[SATLUG] Scarry stuff...How to write a linux virus in 5 easy steps

Tweeks tweeksjunk2 at theweeks.org
Mon Feb 23 00:09:07 CST 2009

On Wednesday 18 February 2009 11:12:43 pm Travis Runty wrote:
> Really good stuff.  I have always ran the noexec on my '/tmp', however, I
> think I'm considering adding it to my devices '/home' too.  Assuming there
> are no unforseen negatives it certainly wouldn't hurt anything.

Uhh.. I wouldn't recommend that.  Many X controls and scripts reside there... 
as well as you bash files (.bash_login, .bashrc, etc).. not to mention many 
user's ~/bin/ dirs.. Yeah.. that would be a nightmare on my system.

I would recommend putting some filesystem level restrictions on /tmp/ (have to 
have a separate partition first though), and then "mount --bind" /var/tmp/ 
there also.  Also lock down your /dev/shm/ (a not so well known ramdisk area 
hacks write their backdoors to also). See here:
	$ mount |grep shm
	devshm on /dev/shm type tmpfs (rw)

On Thursday 19 February 2009 10:43:10 am ed wrote:
> As Linux grabs more market share on the home desktop, its only natural,
> a matter of time, before the bad guys start (if they haven't already)
> writing exploits for it

I disagree to some degree.  The reason that windows has been so problematic is 
not JUST because it's the biggest tartget.. but because it's SOOOOOO 
homogeneous.  It's cookie cutter.. A computer monoculture, if you will.  

Take this virus/target-culture model into nature.  It's just like a giant 
domesticated animal farm.  What happens in nature when you have a giant 
monoculture (cows, banans, etc)?  One ravenous disease comes along and wipes 
them all out.  So what even if you keep standing new animals back up 
(reinstalling.. new models, etc).. The same monoculture problem exists and 
viruses feed on monocultures.  

This is why nature has differing species, breeds, and strains. In two words.. 
biological diversity.  This is also why I believe that Windows will always be 
the weaker OS "health wise" and why I believe Linux will never be as hard hit 
with viri as Windows.  Linux is a chaotic, heterogeneous mix of distros,  
desktops and packages.. always changing.  No virus can assume that all Linux 
desktop is running Thunderbird.. or Kmail,  Mutt or Evolution.  I guess a 
virus writer /could/ include vector-checks for the most common  Linux mail 
clients out there.. but you still have all the distro differences, seLinux, 
iptables, filesystem differences, etc.. And that's a huge waste of energy 
when the virus-yummy monoculture of Windows+Outlook is such a more attractive 
target.  Such an easier herd to own.  :)

Some say that there's safety in numbers... 
With regards to virus defense, this is not the case... 
But even more importantly, I say the real safety is in diversity.

All for now.. nite nite.


> On Wed, Feb 18, 2009 at 9:40 PM, Todd W. Bucy 
<toddwbucy at grandecom.net>wrote:
> > oops forgot to include the authors update to this article.
> >
> > http://www.geekzone.co.nz/foobar/6236
> >
> > Todd
> >
> > On Wed, 2009-02-18 at 21:32 -0600, Todd W. Bucy wrote:
> > > ran across this and thought I would throw it out there for comments
> > >
> > > enjoy
> > > Todd
> > > http://www.geekzone.co.nz/foobar/6229
> >
> > --
> > _______________________________________________
> > SATLUG mailing list
> > SATLUG at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> > Powered by Rackspace (www.rackspace.com)
> --
> Travis Runty
> 210.391.3949
> www.linuxismybff.com

More information about the SATLUG mailing list