l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2004 Jul 18 20:57

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] [OT] Now I have a virus. Argh!!!!!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] [OT] Now I have a virus. Argh!!!!!



On Sun, Jul 18, 2004 at 09:40:52AM -0700, Rick Moen wrote:
> Quoting boombox (boombox@cokeaholic.com):
> 
> > Of course, if you don't want to spring for antivirus, you could just make
> > sure only to boot up in windows when you are playing, since I don't know
> > of any Linux viruses. Makes you think.
> 
> I've been making a list of the known Linux viruses.  It turns out to be
> really easy to make one, but (except during rare vulnerability windows
> when there's a nice juicy security hole that's just been discovered and
> that you've figured out how to exploit) damned near impossible to get
> them to be executed and spread.
> 
> Staog, Bliss, Vit, RST (Remote Shell Trojan), Gildo, OSF, Kagob, Satyr,
> Rike (Rike.1627), Winter (Lotek), Diesel, Nuxbee, Winux (PEElf, Pelf),
> Svat, Obsidian.E, Simile (Etap), Jac, Pavid (Alfa.dr), Telf, Ynit,
> Zipworm (distinctive only in that it likes to infect ELF files in Zip
> archives), and Penguin:  These are all "ELF infectors", where "ELF" is the
> standard Unix binary format.  To activate these, you must literally
> decide to run a binary infected with them, e.g., someone mails you a
> binary file and says "Please run this not-especially-trustworthy binary
> executable." Doing so would of course be really dumb; the consequence of
> being dumb in that particular fashion is that some number of Linux
> executable binaries set to be writable by the user's account would get
> modified to include a copy of the virus.  Note that the user is thereby
> enable only to shoot at his _own_ foot:  No regular installed
> applications could be affected, because those are not writable by
> regular users: Only binary executables in /home/username/bin/ and such
> could be affected (and seldom do users have any).

I imagine the caveat to that last statement is that if one of these
ELF infectors were able to take advantage of a privelage elevation
attack, then they could infect any binary - although those kinds of
attacks are few and far between, and they are patched quickly.

-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG *please* see me about 
signing the key. ***** My computer can't give you viruses by email. ***

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.