[plug] Linux Viruses
Craig Foster
fostware at iinet.net.au
Mon Mar 10 19:09:42 WST 2003
Umm yeah, ELF/OSF,8751 - Apparently it's a popular bomb for those who
have been r00ted. Saw it in an old attack for a apache race condition
dump, which then ran the file, which set itself suid, and opened up a
rogue ssh daemon. It infects other ELF binaries when executed.
Nasty, but it's the only Linux virus I've seen in the wild. Even then,
it was secondary to the exploit.
Regards,
Craig Foster
fostware at iinet.net.au (with SMIME)
> -----Original Message-----
> From: Craig Ringer [mailto:craig at postnewspapers.com.au]
> Sent: Tuesday, March 11, 2003 3:51 PM
> To: plug at plug.linux.org.au
> Subject: [plug] Linux Viruses
>
>
> > Are viruses for Linux really that common?
>
> Nope. There's the occasional worm that exploits flaws
> in server software (apache, sshd, etc) but I've never
> heard of /any/ viri in the usual sense (executable-infecting
> virus, email worm/trojan, etc).
>
> > I mean...this is the first time I've actually
> > heard of anything regarding a Linux virus.
>
> One hears discussion occasionally, but that's about it.
> Linux is not immune to viri, but it is harder for a virus
> to cripple the system since nobody in their right mind runs
> as root. So a virus can't infect shared executables.
<snip>
> Generally the worst that could happen is damage to and/or
> theft of user data - and is infection should be easy since
> root can't get infected without a lot of effort. I don't
> expect viri to ever become a serious problem for linux,
> even once they do appear.
>
> Craig Ringer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3238 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20030310/ad13e77f/attachment.bin>
More information about the plug
mailing list