Looking At The New Linux Trojan

Da Schmiz writes: "Security firm Qualys discovered a new Linux trojan on Saturday ... details can be found on their website.. Vnunet picked up the story earlier today, and then followed up with more details. They're comparing the potential impact to Code Red or worse, since more servers run Linux / Apache than NT / IIS. I don't think it's that bad, since the infection can be easily detected, but it certainly isn't good." Update: 09/08 11:58 AM GMT by H : Of course, as Kurt Siefried pointed out in e-mail: "The trojan has nothing to do with Apache. The virus attaches itself to an executable, which you must run to infect other binaries (i.e. you must run this as root). This means that infection vectors include, but are not limited to email attachments, but you must of course save the binary, then set it executable, and then run it, as root, to do any real damage. Alternatively you must download binary software and run it (again as root to do any real damage). In other words someone must run binaries of unknown origin as root, and if this is common practice then you have larger policy and education problems to deal with." So - comparing it to Code Red is a bit dubious.

Re:It's an email virus!

[emc]

I find your arguement rather enlightening.

You are claiming that just because someone runs a particular OS, they are either of higher or lower intellectual potential.

Have you not ever heard of "Best tool for the job"?

Granted, I think we can all admit that a Viper GTS-R is an incredible car, but using it to pick up groceries is rather... dumb.

...the funny thing is that I know many people who admin NT and/or Linux... the funny part is that the NT people know EXACTLY why they run NT. The majority of the Linux admins do it either because Linux == Free Beer or because "they think it's cool to run a server".

I think if you take a realistic look around, you will actually be surprised...

...and OpenBSD is my tool of choice.

Re:It's an email virus!

[emc]

Well, I was thinking particularly of several people I know of, who work for still-in-business "dot com" types of businesses.

#define HUMOR
In my years of experience in Sili Valley, you get to know the stereotypes of who runs what. Linux zealots are typically younger, with less experience; Solaris fans are older; AIX freaks are semi-fascist; and HPUX admins are just lazy. BSD folks are my favorites... BSD sysadmins have girlfriends, linux admins have spare parts & "geek code". BSD folks hang out, drink beer, and have a good time. Linux geeks have "install parties"
#undefine HUMOR

Face it, Exchange is a very well designed and packaged tool. Linux has NOTHING that can compare. On the other hand, Apache on NT sucks... but in reality, that's Apache's fault, for not being multithreaded. It's all about the benj^H^H^Hest tool for the job...

I think that you're probably pretty close with #2 and #3... Cheap beer, if not Free beer.

His arm has grown long indeed....

[nagora]

...if he can throw virus alerts all the way from Redmond.

This "alert" is clearly bought and paid for by MS. The idea that a machine running Apache is "vunerable" to a trojan that depends on a superuser saving and running an email attachment of unkown origin (or a normal user somehow setting the suid bit on the attachment) is so stupid that it can't be stupid: it must originate with someone that has a vested interest in spreading FUD.

Let's see now, who do we know that doesn't like Linux, is having a major launch of a new version of their OS and is known for sponsoring "research" that shows that Linux is the tool of the Devil? Hmm.... Is it Bill, the mild mannered janitor? Could be, could be!

TWW