Author Topic: Linux and Win virus  (Read 1923 times)

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Linux and Win virus
« on: 19 April 2006, 05:50 »
Just got this in the mail ... good thing I didn't unsubscribe to the AVERT newsletter

http://www.techworld.com/security/news/index.cfm?newsID=5752&pagtype=all

http://vil.nai.com/vil/content/v_139173.htm

Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
Re: Linux and Win virus
« Reply #1 on: 19 April 2006, 09:33 »
Anyone tried ClamAV yet?

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Linux and Win virus
« Reply #2 on: 19 April 2006, 17:12 »
Linus Torvalds showed that the virus doesn't work with Linux 2.6.16, and released a patch for Linux so it does, lol.
http://linux.slashdot.org/linux/06/04/18/2046203.shtml
http://software.newsforge.com/article.pl?sid=06/04/18/1941251
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

Jack2000

  • Guest
Re: Linux and Win virus
« Reply #3 on: 19 April 2006, 17:56 »
Quote
and released
Quote
a patch for Linux so it does, lol.

he released a pach to allow the virus to work !??
wtf

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Linux and Win virus
« Reply #4 on: 19 April 2006, 19:30 »
Quote
 Linus Torvalds has had an opportunity to examine the testing and analysis by Hans-Werner Hilse which we reported on yesterday, and has blessed it as being correct. The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. He has coded a patch for the kernel to allow the virus to work on even the latest Linux kernel.

Well, I suppose it makes some sense ... if you fix the gcc bug the virus can get in ...

I just tried clamav and it seems to work very fast ... it's command line and quite simple to use.

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: Linux and Win virus
« Reply #5 on: 19 April 2006, 21:38 »
The problem isn't the proof-of-concept (and for now, that's all it is), it's the fact that the register is mishandled in the first place.  Assuming that only virii will ever use specific register values and subsequently locking them out closes the door on legitimate applications as well.  The worst thing that can possibly happen is a mass infection from a million users all running as root - except that kind of single-user thinking is widely being phased out of UNIX-based systems altogether, and especially the "newbie-friendly" distros like Ubuntu don't allow root privs at all.  At worst, the user loses his or her files in the most unfortunate event.  Not that I'm not running Clam, but I can understand how a sysop could make a case for security based on ACLs rather than obscurity.  On the lighter side of things, as has been stated, now even Windows virii can execute on Linux.  Reciprocate THAT Gates. ;)

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

GenuineAdvantage

  • Member
  • **
  • Posts: 372
  • Kudos: 449
Re: Linux and Win virus
« Reply #6 on: 20 April 2006, 11:34 »
I'm shaking in my boots. :thumbdwn: Who runs as root anyways? If I get seriously infected on linux by a 'virus' and I can publically prove it, I figure I'll be a little famous. win-win.


Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
Re: Linux and Win virus
« Reply #7 on: 20 April 2006, 11:52 »
Quote from: GenuineAdvantage
Who runs as root anyways?

Newbie Gentoo users and Linspire users.

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Linux and Win virus
« Reply #8 on: 20 April 2006, 19:06 »
Oh well ... they probably deserve it

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Linux and Win virus
« Reply #9 on: 20 April 2006, 19:37 »
Quote from: Refalm
Newbie Gentoo users and Linspire users.
Linspire users? Jesus Christ, I thought that looked like an OK newbie distro but then they go and do a Microsoft.
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Linux and Win virus
« Reply #10 on: 20 April 2006, 19:40 »
Linspire or Lin$pire is by far in no way a newbie distro ... it is complete bullshit that noone should EVER use ... not newbies, not anyone. It is probably even worse than Window$ or at least as bad ... worthless, useless, retarded ... don't use it or recommend it to anyone unless you really really hate them.

Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
Re: Linux and Win virus
« Reply #11 on: 21 April 2006, 11:16 »
Quote from: piratePenguin
Linspire users? Jesus Christ, I thought that looked like an OK newbie distro but then they go and do a Microsoft.

Linspire now gives you a choice to either run root as default or use the user account.
Most people will select the first version.

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Re: Linux and Win virus
« Reply #12 on: 22 April 2006, 07:58 »
Quote from: Orethrius
The problem isn't the proof-of-concept (and for now, that's all it is), it's the fact that the register is mishandled in the first place.  


Yeah.  I think a slashdot poster phrased it best.

"Linus did not create a patch for the virus. Linus created a patch for the Linux kernel, to fix a bug which happened to have been discovered by looking at the virus."
In brightest day, in darkest night, no evil shall escape my sight....

Jack2000

  • Guest
Re: Linux and Win virus
« Reply #13 on: 22 April 2006, 13:17 »
I think he should add an option to "swich off"
that fix and/or the  way register is handled

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Re: Linux and Win virus
« Reply #14 on: 23 April 2006, 01:42 »
Jack, the option is simply not to apply the patch.  

Even then, why would you not want to apply the patch?

It's not like this damn thing is even a threat.

I'd rather have a working kernel than a broken one that won't run a virus that would never be a threat to me anyway.
In brightest day, in darkest night, no evil shall escape my sight....