Slashdot Mirror

All GUI archive managers require a separate "Extract" command (that preserves execute permission), that is different from the default action that is to view a file (without giving it an execute permission even if it is present in the archive).

I have to admit I only tried "tar xvf" to verify that permissions were preserved. Nevertheless, you really think you couldn't get people to actually extract an archive?

For anyone but total newbies it should be obvious that the user should NEVER run anything he downloads unless he is installing some software that is not in a repository -- as root, as his own user or as anyone else.

Yeah, that users won't run crap is well justified.

And because I ran out of words in that sentence before links, here are some more: 1 2 .

To put those into context, those are all links from Wikipedia's "Timeline of Notable Computer Viruses and Worms" from the last decade, including the only two entries on that page from 2009 and 2010. Most of the above had a noticeable amount of mainstream press coverage at the time, and the list includes names like ILOVEYOU, Sobig, MyDoom, and Storm.

Sure, they aren't the scariest worms out there, and over the last few years they haven't been the most damaging. But at the same time, if I got to bet whether a manually-spread trojan is worthwhile, I know which side of that bet I'd take.

Personally I would just turn them into traditional #! scripts with "interpreter" doing what a file manager would, and file manager refusing to execute anything in them unless they are executable.

The .desktop files contain rather more information than just what program to run. How would you deal with that? Specially-formatted comments in the script? Pass the script a command line argument?

Besides, it's not like running scripts without execute permissions is a new concept. "source foo.sh", ". foo.sh", "perl foo.pl", "python foo.py", etc. IMO are all comparable to Gnome looking into the .desktop files on boot to see what to run.

What desktop Operating System does this Pushdo botnet require to operate ?

"Once executed the malware first tests to see if it's currently running as the hardcoded value "rs32net.exe" in the system folder (C:\Windows\System32 by default)"

because all antivirus software is made by people who are governed by the laws of the united states...

If you think there are 0% Linux and Mac botnets and malware in the wild, you are seriously uninformed.

http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of-the-problem/
http://blog.trendmicro.com/more-mac-malware-in-the-wild/
http://lwn.net/Articles/222153/ - Linux botnets
http://blogs.computerworld.com/14723/no_more_linux_security_bragging_botnet_discovery_worry

This is just a small sample. Let's all take security seriously, and leave religion to the gods. (and to head of the claim that it doesn't count if the user has to install something, like a pirated malware-infected Photoshop for OSX, that is the most common Win vector these days as well. Malware is the problem, not viruses.)

Out of curiosity, how exactly do you verify that you are infection free without a scanner?

In my experience online scanners do a pretty reasonable job. I like Trendmicro's housecall http://housecall.trendmicro.com/

You do realize that if your running two AV's they stomp on each other and nothing works

No always the case, You can use and Online Scanner with no problem.
Sadly they sometimes pick up things otherones miss.
http://housecall.trendmicro.com/
http://security.symantec.com/
http://www.kaspersky.com/virusscanner
Just to Name a few online ones.

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

"If those were the best examples you could come up withm then I guess you succeeded in disproving your own point." - by parodyca (890419) on Friday June 12, @10:12AM (#28307657) Homepage

Well, @ this point, here are 50++ more evidences of his title of "Viruses aren't a Problem in Linux" subject-line being b.s.!

That all "said & aside"? Here we go:

Threat Encyclopedia Search Results for *NIX oriented malwares/virus/trojans etc. et al (pages 14-25, approximately 50++ more ontop of the 40 or so I have already noted in my prior posts here):

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=14&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=16&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=17&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=18&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=19&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=20&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=21&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=22&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=23&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=24&ltr=U

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=25&ltr=U

&

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

More info on the new Linux worm

http://blogs.securiteam.com/index.php/archives/305

APK

P.S.=> Oh, by the by: If the (so far) 90++ evidences of worms, viruses, trojans, malwares & general faults in Linux' security? I think you're not as experienced in these matters as you'd like to think is all - especially with you're stating & agreeing about this exchange's subject-line of "Viruses Aren't a Problem in Linux" etc. et al... apk

Nothing wrong with NX/ASLR. Except perhaps as support to the claim that windows is "safest os on the planet" or some such nonsense. We have been using GrSecurity since long before Vista was out. Which makes the interviewer's "Vista-like-ASLR" kind of an odd quality for something to posses. If anything it's Unix-Like ASLR.

