TIP: Click on subject to list as thread! ANSI
echo: linux
to: ALL
from: CHARLES_ANGELICH@f140.n123.z1
date: 2005-10-26 21:15:55
subject: linux virus
Path: number1.nntp.dca.giganews.com!local01.nntp.dca.giganews.com!nntp.adelphia.com!news.adelphia.com.POSTED!not-for-mail
NNTP-Posting-Date: Wed, 26 Oct 2005 21:15:55 -0500
Newsgroups: fidonet.linux
From: CHARLES_ANGELICH@f140.n123.z1
Date: Sun, 23 Oct 2005 09:02:00 -0400
Subject: linux virus
Message-ID: 
Organization: Try Our Web Based QWK: DOCSPLACE.ORG
 456
 205/1
 267/200
Lines: 169
NNTP-Posting-Host: 24.48.121.215
 properly
Xref: number1.nntp.dca.giganews.com fidonet.linux:74



Hello All -

All of these links were on Google's first page of 'hits'.

Warnings from Grisoft, Symantec, and F-Secure go unnoticed
while 'absorbing' the collective 'wisdom' displayed here
in the FIDO linux echo?

QUOTE:

"So why hasn't there been more malicious code for Linux?
The dominance of Windows, particularly as a desktop operating
system, is the key reason." 

[...] 

"Currently there are 712 pieces of malware that target Linux.
This number will almost certainly increase as the popularity of
Linux itself increases." 

--------------------- 

Anti-virus for linux: 

http://www.centralcommand.com/index.html 

--------------------- 

Grisoft predicts Linux virus plague: Grisoft, makers of the
popular AVG Anti-Virus offering, has warned that it is "only a
matter of time" before Linux becomes widely targeted by virus
and malware writers. 

http://www.vnunet.com/vnunet/news/
2143697/grisoft-warns-linux-virus

--------------------- 

Linux.RST.B is a linux-based virus that infects ELF files and
has backdoor capabilities. 

Also Known As: Linux.RST.b [Kaspersky], Linux/RST.B [RAV] 

Type: Virus 

Systems Affected: Linux 

Systems Not Affected: DOS, Macintosh, Macintosh OS X, Novell
Netware, OS/2, UNIX, Windows 2000, Windows 95, Windows 98,
Windows Me, Windows NT, Windows Server 2003, Windows XP 

------------------- 

http://www.viruslist.com/en/weblog?calendar=2005-09 

David September 12, 2005 | 16:34 MSK 

Slapper, one of the best known worms for Linux, is three years
old tomorrow. It caused an outbreak back in 2002. This
anniversary started me thinking about Linux malware: 

Before Slapper, Linux viruses had been around for a while.
Bliss, a virus which appeared in 1997, was the first to
demonstrate that Linux was vulnerable to viruses. And once
Bliss opened the door, other types of malware followed. 

Many Linux viruses infect ELF [Executable and Linkable Format]
files, the most common Linux file type. However, this is not
the only technique. Some viruses use Unix shell scripts which
are supported by most Linux distributions. These are powerful
and easy to write. The Ramen worm, for example, uses known
system exploits to gain root access to vulnerable Linux servers
and then employs ELF binaries and shell scripts to find other
servers to infect. 

The number of Linux threats has increased slowly. But they have
grown more sophisticated. Multi.Etapux, for example, is a
complex polymorphic virus which uses entry-point obfuscation to
evade detection. It is also able to infect Windows 32 PE files
as well as Linux ELF files. There are also Linux threats which
exploit system vulnerabilities in order to attack. The Slapper
worm, for example, utilizes a known vulnerability in the Open
SSL library to infect Apache web servers. And the Adore worm
uses a random port scan to identify systems that have a root
access vulnerability in the BIND.DNS service on Linux servers. 

Linux virus writers (and all other Unix flavours) face quite a
few difficulties. For example, to modify ELF binaries, it's
necessary to have root administration rights. And there may be
specific dependencies related to specific Linux versions,
making it h hard for a virus writer to create a single virus
for all implementations of Linux. But such obstacles can be
overcome. The use of scripts, for example, makes a virus or
worm less dependent on a specific Linux distribution. One of
the early Linux viruses, Staog, uses a vulnerability to get
root access to the system. Slapper uploads itself as a
uuencoded source file. It then decodes and compiles the source
into an ELF binary, re-compiling itself using a local copy of
the 'C' compiler. 

So why hasn't there been more malicious code for Linux? The
dominance of Windows, particularly as a desktop operating
system, is the key reason. Malware authors want the biggest
possible bang for their buck so they target the operating
system that is most t widely used. Linux simply isn't
widespread enough to be a serious target - at the moment. 

That said, the use of Linux as an operating system is
increasing, partly due to the popularity of Linux distributions
such as RedHat and SuSE. Currently there are 712 pieces of
malware that target Linux. This number will almost certainly
increase as the p popularity of Linux itself increases. 

And one other thing to consider - more and more organizations
are starting to use Linux alongside Windows, with a Linux
file-server storing Windows applications. These files can be
infected at desktop level, with infected files then being
stored on the server. Organizations must therefore accept the
necessity of scanning the Linux server to protect against
malicious code attacks. 

-------------------- 

Linux virus infection fears 

http://news.bbc.co.uk/1/hi/sci/tech/1123827.stm 

Virus writers are starting to target web computers running the
Linux operating system. 

This week, many web servers running some versions of Linux have
been infected with a malicious program that uses the computers
as a springboard to spread itself around the internet. 

Although not destructive, the virus program is inconveniencing
many webmasters as it hogs resources while searching for new
servers to infect. 

Experts have warned Linux users to expect growing numbers of
attacks as the operating system grows in popularity. 

Instant access 

The webmasters who have had to deal with the problem are those
running sites using Redhat Linux. Servers have been invaded by
a worm that replaces the site's main page with one showing an
image of a Ramen instant noodle packet. The picture is
accompanied by the message, "Hackers looooooooooooove noodles". 

Worms are a distinct class of viruses that can move around and
replicate by themselves. Typically viruses only move to other
machines with the help of the files they have infected. 

The worm targets servers using version 6.2 and 7.0 of Redhat
Linux. The program looks for well known loopholes in these
versions and exploits them to copy itself on to the vulnerable
machines. 

------------------------ 

>
>        ,                          ,
>      o/      Charles.Angelich      \o       ,
>       __o/
>     / >          USA, MI           < \   __\__
SOURCE: echoes via archive.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.