Proof of concept on Multi Platform Virus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 " Cross-platform Virus Infects Linux And Windows By Gregg Keizer, TechWeb News A Russian security company announced Friday that it had found a cross-over virus that can infect PCs running either the open-source Linux or Microsoft Windows operating systems. Dubbed "Linux.Bi.a" and "Win32.Bi.a," the split-personality malware doesn't do any damage. Instead, said Moscow-based Kaspersky Labs in an online briefing, it's a proof-of-concept to prove that a cross-platform virus is possible. "However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code, and adapt it for their own use," wrote a Kaspersky analyst in the briefing." http://www.techweb.com/wire/security/184429692 - -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFEN0NeVtBjDid73eYRApsPAJ9ASt0bFWguHWLPY5kVIxxXlMw/eQCePViJ J9by36bHDEA8Vf4x7T4GvTc= =yW2H -----END PGP SIGNATURE-----
On Saturday 08 April 2006 01:00, Boyd Lynn Gerber wrote:
" Cross-platform Virus Infects Linux And Windows
By Gregg Keizer, TechWeb News
A Russian security company announced Friday that it had found a cross-over virus that can infect PCs running either the open-source Linux or Microsoft Windows operating systems.
Dubbed "Linux.Bi.a" and "Win32.Bi.a," the split-personality malware doesn't do any damage. Instead, said Moscow-based Kaspersky Labs in an online briefing, it's a proof-of-concept to prove that a cross-platform virus is possible.
"However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code, and adapt it for their own use," wrote a Kaspersky analyst in the briefing."
This is important information: "According to Kaspersky's research the Linux.Bi.a/Win32.Bi.a virus can infect either ELF binaries (Linux) or files with the ".exe" extension (Windows)." Returning to what others have posted concerning the easy infestation of Windows and the relative difficulty of doing the same in Linux -- How many executable files on a Linux system can a regular user overwrite? Nothing important. There aren't enough stupid system admins in the real world who would click on/run an unknown executable to enable this kind of virus to spread. As the article says, it is proof-of-concept. For Linux systems it will stay that way.
On Saturday 08 April 2006 14:02, Ken Jennings wrote:
On Saturday 08 April 2006 01:00, Boyd Lynn Gerber wrote:
" Cross-platform Virus Infects Linux And Windows
By Gregg Keizer, TechWeb News
A Russian security company announced Friday that it had found a cross-over virus that can infect PCs running either the open-source Linux or Microsoft Windows operating systems.
Dubbed "Linux.Bi.a" and "Win32.Bi.a," the split-personality malware doesn't do any damage. Instead, said Moscow-based Kaspersky Labs in an online briefing, it's a proof-of-concept to prove that a cross-platform virus is possible.
"However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code, and adapt it for their own use," wrote a Kaspersky analyst in the briefing."
This is important information:
"According to Kaspersky's research the Linux.Bi.a/Win32.Bi.a virus can infect either ELF binaries (Linux) or files with the ".exe" extension (Windows)."
Returning to what others have posted concerning the easy infestation of Windows and the relative difficulty of doing the same in Linux -- How many executable files on a Linux system can a regular user overwrite? Nothing important. There aren't enough stupid system admins in the real world who would click on/run an unknown executable to enable this kind of virus to spread. As the article says, it is proof-of-concept. For Linux systems it will stay that way.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Well... Both true and false. IF you manage to exploit a, lets say buffer overflow vulnerability, and that gives you escalated rights, and you are in a less secure system, there is a definite chance of planting the infection. This ofcourse has to be done actively, and may not exactly be a "virus attack". But if the virii is planted inside the system, it may spread. Not all Linux users run a secured system, and not all run it under a normal user. I have seen way to many root's running out there... So the "How many executable files on a Linux system can a regular user overwrite? Nothing important." is only true on a secured system with a secure-minded administrator. How many DOESNT run a secured system, and run everything as root? No way of knowing. I am not saying its easy, or commonplace to break into a non-windows system. But it HAS been done. Sure, there have been "proof-of-concepts" around for different platforms, including mobile phones. I have yet to see a virus outbreak on mobile phones... Lets not wave this off as a "cant happen here". Let us instead work against such concepts, and keep Linux a tidy playground for serious users. -- /Rikard ----------------------------------------------------------------------------- email : rikard.j@rikjoh.com web : http://www.rikjoh.com mob: : +46 (0)763 19 76 25 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
Rikard Johnels wrote:
Not all Linux users run a secured system, and not all run it under a normal user. I have seen way to many root's running out there... So the "How many executable files on a Linux system can a regular user overwrite? Nothing important." is only true on a secured system with a secure-minded administrator. How many DOESNT run a secured system, and run everything as root?
