Linux Virus Alert

marcjw writes: "I don't see many of these (Linux virus alerts). In fact none in the six months or so since I've switched from MS. Maybe that's why this story from newsbytes caught my eye. At any rate, I'm not sure if this poses much of a threat to the general Linux community but it's always best to be forewarned."

Things that make you go hmmmmm

[tiny69]

Managed security provider Qualys obtained a copy of one new variant last month from an "outside source," according to Gerhard Eschelbeck, vice president of engineering.

So he wasn't actually infected by it. Sounds like someone gave him a proof of concept prototype.

To date there have been "limited" reports of the new RST variant in the wild, according to Eschelbeck.

Reports to who?

To replicate, the virus requires users to run an infected program from an account with "root" permissions.

Only a complete moron would run would do this.

Although many Linux users do not run anti-virus software, they are generally more sophisticated about security threats and are unlikely to click on executable e-mail attachments, he said.

Exactly. From what I've heard else where, it sounds like the "virus" is similar to the old COM virues from the MSDOS days. Yes, they may have a copy of a "virus", but the whole thing sounds fishy to me.

Re:Worse than running something as root

[foobar104]

how many people fully read & understand the Makefiles in the above scenario?

Which brings up an interesting point: write-only code. I've tried to read and understand autoconf-generated Makefiles a few times, and given up with my head spinning. They're a tangled web of M4 macros and such.

Computer-generated code is notoriously hard to read, and install scripts are one instance where reading the code is important.

I only wish there were a way to improve autoconf and other code generating programs without having to have a massive security breakdown happen first to inspire the work.