Furthermore, and I don't know if this is patched in later versions of Vista but the author also seems confused about the implied "nobody knows how to defeat ASLR under windows".

http://blog.trendmicro.com/flaw-in-windows-vista-aslr-implementation/

Under PaX Linux has far more randomization than that.

Because nobody goes to this much trouble for a mass troll, much as I wish that was the case. If they only wanted to goatse ~10 million people they could have done so quite some time ago - they are in this for the MONEY. The most recent variant interacts with Waledac, a known spamming botnet, and is starting to install fake scareware "antivirus". Given its thorough rootkitting and stealth, the stealing of paypal credentials etc seems a likely future development, and finally let's not forget good old DDoS. It's an open secret that gambling sites pay extortion money, and there isn't a site on the planet that could withstand a full attack from this thing. Hell, they could take down whole tier 3 ISPs without much difficulty.

http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/

Conficker Eye Chart

Conficker Eye Chart

How to interpret:

If you see this above:It probably means this:

= Normal/Not Infected by Conficker (or using proxy)
= Possibly Infected by Conficker (C variant or greater)
= Possibly Infected by Conficker A/B variant
= Image loading turned off in browser?
Any other combination= Poor Internet connection?

Explanation:

Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.

If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).

If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.

F-Secure and the F-Secure Logo are trademarks of F-Secure Corporation.

SecureWorks and the SecureWorks Logo are registered trademarks of SecureWorks Inc.

Trend Micro and the T-Ball logo are trademarks or registered trademarks of Trend Micro Inc.

How does this get modded +5 informative?

There are scads of free options.

Try a linux alternative

NoScript says: "Do not want".

Try a linux alternative

Like this.

Dormant (see: Distrowatch).

Or this.

$$, intended for corporate use, but thanks for the link, It might be worth the money in my repair business (I currently move the disks to a windows machine and scan from there if I can't clean in place).

Hell even an online scan may work well enough, http://housecall.trendmicro.com/

This might actually work, though I haven't tested it myself. Probably not as good as Malwarebytes, though.

There are scads of free options.

Try a linux alternative

Like this.
Or this.

Hell even an online scan may work well enough, http://housecall.trendmicro.com/

Whilst there's some truth in what you say, this is interesting "Globally, the source of the most number of infections for these top 100 malware is the Internet, specifically in surfing unknown or malicious sites, or accepting links offered in unsolicited email."

http://blog.trendmicro.com/most-abused-infection-vector/

Sure, there's probably a FOSS program for nearly everything you need, put that won't stop idiots or non tech-aware people downloading malware-ridden crap from the net becuse of banners flashing 'look, free telephoning/pron/whatever *certified* virus-free!!!

Hmm...the prefetch cache is only used when a call is made by commonly used programs. Clearing the prefetch cache is only really useful to rid yourself of extra unnecessary files when you uninstall programs as Windows will simply rebuild the directory.

Since we're trying to diagnose a cause of sudden sluggishness, clearing the prefetch won't really do anything unless the HDD is full. A quick review of the prefetch directory, however, is a good indicator of which programs have been running. I usually take a look to see if I can spot anything out of the ordinary.

