Slashdot Mirror
Cross-Platform Pseudo-Virus: Don't Panic
spam-it-to-me-baby writes: "It's only based on one reported sighting (i.e. it could be bulls**t), but anti-virus software hacks Central Command say they have found the first Windows/Linux cross-platform virus. It appears only to be a proof of concept with no malicious payload, and targets Windows PE files or Linux ELF files once it recognises the infected OS." There are stories at CNET and at Wired as well, not to mention at NewsForge. Despite the Wired story causually saying so, though, this is anything but an "equal opportunity" virus, except in that it seems to infect multiple media sources without discrimination. When was the last time you ran unknown programs (as root) on your machine, then manually copied them (and ran as root) on another machine as well?
GET FREE MONEY!!! You can get a lot of FREE MONEY if you send this file to everybody in your address book and delete all the files on your computer! Do it! All the cool people are doing it!!!!
Tell me what makes you so afraid
Of all those people you say you hate
While only an idiot runs mystery software as root on a *nix system, what happens when you dual boot into Windows to play that favorite game or run that beloved flight simulator? At this point you *are* essentially running everything as "root", and Linux filesystems are potentially just as accessible and corruptable as windows filesystems (assuming the virus is smart enough to parse the inode map, or a ext2win type driver is loaded in windows).
The infection vector for Linux software may be more via the windows dual-boot option so many of us keep around, rather than the clueless newbie running a downloaded executable as root. If the virus author chooses a target intelligently, one which runs as root by default (for example, say, "getty" or "X"), your Linux system could well become a warren of virial activity no matter how secure the Linux portion of the configuration is.
Using an encrypted filesystem, inaccessible under windows, might prevent this sort of contagion, but of course that wouldn't prevent the windows incarnation of the virus from simply trashing the encrypted data and destroying the Linux installation outright.
The upshot is, if you have Windows installed on your system, and use it in any kind of promiscuous fashion (which, for an operating system as insecure as Windows must include having any kind of connection to the internet), any data anywhere on the hardware is at risk, and all the security Linux or FreeBSD offers you is for naught.
The Future of Human Evolution: Autonomy
Code that has to be spread manually is not a "virus."
It doesn't have to be spread manually. Read the analysis - it searches for Windows PE exes and Linux ELF exes and infects them.
However, the analysis states that this virus only searches for and infects executables in its own directory and parent directories. This to me seems fairly harmless. If you were emailed a program infected with this virus, it would surely only infect your temp directory (and root dir, but who would have executables there?) And as you say, this one doesn't propogate over the internet, so the only way you're likely to catch it is running an infected prog emailed to you.
But as they say.. it's a "proof of concept". Where I work, we had a hell of a time with a virus that checked machines in the network neighbourhood for open shares (this was a Windows virus of course) and then searched them for executables to infect. Watch for a virus which can infect Windows exes and Linux ELF exes like this one, but which also aggressively searches shares, NFS mounts, etc. for more files to infect.. that might be something to take more seriously..
Fair enough, claim that only "idiots" run unknown software on their box, and that because you are so 133t, you compile all software you use.
Which proves what? That you've compiled some software, and *then* run it.
Did you study the source code at length? Check it personally that it didn't have any back doors whatsoever? Hmmmm? Sure it wasn't a trojaned source you downloaded (The server could have been hacked right?)
Just because you compiled from source, doesn't mean your newly-created binaries are therefore perfect and couldn't *possibly* contain a trojan of some sort.
Fine, I give up. Language evolves. But you're still getting smacked if I ever hear "worm virus" again.
MSK
You know that there have been Mac viruses before. There's about 40-50 or so non-Word macro viruses. The reason you don't see as many of them is that the Mac hasn't been as friendly to casual programmers as DOS and Windows have been, and the market penetration is lower. Thus, there are less people messing around with non-professional programming on the Mac who would get the virus-writing urge. It's lack of market penetration has also made it less desireable of a target.
There is no inherent safety to the Classic Mac OS that prevents viruses at all. In fact, the use of shared global memory resources, non-existant memory protection, and nearly non-existant file protection makes it very unsafe. It's just secured by obscurity.
Mac OS X will have all the same strengths and weaknesses of a UNIX system. Unfortunately, the UNIX layer makes basic worm and virus writing easier since the APIs are better known by more people. It won't be long until the first Mac OS X viruses begin propogating. I don't think we'll ever reach the level of DOS/Windows in its heyday, but don't kid yourself into thinking that the Mac is, has been, or ever will be completely immune from rouge code on the system.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").