Re: Linux Virus

To: John Griffiths <john@capmon.com>
Cc: Mark Devin <mdevin@ozemail.com.au>, Debian-user <debian-user@lists.debian.org>
Subject: Re: Linux Virus
From: Ben Collins <bcollins@debian.org>
Date: Wed, 28 Mar 2001 22:19:10 -0500
Message-id: <[🔎] 20010328221910.T8462@visi.net>
In-reply-to: <[🔎] 3.0.5.32.20010329130749.036a87b0@mailhost.capmon.com>; from john@capmon.com on Thu, Mar 29, 2001 at 01:07:49PM +1000
References: <[🔎] 3AC2A414.2315FC29@ozemail.com.au> <[🔎] 3AC2A414.2315FC29@ozemail.com.au> <[🔎] 20010328220007.S8462@visi.net> <[🔎] 3.0.5.32.20010329130749.036a87b0@mailhost.capmon.com>

On Thu, Mar 29, 2001 at 01:07:49PM +1000, John Griffiths wrote:
> At 10:00 PM 3/28/2001 -0500, Ben Collins wrote:
> >On Thu, Mar 29, 2001 at 12:55:16PM +1000, Mark Devin wrote:
> >> Does anyone know anything further on this new W32.Winux virus.
> >> Check out this link:
> >> http://news.cnet.com/news/0-1003-200-5329436.html?tag=st.cn.1.lthd
> >> 
> >> Surely this virus cannot overwrite executables that require root
> >> permission? Or can it?
> >
> >No, if this virus actually exists (and I doubt its true, or even
> >particularly threatening), it can only affect your files. Unless you are
> >in the bad habit of reading email as root, and executing random
> >attachments manually.
> 
> At this point the virus is just a proof of concept, no payload and no replication existing only on the author's HD and the copy he emailled to the anti-viral company.
> 
> the proven concept may be used to do more interesting things.

The concept is still dependent on the user executing an attachment
(depending on their email client, which most Linux clients are smart),
and it can still only affect user owned files, not root (unless said
email is read, and attachment is executed, by root).

Anyone can do that. I can write a C program and send it to you that
emails me /etc/passwd and /etc/shadow. You still have to be dumb enough
to execute it. That's not a virus, that's social trickery. Now, if it
emails itself (and remember with Linux there are several dozen email
programs, so finding the right address book format is pretty hard), then
it is viral, sort of, since you still have to manually execute it.

Yes, it is pretty nifty that it can run on i386-Linux and Windows using
basic asm. However, that is a very limited thing, and for it to really
do someting useful, it will need to do a lot more, and will most likely
be less able to run on both Windows and Linux from one binary.

IMO, this is nothing completely new or innovative. ASM has been around a
long time, even before viruses. It all boils down to people being smart
enough not to accept attachments form people they don't know, and
especially don't execute programs sent to you randomly over the
internet.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

Reply to:

Follow-Ups:
- Re: Linux Virus
  - From: John Griffiths <john@capmon.com>
- Re: Linux Virus
  - From: Dave Sherohman <esper@sherohman.org>

References:
- Linux Virus
  - From: Mark Devin <mdevin@ozemail.com.au>
- Re: Linux Virus
  - From: Ben Collins <bcollins@debian.org>
- Re: Linux Virus
  - From: John Griffiths <john@capmon.com>

Prev by Date: Re: Your have received a message.
Next by Date: Re: Linux Virus
Previous by thread: Re: Linux Virus
Next by thread: Re: Linux Virus
Index(es):
- Date
- Thread