[vox] Linux viruses?

ME dugan at passwall.com
Sun Jun 13 12:14:30 PDT 2004 

Marianne Waage said:
> Bill Kendrick said:
>>Noticed this article on my newsticker just now:
>> Antivirus vendors await first Linux worm
>> http://www.infomaticsonline.co.uk/News/1155836
>>However, one line in the article piqued my curiosity:
>> Symantec reported that it has found three Linux viruses in the wild
>> since the start of 2004.
>>Anyone have any references to these three?
>
> I always wondered what would happen if you got a virus through something
> emulated like Outlook under wine. There was some other program that let
> you run MS products under linux but I don't recall the name now.

For the most part, viruses are not only architecture specific but also
perating System specific. In cases where a "virus" (or worm) is able to
hist more than one architecture, the virus (or worm) generally has two
parts (executable code for each architecture) while in cases where the
same architecture is the target but with different OS, the few viruses (or
worms) which do this *usually* have each space separate. However, there
was one (a year or so back?) which came out which attacked two OS and even
though is had code separate for different OS, a large part of the malware
was shared between both parts.

For the most part, a virus infecting files in an instance of wine or
vmware may infect files accessible from the windows session, but is
unlikely to infect files which are used in the Linux space. Certainly,
they could infect your windows files and harm them much like a windows
machine that was not being emulated would find.

Many of the kinds of viruses/worms to attack Linux in the wild have been
Worms are were service specific, even in some cases Service, version and
distribution specific.

* Disclaimer 1: this is entirely date-sensitive. A new virus could easily
be built tomorrow to make the above estimation of risk invalid.

** Disclaimer 2: the limit in risk is cause by many things, which include:
more difficult for Linux Viruses to spread to applications when not root
including Macro voruses and worms, 99.99% (or more) of vruses out there
are not multi-OS

More information about the vox mailing list