[SATLUG] Scarry stuff...How to write a linux virus in 5 easy steps

James Tiner jtiner at satx.rr.com
Thu Feb 19 11:33:08 CST 2009


OK guys, I'm going to argue on a few technical notes. First, examples of
this (I must admit I only glanced at the article) are not examples of a
virus. They are an example of a Trojan. These require someone to open
the gates and pull the horse through.

With that in mind, where does the responsibility of the user come in?
What is to be done? furthermore, this will affect the home user much
more than enterprise users because enterprises better control access to
root permissions which leaves a single user compromised versus the whole
system as a normal user is not going to have sudo access nor know the
root password.  

Now, how do you propose keeping user responsibility and accountability
away from the user? These trojans are not using an open hole in the code
to get through, they are using social engineering to get through. Of
course, this is a hypothetical and not 'in the wild' thing so I don't
think that it is a big problem now, but the old saying is if it is not
expected and not from someone you know, then delete it. That truly fixes
this problem. Practice safe computing.  

On Thu, 2009-02-19 at 10:43 -0600, ed wrote:
> As Linux grabs more market share on the home desktop, its only natural, 
> a matter of time, before the bad guys start (if they haven't already) 
> writing exploits for it, and, as the article shows, finding ways to get 
> around root to execute them.  And, if that's not enough, many of the 
> same Java exploits that work in Winderz will also at least load on a 
> Linux machine (Verifier Bug and Black Box Class, for example), whether 
> or not they'll actually run at present.
> 
> Many anti-virus program writers are concerned enough about it to write 
> Linux versions of their software, and are ever on the look-out for 
> dedicated exploits.  Most of the forward-looking Kaspersky-engined AV 
> companies produce and disseminate Linux variants of their wares.  I'm 
> currently testing two - AVG and Avast!  Can't say, beyond the Java 
> exploits, that I've found anything, but I've always thought it was worth 
> a look... 
> 
> See Virus Bulletin at http://www.virusbtn.com/index.
> 
> Cheers;
> Ed
> =============
> 
> Todd W. Bucy wrote:
> > ran across this and thought I would throw it out there for comments
> >
> > enjoy 
> > Todd
> > http://www.geekzone.co.nz/foobar/6229
> >
> >
> >
> >
> >   



More information about the SATLUG mailing list