Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Proof of concept on Multi Platform Virus
  • From: Rikard Johnels <rikard.j@xxxxxxxxxx>
  • Date: Sat, 8 Apr 2006 13:23:15 +0100
  • Message-id: <200604081423.24457.rikard.j@xxxxxxxxxx>
On Saturday 08 April 2006 14:02, Ken Jennings wrote:
> On Saturday 08 April 2006 01:00, Boyd Lynn Gerber wrote:
> > "
> > Cross-platform Virus Infects Linux And Windows
> >
> > By Gregg Keizer, TechWeb News
> >
> > A Russian security company announced Friday that it had found a
> > cross-over virus that can infect PCs running either the open-source Linux
> > or Microsoft Windows operating systems.
> >
> > Dubbed "Linux.Bi.a" and "Win32.Bi.a," the split-personality malware
> > doesn't do any damage. Instead, said Moscow-based Kaspersky Labs in an
> > online briefing, it's a proof-of-concept to prove that a cross-platform
> > virus is possible.
> >
> > "However, our experience shows that once proof-of-concept code is
> > released, virus writers are usually quick to take the code, and adapt it
> > for their own use," wrote a Kaspersky analyst in the briefing."
> >
> >
> > http://www.techweb.com/wire/security/184429692
>
> This is important information:
>
> "According to Kaspersky's research the Linux.Bi.a/Win32.Bi.a virus can
> infect either ELF binaries (Linux) or files with the ".exe" extension
> (Windows)."
>
> Returning to what others have posted concerning the easy infestation of
> Windows and the relative difficulty of doing the same in Linux -- How many
> executable files on a Linux system can a regular user overwrite? Nothing
> important. There aren't enough stupid system admins in the real world who
> would click on/run an unknown executable to enable this kind of virus to
> spread. As the article says, it is proof-of-concept. For Linux systems it
> will stay that way.
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx


Well... Both true and false.
IF you manage to exploit a, lets say buffer overflow vulnerability, and that
gives you escalated rights, and you are in a less secure system, there is a
definite chance of planting the infection.
This ofcourse has to be done actively, and may not exactly be a "virus
attack".
But if the virii is planted inside the system, it may spread.

Not all Linux users run a secured system, and not all run it under a normal
user. I have seen way to many root's running out there...
So the "How many executable files on a Linux system can a regular user
overwrite? Nothing important." is only true on a secured system with a
secure-minded administrator.
How many DOESNT run a secured system, and run everything as root?
No way of knowing.

I am not saying its easy, or commonplace to break into a non-windows system.
But it HAS been done.

Sure, there have been "proof-of-concepts" around for different platforms,
including mobile phones. I have yet to see a virus outbreak on mobile
phones...

Lets not wave this off as a "cant happen here".
Let us instead work against such concepts, and keep Linux a tidy playground
for serious users.

--
         /Rikard

-----------------------------------------------------------------------------
email   : rikard.j@xxxxxxxxxx
web     : http://www.rikjoh.com
mob: : +46 (0)763 19 76 25
------------------------ Public PGP fingerprint ----------------------------
< 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78  46 1C EE 56 >
< Previous Next >
Follow Ups