Cross-Platform Sample Virus

**TBD** · 04-09-2006

Cross-Platform Sample Virus Targets Windows, Linux

http://www.eweek.com/article2/0,1895,1947645,00.asp

Looks like the cross platform virus are on the way ... :drown:

***daark.child*** · 04-09-2006

I wouldn't be worried at all. I am suprised many people are making a big deal out of this when there have already been proof of concept viruses that do exactly the same thing. The big point that many people seem to be missing is that its proof of concept and on Linux systems it will need the right permissions in order to infect important binary files. This is a non issue for most people using linux since hopefully they are wise enough not to run as root and execute unknown programs.

**TBD** · 04-09-2006

hopefully they are wise enough not to run as root and execute unknown programs.

I think that has been the hope with users all along .. but they never seem to stop doing just that.

I wouldn't be worried at all.

I tend to agree with the author's view, that this is the future of the Virus.
There is no OS or line's of code that can't be altered or exploited - everything is breakable ... including Linux.
It may just not come in the manner you expect.

Remember that Rootkits originated with Linux ... and are nastier than any virus or trojan in my opinion.

***Roxoff*** · 04-11-2006

Woohoo - am I the only one who thinks this is finally some good news?

Hmm, I'd better explain.

Firstly, Linux isn't really at threat from this, except for the most stupid of users who do things with root privileges without thinking (and their sysadmin or places like this one should be putting them right all the time).

Secondly, the rise of virus attacks against a particular system is one of the indicators of the system's popularity. If it's not got much of an installed base, then nobody is gonna bother going to the trouble to write attacks for it unless they have some particular need, which falls outside the general case. So, if viruses are being written to target Linux, then it Linux must finally be coming above the radar...

We're winning, guys... Keep up the good work.

**carlosponti** · 04-11-2006

wasnt this a proof of concept virus. what does that mean really? i would have thought it was not really a virus but a concpet on how to write one and there is no real threat on an untested virus.

**techieMoe** · 04-11-2006

I like the NewsForge take on this:

http://software.newsforge.com/softwa...0.shtml?tid=78

Have you heard the "news"? There's a new virus that attacks both Linux and Windows machines. Thus, once and for all, there is an end to the notion that Linux is somehow immune to the viral infections that plague the Windows world. Or at least so one anti-virus software vendor would have the world believe.

Of course, there are a few caveats behind the headlines. One minor thing is that the alleged virus -- called Virus.Linux.Bi.a -- being trumpeted far and wide by Kaspersky Lab is not really a virus, but rather "proof of concept" code, designed to show that such a virus could be written.

A second caveat is that for it to work on Linux, a user has to download the program and then execute it, and even then, it can only "infect" files in the same directory the program is in. Exactly how the program gets write permissions even in that directory is not explained.

And finally, it's not a virus at all. It can't replicate itself, which is one thing that makes a piece of malware a virus. According to Wikipedia, as stated in the first sentence of the entry for "computer virus," a virus is "a self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents."

...

So the biggest question I had after reading the story in several different places, none of which provided any data beyond the blind repetition of the scare headline, was, "Why in the world are they calling this a virus, when one of the few facts they provide conclusively proves that it's not?"

Kaspersky Lab has not yet responded to my query about this.

Much smarter folks than I have pointed out that only idiots believe Linux is totally immune from such things. I agree with them. We can never safely assume that Linux is as secure as it can be. But when a Microsoft partner creates a tsunami of headlines with a story about a phony, fabricated "virus," which admittedly is not contagious, and which requires the user to execute it in order for it to do anything at all, I don't call it a virus. I call it BS.

**carlosponti** · 04-11-2006

yeah i think people in the MS world are so wanting there to be a virus that they are deeply looking to write one.

**TBD** · 04-19-2006

Torvalds creates patch for cross-platform virus
http://software.newsforge.com/softwa...?tid=78&tid=26

" Linus Torvalds has had an opportunity to examine the testing and analysis by Hans-Werner Hilse (the virus), and has blessed it as being correct. The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call."

**carlosponti** · 04-19-2006

even in the article they made the reference to the virus with quotes denoting that it wasnt seriously a virus. Linus fixed a security threat that really didnt work so does that mean he fixed nothing?

but in less than 2 weeks a security threat was fixed by torvolds himself try that with proprietary software.

edit: i still stick with my originial estimate of this BFD

**Tainted_Girl** · 04-19-2006

I don't get it. Why would you want to sample a virus?

Thread Tools

Display

Cross-Platform Sample Virus

Torvalds creates patch for cross-platform virus

Posting Permissions