[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Hey, We Probably Should Pay Attention - or maybe not

Subject: Re: [cobalt-users] Hey, We Probably Should Pay Attention - or maybe not
From: Robert Brownback <bobski@xxxxxxxxxxxxxxx>
Date: Sun Apr 1 13:17:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Sanity check:
 This is not very damaging because it is a "proof of concept" exercise
by its author. He merely wanted to see if it would work. Does it work?
In a very limited way. I've visited the author's site, downloaded the
"virus" and tried some limited testing in a controlled environment

 Any and all strictly Linux environments are immune as this is a
Windows/Intel program. It cannot run stand-alone on a Linux system. It
can only infect Linux binaries if it is run under Windows and Windows
has access to them. In any case that this "virus" should cause wide
spread damage to a Linux system, it could only be attributed to the
supreme stupidity of the system administrator.

 Some ways this could infect Linux binaries:
    1. You dual boot and make your Linux partition accessible to
Windows. As I recall, there is a utility for NT to access Linux
partitions, but one doesn't exist for Win 9x.
    2. You have Wine or another Windows emulator installed and you run
the program as root.
    3. You have Wine or another Windows emulator installed and you allow
other users to have root privileges and they run the program.
    4. You openly share the root directory or *bin directories using
samba and allow write privileges. Although I haven't tested this
configuation, I imagine that basic system permissions would override any
attempts to write to system areas, unless a user is allowed to connect
as root.

There may be other ways that escape me at the moment. Proper basic
administrative practices will ensure this particular "virus" cannot have
any effect on your Linux system.

On 01 Apr 2001 11:48:39 -0400, Dave Shugarts wrote:
> Hi, List--
> 
> I hope it is helpful to mention the current issue of Internet Week, April 2,
> page 9, "Virus Attacks Linux, Windows Systems." It is about a non--dmaging
> virus called W32.Winux which was posted to the antivirus company Central
> Command. It infects both Windows and Linux systems. Currently, it is said to
> have no mechanism for spreading itself, but if it is manually executed on a
> machine, it "infects all the executable files in its folder and the parent
> folder, so that all those files also become virus files."
> 
> The article also contains comments from guys at Securityfocus.com, DuPont
> and TruSecure Corp. as to the significance of it, as a harbinger of bad
> things to come.
> 
> --Dave Shugarts
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] Hey, We Probably Should Pay Attention
  - From: Dave Shugarts

Prev by Date: [cobalt-users] [RAQ2] Mail problems-S80sendmail command?
Next by Date: [cobalt-users] SMB - Windows file sharing problems
Previous by thread: [cobalt-users] Hey, We Probably Should Pay Attention
Next by thread: [cobalt-users] Deception Toolkit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index