Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Virus Alert

Posted by timothy on from the poisoned-herring-or-red-herring dept.

marcjw writes: "I don't see many of these (Linux virus alerts). In fact none in the six months or so since I've switched from MS. Maybe that's why this story from newsbytes caught my eye. At any rate, I'm not sure if this poses much of a threat to the general Linux community but it's always best to be forewarned."

5 of 501 comments (clear)

  1. Re:Not via email you dont you wascally wabbit by dkemist · · Score: 5, Insightful

    Russell makes an excellent point there. All you have to do is distribute a file that "lets you own M$ boxen!" and there will still be a large number of script kiddies that will download the file and run it as root. Sure, it's not going to be able to be auto-executed, but it's just like virii back in the DOS days.

  2. They're Trying So Hard... by Greyfox · · Score: 4, Insightful
    To make it look like it's actually a threat. Oh yeah, it'd be dead simple to entice users to download a binary as root and run it. Yeah, once we give the user a frontal lobotomy and he believes everything we say, it is dead simple to do that. Oh yeah, it'd be a major threat if it infected binary files on sourceforge...

    Has anyone actually seen this virus in the wild? I can't imagine it'd actually propigate...

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  3. Is this REALLY a problem? by Restil · · Score: 4, Insightful

    I can write a binary that when run by root will erase your entire system. And I can probably do so in under a minute. Somehow, I doubt it will ever hurt anyone. Anyone smart anyhow.

    Programs that exploit security holes are far and wide. Yet, they are typically released as source code, usually attached to messages in security mailing lists. We can take a quick glance over this source before compiling it and running it. And besides, if it IS your typical exploit code, nobody needs to run it as root. To do so would defeat the purpose of having an exploit in the first place.

    I do like the statement, however, that linux users are less likely to open unknown attachments. Says quite a lot about our community right there.

    -Restil

    --
    Play with my webcams and lights here
  4. Lest we dismiss this too lightly... by CatherineCornelius · · Score: 5, Insightful
    A reminder is perhaps due here that the first internet worm program to cause significant damage (the Morris worm) was released in the 1988 and infected UNIX systems through a well known vulnerability (yep, good ole gets(3)) in the fingerd daemon.

    And waddaya know, UNIX application programmers are _still_ using the occasional gets(3) call in setuid root programs, more than a decade later, despite the fact that we all know that it doesn't check for buffer overflow and that a buffer overflow _can_ be used (read: _has_ been used in the past) to make a program execute code of the worm writer's choice and bring a significant part of the internet grinding to a halt.

  5. Worse than running something as root by Raul+Acevedo · · Score: 5, Insightful

    It doesn't matter if it requires root privs to run. Most programs have to be installed as root, and that's all that is needed. The make install step can do something nasty without telling you (how many people fully read & understand the Makefiles in the above scenario?), or it can install a trojan version of ls or any other program.

    --
    In a real emergency, we would have all fled in terror, and you would not have been notified.