On Thu, Mar 29, 2001 at 01:07:49PM +1000, John Griffiths wrote: > At 10:00 PM 3/28/2001 -0500, Ben Collins wrote: > >On Thu, Mar 29, 2001 at 12:55:16PM +1000, Mark Devin wrote: > >> Does anyone know anything further on this new W32.Winux virus. > >> Check out this link: > >> http://news.cnet.com/news/0-1003-200-5329436.html?tag=st.cn.1.lthd > >> > >> Surely this virus cannot overwrite executables that require root > >> permission? Or can it? > > > >No, if this virus actually exists (and I doubt its true, or even > >particularly threatening), it can only affect your files. Unless you are > >in the bad habit of reading email as root, and executing random > >attachments manually. > > At this point the virus is just a proof of concept, no payload and no > replication existing only on the author's HD and the copy he emailled to the > anti-viral company. > > the proven concept may be used to do more interesting things.
The concept is still dependent on the user executing an attachment (depending on their email client, which most Linux clients are smart), and it can still only affect user owned files, not root (unless said email is read, and attachment is executed, by root). Anyone can do that. I can write a C program and send it to you that emails me /etc/passwd and /etc/shadow. You still have to be dumb enough to execute it. That's not a virus, that's social trickery. Now, if it emails itself (and remember with Linux there are several dozen email programs, so finding the right address book format is pretty hard), then it is viral, sort of, since you still have to manually execute it. Yes, it is pretty nifty that it can run on i386-Linux and Windows using basic asm. However, that is a very limited thing, and for it to really do someting useful, it will need to do a lot more, and will most likely be less able to run on both Windows and Linux from one binary. IMO, this is nothing completely new or innovative. ASM has been around a long time, even before viruses. It all boils down to people being smart enough not to accept attachments form people they don't know, and especially don't execute programs sent to you randomly over the internet. -- -----------=======-=-======-=========-----------=====------------=-=------ / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=========------=======-------------=-=-----=-===-======-------=--=---'
