Ethics of Releasing Non-Malicious Linux Malware?
buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"
Yes, especially when he includes his full name in TFS, unless of course this Johannes Buchner is his arch nemesis whom he is trying to frame.
Yes, especially when he includes his full name in TFS, unless of course this Johannes Buchner is his arch nemesis whom he is trying to frame.
I tested your theory by saying "Johannes Buchner" in a stiff jawed English accent - a James Bond sort of accent. And low and behold, my scientific study has come to this conclusion:
Johannes Buchner is in fact an evil genius and he will release this code on to the World bringing havoc to all Linux run internet servers in effect, destroying the internet unless he is paid One HUNdred biiiillllioooon Euroes!
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
That's like one guy who said "My best friends' girlfriend wants to sleep with me - should I do it so I can show him what a sl*t she is?"
Of course, why actually sleep with her when you can just brag about her offer on slashdot!
Yeah, really! Ethics is easy!
Will releasing it make you money? No? Then don't do it.
See how easy that was?
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
The day that somebody starts releasing automated face punching machines into the streets, I certainly will be among the first to buy a helmet.
Why make billions, when you can make... millions?
Yes! Exactly! Today the universe, tomorrow the world!
My other car is a 1984 Nark Avenger.
Open source it, that way we can all contribute to the malware and discuss if it should use gtk or qt. We know that gnome users will refuse to install anything with qt dependencies and kde users will refuse to install gtk+ dependencies. None of the windows malware coders are willing to release their code to us, so we are limited on integration, especially with wifi. I personally think we should target gnome users, they like stepping on people -- just look at how condescending their logo is. Plus I have a grudge against the way they put their contributers down. Once we get enough malwared machines we can convince windows malware coders to support our platform.
Trying to install linux on my microwave, but keep getting a kernel panic...
Okay, you give me a million euro's and i'll give you a million dollars...