Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Threat To GNOME and KDE

Posted by timothy on from the turducken dept.

commandlinegamer writes "foobar posted on his blog recently about 'How to write a Linux virus in 5 easy steps,' detailing potential malware infection risks in the .desktop file format used by GNOME and KDE. This is not a new threat, and it appears to still be a risk, as discussions in 2006 did not seem to come to any firm conclusion on how to deal with the problem." There's a followup on LWN.

3 of 348 comments (clear)

  1. Does not work as advertised by argiedot · · Score: 0, Offtopic

    The user has to first save the attachment and then double click on it.

    This will not work on Ubuntu 8.04 at least. I have just tried sending myself a shell script that was marked executable, and after saving it, double-clicking it would display it. Even without the extension, double-clicking would only display it. But even assuming that somehow this script was automatically marked to execute, what happens? You get asked a question:

    "file" is an executable text file. Do you want to run "file" or display its contents? Run in Terminal, Display, Cancel, Run.

    What is the authors method of spreading this? An email with the following in it:

    Whoa, check out these nude shots of...! (if the attachment doesn't want to open just save it to your desktop and open it...)

    Now, would you want to 'Display' nude shots or 'Run' nude shots? I'm sure you could manage this if you sent something like, "Check out this cool script!" or "Check out this cool screensaver." but the former is already a lost battle (we know you can never protect against a user) and the latter isn't a problem (Linux users do not install from emails, they install from repositories).

  2. Why? by Dripdry · · Score: -1, Offtopic

    My first thought (maybe not my best one) in this case is "Why?"

    Why would the judge get kickbacks for jailing juveniles (or others)? Where is the money to be made by the detention center?
    Is this obvious evidence of a system of what amounts to forced slave labor?

    If that is the case, then this whole "rights erosion/surveillance state" gets scarier by the minute. If you can be jailed by a corrupt (kick-back $)system that can deem almost anything a crime and which is watching many actions you take outside your home and online suddenly the system can arbitrarily harvest enough (slave) labor to do what it wants. Dystopian corporate future, anyone?

    I know it's just one judge, but how many more of them are there? Maybe I just haven't had enough coffee, but this is a little scary.

    Am I missing something?

    --
    -
  3. Re:Protect your self with encryption by kcbanner · · Score: -1, Offtopic

    I guess my hopes of starting a new meme have been dashed...alas.

    --
    Obligatory blog plug: http://www.caseybanner.ca/