[vox-tech] [OT] Now I have a virus. Argh!!!!!
Ken Bloom
kabloom at ucdavis.edu
Sun Jul 18 17:05:50 PDT 2004
On Sun, Jul 18, 2004 at 09:40:52AM -0700, Rick Moen wrote:
> Quoting boombox (boombox at cokeaholic.com):
>
> > Of course, if you don't want to spring for antivirus, you could just make
> > sure only to boot up in windows when you are playing, since I don't know
> > of any Linux viruses. Makes you think.
>
> I've been making a list of the known Linux viruses. It turns out to be
> really easy to make one, but (except during rare vulnerability windows
> when there's a nice juicy security hole that's just been discovered and
> that you've figured out how to exploit) damned near impossible to get
> them to be executed and spread.
>
> Staog, Bliss, Vit, RST (Remote Shell Trojan), Gildo, OSF, Kagob, Satyr,
> Rike (Rike.1627), Winter (Lotek), Diesel, Nuxbee, Winux (PEElf, Pelf),
> Svat, Obsidian.E, Simile (Etap), Jac, Pavid (Alfa.dr), Telf, Ynit,
> Zipworm (distinctive only in that it likes to infect ELF files in Zip
> archives), and Penguin: These are all "ELF infectors", where "ELF" is the
> standard Unix binary format. To activate these, you must literally
> decide to run a binary infected with them, e.g., someone mails you a
> binary file and says "Please run this not-especially-trustworthy binary
> executable." Doing so would of course be really dumb; the consequence of
> being dumb in that particular fashion is that some number of Linux
> executable binaries set to be writable by the user's account would get
> modified to include a copy of the virus. Note that the user is thereby
> enable only to shoot at his _own_ foot: No regular installed
> applications could be affected, because those are not writable by
> regular users: Only binary executables in /home/username/bin/ and such
> could be affected (and seldom do users have any).
I imagine the caveat to that last statement is that if one of these
ELF infectors were able to take advantage of a privelage elevation
attack, then they could infect any binary - although those kinds of
attacks are few and far between, and they are patched quickly.
--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20040718/218a15f5/attachment.bin
More information about the vox-tech
mailing list