Slashdot Mirror


Ethics of Releasing Non-Malicious Linux Malware?

buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"

7 of 600 comments (clear)

  1. make it F/OSS by JeanBaptiste · · Score: 0, Troll

    put it on sourceforge. maybe let 4chan know. it's all good.

  2. Fuck your little moral dilemma. by Anonymous Coward · · Score: -1, Troll

    Waaa! Is this evil? Is that evil? Grow the fuck up.

    Your morality is for shit and anyone who wants to get ahead knows this.

  3. Oblig. 4chan Ref by SuperJames_74 · · Score: -1, Troll

    DO IT, FAGGOT!!!

    (Sorry everyone. I'm devolving into a B-tard and can't/won't stop myself...)

    --

    @sshatrack

  4. derp by Anonymous Coward · · Score: -1, Troll

    Y'all niggas are replying to a troll topic.

  5. Please Be My Guest by Anonymous Coward · · Score: -1, Troll

    ...And shove it thoroughly, deeply, up your ass where it belongs.

  6. groundmaother by Anonymous Coward · · Score: -1, Troll

    My ground mother will appreciate you packet... can you make it a little more harmful? Say... make it turning on my ground mother air conditioner when is to hot or to cold... that would make it a grate way to give it way to every one... even if it opens the doors of my Linux machine (or windows) to everyone else... but wait there's more! That already exists (malware) across Windows, Linux, Apple, Juice (lol), UNIX, etc. so what would you want to say that is new to everyone that is observing all the millions of problems being fixed in all platforms at all times?

  7. you will pay by Anonymous Coward · · Score: -1, Troll

    I really hope someone finds you and stuffs your dick so far up your nose you give yourself a blow job before suffocting