Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ambidextrous Linux/Windows Virus

Posted by ryuzaki0 on from the getting-it-from-both-ends dept.

Lam1969 writes "Kaspersky Labs has reported a new proof-of-concept virus that can infect both Windows and Linux systems. It's called Virus.Linux.Bi.a/Virus.Win32.Bi.a and affects ELF binaries and .exe's from windows. SANS has a brief item on the cross-platform virus as well, but no information about a patch or signature yet."

4 of 361 comments (clear)

  1. Re:How is it POC? by EndlessNameless · · Score: 5, Informative

    It seems that the reason it's considered a POC at this point is because it has no real payload. All it does is spread, and not nearly as heinously as Blaster/Welchia/Sasser.

    As soon as it gets backdoor or downloader functionality... then it becomes a more serious threat. And really you, me, and the guys at Secunia/SARC/SANS/ISC/etc all know that's where this is headed.

    So yes... in the sense of where this particular piece of malware is headed, this is a proof-of-concept. It's a live test of the progagation mechanism. The payload will be dropped into place soon... probably in the next version since this one looks like it's working fine.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  2. Re:Not to worry by Rosco+P.+Coltrane · · Score: 5, Informative

    Windows users are prepared for viruses and the reason Linux users do not sweat them much is not because linux viruses do not exist; it is because system design makes their impact minimal.

    Actually, you're quite wrong. Linux flaws have existed and are still found today that can be (and have been) taken advantage of. The reason Linux users don't sweat is because flaws are spotted quickly by many people who read the code, and fixed quickly too. That and people who code open-source tend to produce good code, as a matter of pride.

    Oh and by the way, Windows has a "safe"(well, safer) operating mode in the form of a user account, but nobody uses it because it's a PITA, so everybody stays in supervisor mode and bad things happen.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. Re:Limited to ASM? by x2A · · Score: 4, Informative

    It's not the first, I recall one before. And you don't even need detection code, you just write a different entry point address into the elf header as you would the exe header. You can have two different payloads, and two different copy mechanisms, as long as both copy both, not just themselves. In fact, there's no reason to stick to just 2. You can have a single virus that spreads across platforms/architectures, it just makes it bigger and easier to spot.

    --
    The revolution will not be televised... but it will have a page on Wikipedia
  4. Re:RunAs by E-Rock · · Score: 4, Informative

    No, just think harder.

    Run the Add/Remove Programs control panel applet as your admin account. Then use add new programs to run the installer. The other benefit is that the installer is running as admin, so you can browse to installs out on the network that live in places users can't reach.