Looking At The New Linux Trojan

Da Schmiz writes: "Security firm Qualys discovered a new Linux trojan on Saturday ... details can be found on their website.. Vnunet picked up the story earlier today, and then followed up with more details. They're comparing the potential impact to Code Red or worse, since more servers run Linux / Apache than NT / IIS. I don't think it's that bad, since the infection can be easily detected, but it certainly isn't good." Update: 09/08 11:58 AM GMT by H : Of course, as Kurt Siefried pointed out in e-mail: "The trojan has nothing to do with Apache. The virus attaches itself to an executable, which you must run to infect other binaries (i.e. you must run this as root). This means that infection vectors include, but are not limited to email attachments, but you must of course save the binary, then set it executable, and then run it, as root, to do any real damage. Alternatively you must download binary software and run it (again as root to do any real damage). In other words someone must run binaries of unknown origin as root, and if this is common practice then you have larger policy and education problems to deal with." So - comparing it to Code Red is a bit dubious.

It's an email virus!

[Proud+Geek]

Come on, the impact will be minimal or not at all. Although theoretically you COULD run this email attachment if you receive it, how many Linux users are stupid enough to do that? Technically Linux is just as susceptible to these things as M$ Windows, but we have one big advantage: the majority of Linux users are not morons around computers.

I just wanted to point out

[loraksus]

That Code red "easily detected and patched"?
The real problem is stupid sysadmins, how many servers (or computers in general) out there are susceptible to exploits that are years old..

Damn, some skript kiddie tried to hack my box but had the netbus server running on his box. It was kinda amusing for a while there..