Slashdot Mirror

← Back to Stories (view on slashdot.org)

Looking At The New Linux Trojan

Posted by Hemos on from the peering-under-the-hood dept.

Da Schmiz writes: "Security firm Qualys discovered a new Linux trojan on Saturday ... details can be found on their website.. Vnunet picked up the story earlier today, and then followed up with more details. They're comparing the potential impact to Code Red or worse, since more servers run Linux / Apache than NT / IIS. I don't think it's that bad, since the infection can be easily detected, but it certainly isn't good." Update: 09/08 11:58 AM GMT by H : Of course, as Kurt Siefried pointed out in e-mail: "The trojan has nothing to do with Apache. The virus attaches itself to an executable, which you must run to infect other binaries (i.e. you must run this as root). This means that infection vectors include, but are not limited to email attachments, but you must of course save the binary, then set it executable, and then run it, as root, to do any real damage. Alternatively you must download binary software and run it (again as root to do any real damage). In other words someone must run binaries of unknown origin as root, and if this is common practice then you have larger policy and education problems to deal with." So - comparing it to Code Red is a bit dubious.

2 of 263 comments (clear)

  1. Re:Don't worry, this is no Linux Code Red by WildBeast · · Score: 0, Troll

    Which proves my point. Linux for Servers, Windows for Desktops. It's the perfect combination, that's what I do anyway.

  2. Not enough details... by Error27 · · Score: 2, Troll

    Perhaps I'm stupid for not buying Qualys virus checker but this whole thing sounds bizare. What is the subject of the email? What does the email say?

    I have tried many of the linux email programs at one time or another--pine, elm, mutt, postilion, balsa, tk-rat, kmail, evolution and sundry others to numerous to recount. And lets face it people, for proper email viruses you need an advanced Microsoft email client. Outlook is a good example.

    First there is the problem of automatic or almost automatic execution. Linux email clients have not yet achieved the same optomistic attitude towards code in email attachments as Outlook. However, anyone who has used Linux is already familiar with this and I do not need to elaborate.

    Then, because Linux lacks any sort of standards (http://microsoft.com for more information), there is no easy way to send emails out to everyone on the persons list. The easiest thing would be to use perl. But even this is poses problems and the Qualys guys don't mention anything about perl or how it sends the emails out.

    Personally, I really doubt Qualys knows what it's talking about. Look at how many times Qualys has been talked about in the context of linux. Compare that to a reputable Linux endeavor. :P By the well know usenet-troll formula, Qualys is on it's last leg.

    And also... Any security company should know that the only way to clean an infected computer is to reinstall. Installing more close source software on top of the close source virus seems like a silly thing to me.

    (Not that I think Qualys would deliberately do something wrong but they don't seem competent enough to analyse this virus thouroughly or program a bug free fix).