Pete Connolly wrote:
For a real life example of a linux infecting site, Bruce Schneier blogged this article: http://www.schneier.com/blog/archives/2007/08/how_a_linux_ser.html which mentioned the location of an infection site at:
http://83.19.148.250/~matys/pliki/
I'm afraid it's still live as of tonight. Believe me, they are around, live and you do not want anything from there on your linux system.
OK, I'm game. I visited the site and downloaded some files. I had a closer look at one called "ave" which appears to be one of those so-called "linux viruses", attempting to use old do_brk and do_munmap exploits to get root. It's a bit tedious to set up. It seems to be essentially one of the "honor system" viruses for unix, you know the drill: 1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not) If you're running a fairly recent linux distro, nothing happens. But the naive local user who's running some old redhat 6.2 or the like, and goes through the honor system drill above might well lose big time. Not to be cocky, there is some danger here, but it's a far cry from the ease with which windows systems are regularly pwned with no effort whatsoever on the part of the hapless user. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org