Just out of curiosity, how do you define "secured"? /Per Jessen, Zürich
into electronic streams flowing thru the cosmos On Saturday 08 April 2006 10:44 am, Per Jessen wrote:
Rikard Johnels wrote:
Not all Linux users run a secured system, and not all run it under a normal user. I have seen way to many root's running out there... So the "How many executable files on a Linux system can a regular user overwrite? Nothing important." is only true on a secured system with a secure-minded administrator. How many DOESNT run a secured system, and run everything as root?
Just out of curiosity, how do you define "secured"? <snip>
Well for a really secured computer, It would have to be in a vault, like a bank vault, perhaps somewhere like fort Knox, or Cheyene Mountain. And under no circumstances would it be connected to the internet nor, could it have a floppy , CD or DVD drive and probably it would be well to yank the lan card out of it once it was all setup. ( something like a thin client w/o the access that can provide. That said, it wouldn't be the most practical computer to use. I suppose the one thing I left out would be the human attempting to use it. You could put barbed ( razor) wire around it and lock it away somewhere, but if a human comes near it.. you *might* be headed for trouble. ;-D Failing that, there are the locked down systems where people aren't allowed to willy nilly add software, use the company bandwidth to connect to their home computers , etc. I know lots of folks use web cams and whatever to keep track of what is happening w/ family at home . I'm not certain that is a good use of company resources. It certainly would have to be worked out and legal would have to make certain how things were worded in the company manuals. If, as happens in some fields , a person actually works at home and uses the same materials at work, there must be a way to make that tight enough to keep the company from winding up in court on either end of a break in. Doesn't sound like a fun place to work .. but very BOFH, no? My $.02 -- j "When You Earnestly Believe You Can Compensate For A Lack Of Skill By Doubling Your Efforts, There's No End To What You Can't Do."
jfweber@gilweber.com wrote:
into electronic streams flowing thru the cosmos On Saturday 08 April 2006 10:44 am, Per Jessen wrote:
Just out of curiosity, how do you define "secured"? <snip>
Well for a really secured computer, It would have to be in a vault, like a bank vault, perhaps somewhere like fort Knox, or Cheyene Mountain.
Not a problem - I could always buy one of those left over army bunkers in one of the mountains around here. Although my bomb-shelter has 1m concrete walls, so that'll probably do for starters :-)
I suppose the one thing I left out would be the human attempting to use it.
Actually, what you left out was the definition of "secured" in terms of software/system setup. Physical security is quite a different topic. /Per Jessen, Zürich
On Saturday 08 April 2006 16:44, Per Jessen wrote:
Rikard Johnels wrote:
Not all Linux users run a secured system, and not all run it under a normal user. I have seen way to many root's running out there... So the "How many executable files on a Linux system can a regular user overwrite? Nothing important." is only true on a secured system with a secure-minded administrator. How many DOESNT run a secured system, and run everything as root?
Just out of curiosity, how do you define "secured"?
/Per Jessen, Zürich
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
A system that is audited for rootkits, blatant security holes, and fairly updated to prevent exploits of known software bugs. -- /Rikard ----------------------------------------------------------------------------- email : rikard.j@rikjoh.com web : http://www.rikjoh.com mob: : +46 (0)763 19 76 25 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
At 10:02 PM 8/04/2006, Ken Jennings wrote:
On Saturday 08 April 2006 01:00, Boyd Lynn Gerber wrote:
" Cross-platform Virus Infects Linux And Windows
By Gregg Keizer, TechWeb News
A Russian security company announced Friday that it had found a cross-over virus that can infect PCs running either the open-source Linux or Microsoft Windows operating systems.
Dubbed "Linux.Bi.a" and "Win32.Bi.a," the split-personality malware doesn't do any damage. Instead, said Moscow-based Kaspersky Labs in an online briefing, it's a proof-of-concept to prove that a cross-platform virus is possible.
"However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code, and adapt it for their own use," wrote a Kaspersky analyst in the briefing."
This is important information:
"According to Kaspersky's research the Linux.Bi.a/Win32.Bi.a virus can infect either ELF binaries (Linux) or files with the ".exe" extension (Windows)."
Returning to what others have posted concerning the easy infestation of Windows and the relative difficulty of doing the same in Linux -- How many executable files on a Linux system can a regular user overwrite? Nothing important. There aren't enough stupid system admins in the real world who would click on/run an unknown executable to enable this kind of virus to spread. As the article says, it is proof-of-concept. For Linux systems it will stay that way.
Actually, as a proof of concept it's worse than that, I would think it could also be used to get into a minicomputer or mainframe and do similar damage. scsijon
On Sunday 09 April 2006 10:38, scsijon wrote:
Actually, as a proof of concept it's worse than that, I would think it could also be used to get into a minicomputer or mainframe and do similar damage.
scsijon
IIRC, it relies on some assembler code, which enables it to be Micro$oft and Linux compatible on x86 etc. This would be enough to make it non viable on mainframe.
participants (7)
-
Boyd Lynn Gerber -
jfweber@gilweber.com -
Ken Jennings -
Per Jessen -
Rikard Johnels -
scsijon -
Vince Littler