Other helpful ideas:

- Disable system restore before you do anything...irritating spyware and virii can hide here and restore themselves
- Download and run X-Ray PC (freeware) and run an online analysis of your processes...will give you a good/bad/unknown triage for some processes and allow you to kill them.
- Start>Run> msconfig.exe and check your startup processes...do a quick google search for anything you don't recognize and if it is not a necessary startup process, kill it. Having a shitload of processes running at startup can bring your system to its knees. Usually, for a desktop XP machine, between 28 and 35 processes is ideal on a fresh boot. For a laptop it can be up to 50...depends on what utilities are required to make your touchpad/buttons/wireless/etc work.
- Start>Run> msconfig.exe and check your services. Check 'hide all Microsoft services' and do a quick scan to make sure no extra junk services are hiding here. If you lose functionality to something on startup that you want, you can either just turn it back on or, if necessary, boot into safe mode and turn it on.
- Download Crap Cleaner and run the registry scan to see how many junk items you have in your registry. Review the causes and fixes to all the issues you find...you're usually okay doing a fix all but I check them just in case (this is your registry after all...never hurts to back it up either.)
- Add/remove any programs that you don't recognize or don't use. All this extra junk does nothing to help you. Additionally, if you can pinpoint one or two programs that were installed around the time your computer started having issues, definitely uninstall them and check your performance after (probably run ccleaner again to ensure they are completely gone).
- Restart your machine and check msconfig and xraypc again to ensure that nothing you killed came back...if it did, you've got a virus or spyware.
- If you still have issues, try running one of many drive fitness test tools to determine whether or not you have bad sectors or possibly a bad HDD altogether. Some tools will even allow you to repair the bad sectors but usually if you've got bad sectors you should start looking at a new HDD soon.
- If you have the option, pull the HDD and hook it up to a test rig and run a Housecall scan on the drive.
- Run Rootkit Revealer to determine whether or not you have a rootkit installed on your machine. Rootkits are nasty as hell but you can usually find additional info via a google search on how to rid yourself of them.
- When all else fails, a clean install is usually the best way to get your system back up to snuff. It is a pain in the fucking ass and no one likes to do it until you remember what it is like having a clean install. Just make a list of your programs, do a backup of your data, and format that sucker.

Hope some of that is helpful...a lot of the other comments I see here are great things to check as well (right below me I see gad zuki! mention netstat -a to check your active connections...also very useful) so bookmark this page and try everything. If nothing else, you'll learn some new tricks.

Why not just have a program "scan" your hard drive for viruses for a few minutes, find a bunch of stuff, and then charge you a fee to remove said "viruses?"

Ask and you shall receive.

Windows malware is an evolutionary ecosystem. The parties net billions of dollars a year on both sides. This is not going to change in the forseeable future. There are no functional OS-X, Linux, BSD or Solaris malware systems in the wild. We can speculate about why but really it's more useful to adapt to the world as it is. You can use Windows and swim in this cesspool... or not. Choices are great, aren't they?

From my exp as a PC repairman it sounds like you got hit from one of the many pop up BHO bugs out there. Either that or a lovely piece of malware like a clickjacker. You didn't go to a porn site in IE or install any toolbars in IE,did you? Anyway here is what you do. First go do an online bug scan. I would suggest housecall. I would personally bet on a a BHO bug from what little you've posted. If Housecall doesn't find it you can use Dependency Walker to help track it down by looking for anything being called by IE that isn't in either the Windows or Internet Explorer folders. Simply unzip Dependency Walker and choose File/Open and navigate to IE which is in /Program Files/Internet Explorer and click on IEXPLORER.EXE. This will give you a full list of dependencies and their paths. You can also run Hijack This and post what it outputs to their forum and they can help track down the source if it is a clickjacker or BHO.

Anyway if you do decide to go the reinstall route I would suggest NLite which will allow you to strip a lot of the bloat from the OS BEFORE reinstall, including IE IIRC. Just remember to leave the MSHTML.DLL files because there are several programs that use these for help files. I hope this helps, because I usually view having to reinstall a customer's OS as a last resort. Usually with a little time and patience the bug can be tracked down and killed.

I thought this sounded oddly familiar... not too long ago I was helping a client out of a mess caused by Trend Micro identifying Windows system files as being infected by a "Generic Trojan"

The problem was exacerbated by Trend Micro failing to properly quarantine the files and it ended up just corrupting them. Almost needless to say, the repair instructions were useless.

