On Mon, 21 Jan 2008, James Knott wrote:- <snip>
>Anti-virus software is generally not necessary with Linux, unless it's >being used as a mail or file server in a Windows network. AFIK, >there's never been a viable Linux virus. That depends on whether you include worms and trojans under the definition of a virus. If so, there have been Linux viruses in the wild. I still have a copy of a loader script and the IRC bot[0] that was installed by it, grabbed from an infected server just over 2 years ago[1]. IIRC, the method of infection for that particular worm was to insert shell commands[2] into a URL passed to a web server running an exploitable version of PHP. The commands were executed by a root shell and was used to download the loader script, set its mode to 744 and then execute that. The script in question downloaded 2 files, one was the IRC bot, the other was used to search out and try to infect other web servers. At the time, I was seeing over 100 different IP addresses daily, each sending almost the same commands over a period of a several weeks. The only differences between the commands were the IP address of the server hosting the loader script and, occasionally, the name of the loader script. [0] Compiled using GCC 3.3.6 on a Gentoo system. [1] File is dated 2005-12-20. [2] Without digging up my old server logs, I can't be more specific. Google might have something about it though. Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit | openSUSE 11.0a0 SUSE 10.1 64bit | openSUSE 10.2 64bit | openSUSE 10.3 64bit RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC |RISC OS 3.11 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]