running *nix.

If your unprileged user account got infected, it could still wipe out or corrupt
all of that user's data, and/or infect any binaries or source code writeable
by that user.  Your command shell initialization/customization scripts are
executed at every login and usually an process running as your user
can set the permissions on these files to make them writeable by your user.

One Halloween somewhere in 1997-1999, the MIT chapter of Phi Kappa Sigma
advertised their Skuffle party using a virus that infected a user's
dotfiles.  I remember
that the virus stored most of itself in ${HOME}/.../   In the MIT
Athena system, users'
home directories are on the AFS networked filesystem.  A user with an infected
home directory would infect a workstation upon login, and all people
subsequently
logging into that machine would have their home directories infected. 
After a centain
date, infected machines displayed a party advertisement as part of the
xlogin screen.

The machine may have had the root password hard-coded into the virus, since the
root password to the public workstations is available to all students.
 On the other
hand, the virus would have been able to infect non-public workstations
if it aliased
logout (and modified configuration files to use a fake xlogout) to
display a fake login
screen and then used su (and some kerberos commands) to emulate the behavior
of a regular login.

I don't recall if the virus ran on Solaris, IRIX, and Linux Athena
stations, or a subset
thereof.  In any case, it was certainly possible that the virus was
cross-*nix and
did not require root access to spread.  I believe the majority of the logic was
implemented as tcsh scripts, with modified xlogin binaries dragged
along for the ride.



-Karl

>
> mmh..just a stupid question..do i need a virus scanner? r there virus
> for linux? i thought that was impossible to be "infected" coze how can a
> virus install itself if i use my os not as root?
> I'm just a newbie so i don't know so much about security on debian and
> GNU/Linux systems....
> michele
>

Reply to:

References:
- Virus Scanner 64 bits version ??
  - From: Thierry <lenaig@wanadoo.fr>
- Re: Virus Scanner 64 bits version ??
  - From: Frederik Schueler <fs@lowpingbastards.de>
- Re: Virus Scanner 64 bits version ??
  - From: Michele Concina <psycosm1981@yahoo.it>

Prev by Date: Re: Virus Scanner 64 bits version ??
Next by Date: Re: Wireless on HP NX6125 (64bit) fixed
Previous by thread: Re: Virus Scanner 64 bits version ??
Next by thread: Re: Virus Scanner 64 bits version ??
Index(es):
- Date
- Thread