Trend Micro Housecall. Scan for and remove viruses via a web-interface when you think you may be infected. There's no annoying software to download/install (other than either an ActiveX control or a Java applet, depending on preference/browser/OS) that pointlessly eats up memory and interferes with your applications.

WORM_BRONTOK.Q?

Yes,

TROJ_CAPTCHA.A

--jeffk++

I've been using the same "technique" of, essentially, just not executing untrustworthy software for years.

I know my hardware well enough that I notice when it inexplicably starts running slower.

And I run a free online virus scan periodically, and whenever I suspect I may have picked up something:
http://housecall.trendmicro.com/

I fail to see the need for installing the bloated, always-on scanners when you can just manually scan now and then.

And let us not forget even trusted websites can get compromised,so for all we know this guy was surfing a legitimate website and got hit by a driveby or one of the many exploits that had been released since his machine no longer was updating. I personally hope he gets enough out of them in a lawsuit that he never has to work again. It is obvious to me they never bothered to look at the laptop except to look for porn,and the fact that it was THEIR OWN SCREWUP that caused this in the first place should make it a slam dunk for any decent lawyer. But as always that is my 02c from many years of fixing Windows boxes,YMMV

Here is an excellent presentation on the sort of human computation that you're refering to. Indeed it is cool stuff. Unfortunately, if you watch the entire presentation, you'll realize that this technique is also effective against CAPTCHA-like tests, including the kitten test. Basically all spammers would need to do is capture the images, forward them to porn consumers who are frantic to the next titillating image, capture the response, and send it back to the webmail provider. It has already been done in the wild against CAPTCHAs.

This is slow as hell, but it works.

The best protection for people like me (which naturally translates to the majority of the slashdot crowd), is a combination of common sense and in the event you suspect some nastiness is going on, house call. Use it for a full system scan, or just to scan specific directories (IE, a 'download' directory for stuff from a not-so-innocent origin). It supports Windows, Macs, Linux, and even Solaris. Seems to do the trick for me.

This gets around quickly in a computer lab with USB autorun:

[autorun]
open=rundll.exe
shell\open=??(&O)
shell\open\Command=rundll.exe
shell\open\Default=1
shell\explore=?????(&X)
shell\explore\Command=rundll.exe

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.ERN&VSect=T

One thing that comes to mind is Microsoft's Malicious Software Removal Tool, which comes out each month in Windows Update. Another tool is Trend Micro's online virus scanner, located at http://housecall.trendmicro.com./

The tools you're thinking of were standalone removal tools for specific pieces of malware. I'm sure they still release these from time to time. They usually came out for malware that was especially high-profile, so don't expect to see one for every one out there.

But the most useful tools, IMHO, are the antivirus programs you can get for free, specifically AVG and avast!, among others. They work well, and they're much less bloated than Symantec of McAfee. Whenever I'm setting up a new computer for someone, reinstalling Windows on an old one, or doing any kind of work on one, I make it a point to question the owner about their virus protection and, after getting their OK, install some soft of AV software on it. If every geek did this, we might make an impact, albeit a small one, on the botnet problem. Remember, a little education goes a long way.

mAVG: http://free.grisoft.com/
avast!: http://www.avast.com/

What's interesting is that Integralis and Trend settled this in 1998 with a cross-licensing deal that specifically mentions patent '600.

