I think we need to be careful saying "anyone who is dumb enough to run this attachment as root deserves what they get." While I completely agree with the statement, I believe that we need to take the time to educate any users who do such a thing. Simply laughing in their face, while fun, does nothing to advocate Linux.
Secondly, don't overestimate the intelligence of groups of people in large numbers. Perception will be the better part of reality in this case. The sensationalistic and irresponsible release by qualys.com makes me question not only their motives but their competency as well.
Further, I believe this release will be picked up by media/news outlets and exploited by Microsoft and other companies who feel threatened by Linux. While the exploitation of the release may not be right out in the open, you can bet that there will be covert attempts by Microsoft and others to make sure that this release gets publicized.
In my opinion this tells me that qualys.com has very little, if any, experience with Linux systems. The following is pure speculation, but seems plausible to me: One of their clients must've gotten infected with a r00tkit because they didn't catch a security hole in the system. Someone exploited that hole and gave their client a r00tkit which happens to listen on udp/5503. Qualys.com, in an attempt to save their client and justify the overpriced nature of their service, is making a very large deal out of it like they just rediscovered the wheel.
I've read the release over and must've missed something in it. How exactly is this new or different than a r00tkit? If someone 3 years ago would've sent you an executable and you would've run it on your Linux system as root, you could've easily just been had by any number of the r00tkits out there in the wild already. I missed how exactly this infects aside from the root user running it themselves.
I believe that this is nothing more than qualys.com attempting to make a name for themselves in the security industry or save one of their clients by claiming to have discovered something new. Of course, these are just my opinions, I could be wrong.
Slashdot Mirror
I think we need to be careful saying "anyone who is dumb enough to run this attachment as root deserves what they get." While I completely agree with the statement, I believe that we need to take the time to educate any users who do such a thing. Simply laughing in their face, while fun, does nothing to advocate Linux.
Secondly, don't overestimate the intelligence of groups of people in large numbers. Perception will be the better part of reality in this case. The sensationalistic and irresponsible release by qualys.com makes me question not only their motives but their competency as well.
Further, I believe this release will be picked up by media/news outlets and exploited by Microsoft and other companies who feel threatened by Linux. While the exploitation of the release may not be right out in the open, you can bet that there will be covert attempts by Microsoft and others to make sure that this release gets publicized.
In my opinion this tells me that qualys.com has very little, if any, experience with Linux systems. The following is pure speculation, but seems plausible to me: One of their clients must've gotten infected with a r00tkit because they didn't catch a security hole in the system. Someone exploited that hole and gave their client a r00tkit which happens to listen on udp/5503. Qualys.com, in an attempt to save their client and justify the overpriced nature of their service, is making a very large deal out of it like they just rediscovered the wheel.
I've read the release over and must've missed something in it. How exactly is this new or different than a r00tkit? If someone 3 years ago would've sent you an executable and you would've run it on your Linux system as root, you could've easily just been had by any number of the r00tkits out there in the wild already. I missed how exactly this infects aside from the root user running it themselves.
I believe that this is nothing more than qualys.com attempting to make a name for themselves in the security industry or save one of their clients by claiming to have discovered something new. Of course, these are just my opinions, I could be wrong.