Details here: http://us.trendmicro.com/us/about/news/pr/article/20070124133901.html

Some additional reports from earlier this week and previous...

http://blog.trendmicro.com/e-commerce-sites-invaded/

http://www.scmagazineus.com/Attack-injects-malicious-JavaScript-into-e-commerce-sites/article/104206

http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/

http://www.cpanel.net/security/notes/random_js_toolkit.html

http://isc.sans.org/diary.html?date=2008-01-18

http://isc.sans.org/diary.html?date=2008-01-14

http://www.webhostingtalk.com/showthread.php?p=4902045

Other info as of last week:

Various discussions:
http://www.webhostingtalk.com/showthread.php?t=651748
(useful discussion starts on page 3 or so)
http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/
(describes the inability of ScanSafe to work out what's happening)
Trend have a piece on their blog:
http://blog.trendmicro.com/e-commerce-sites-invaded/
SANS/ISC
http://isc.sans.org/diary.php?storyid=3834&rss

... though a solution has not been yet:

http://blog.trendmicro.com/e-commerce-sites-invaded/

If you happen to have one of these compromised systems, I am sure that Trend would like to talk to you about it...

Sorry to say this but the attack overrides the modem's password, the attack from Gusanito and similar attacks (ie El Universal) probes with different common 2WIRE router addresses to get to the MDC. Fortunately it is not that elaborated... This attack was reported during late last year. This exploits a vulnerability in 2WIRE modems, as documented in US-CERT http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4389
Trend Micro has a more recent report on a variation of this attack http://blog.trendmicro.com/targeted-attack-in-mexico-dns-poisoning-via-modems/
The UNAM-CERT, also has the "Gusanito" exploit documented (spanish only) at http://www.seguridad.unam.mx/doc/?ap=articulo&id=196
The attack overrides the modem's password...

Well yes is Banamex. This attack was reported during late last year. This exploits a vulnerability in 2WIRE modems, as documented in US-CERT http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4389
Trend Micro has a more recent report on a variation of this attack http://blog.trendmicro.com/targeted-attack-in-mexico-dns-poisoning-via-modems/
The UNAM-CERT, also has the "Gusanito" exploit documented (spanish only) at http://www.seguridad.unam.mx/doc/?ap=articulo&id=196
The attack overrides the modem's password...

FREE ENTERPRISE-GRADE ANTIVIRUS SCAN

1.) go to Trend Micro's download page
2.) lower right side, click "Damage Cleanup Engine", and download sysclean.com:
"If you are not a Trend Micro customer please download the following file.
Sysclean Package 3.2MB
MD5 checksum: 4cb85b5a3c097fcb494dceed216b8d9e"
3.) go back to the download page, lower right side, click "Trend Micro pattern files"
4.) download the latest official or controled (beta) virus defs.
5.) stick these on a usb key, reboot in safe mode, copy to the desktop, place both files in the same folder, and run it.

Trend Micro's end user virus protection is not that great, it is bloated and annoying like most end user antivirus. But their enterprise product is SUPERB.

This, coupled with HijackThis (also now a Trend Micro product) and a good dose of Spybot and AdAware Personal will clean 99.9% of systems in safe mode, first time.

~Wx

Count me in with the people who don't use AV bloatware on Windows and get along just fine. This is the guidance I give to friends who are competent enough to understand it:

1. Don't run day to day as an administrator
2. Use the firewall in your router
3. Take regular backups
4. Keep Windows and Office automatically updated
5. Don't click the attachments, duh!
6. Be cautious about what you access on the net and use a quarantine account if necessary

Those are in rough order of importance except maybe #5.

Never had a virus; I occasionally give myself the once-over with Trend Micro's web-based scanner and Sysinternals' RootkitRevealer and all is well.

I guess Trend isn't covered since there is no Linux client

That's not really true. Trend sells IMSS for linux relays. I notice you said "client", but still, I would think IMSS should have been included.

1. Trend Micro's OfficeScan -- http://housecall.trendmicro.com/ 2. ArcServ -- http://ca.com/us/products/product.aspx?ID=4536 Trend has done some great work: 1. Sponsor HiJackThis 2. OfficeScan uses less resources than SAV(.exe(Trend) vs Rtvscan.exe(Symantec); .exe wins!) We used to use both of these products.

I sure do. Apple screwed up an implementation and therefore no one else will ever be able to get it right.

Similarly, Nimda, Blaster, and SQLSlammer permanently ended the use of webservers, operating systems, and databases.