Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Win32/Linux Cross-Platform Virus

michael posted more than 11 years ago | from the 20-klez-a-day dept.

News 582

An Anonymous Coward writes "Symantec reports on the first virus to infect both ELF and PE binaries on Linux and Win32. "The first Win32/Linux cross-infector, {Win32,Linux}/Peelf, uses two separate routines to carry out the infection on PE and ELF files. This variant of Simile shares a substantial amount of code between the two infection functions, such as the polymorphic/metamorphic engines, the only platform-specific parts being the directory traversal code and the API usage.""

cancel ×

582 comments

Sorry! There are no comments related to the filter you selected.

why i love my mac (2, Funny)

Anonymous Coward | more than 11 years ago | (#3627139)

No crossingover to this platform

Re:why i love my mac (1, Insightful)

Anonymous Coward | more than 11 years ago | (#3627149)

you wont be saying that when a *BSD/OSX virus creeps up

Re:why i love my mac (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#3627159)

Who would want to target a dying platform like
*BSD.

in memoriam nasdaq (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627250)

Ring Of Fire
Written by June Carter and Merle Kilgore
Recorded by Johnny Cash on 3/25/63
Number one - County Chart; Number 17 - Pop Chart


Love Is A Burning Thing
And It Makes A Fiery Ring
Bound By Wild Desire
I Fell [yahoo.com] Into A Ring Of Fire

CHORUS:
I Fell [yahoo.com] Into A Burning Ring Of Fire
I Went Down, Down, Down
And The Flames Went Higher

And It Burns, Burns, Burns
The Ring Of Fire
The Ring Of Fire

I Fell [yahoo.com] Into A Burning Ring Of Fire
I Went Down, Down, Down
And The Flames Went Higher

And It Burns, Burns, Burns
The Ring Of Fire
The Ring Of Fire

The Taste Of Love Is Sweet
When Hearts Like Ours Meet
I Fell [yahoo.com] For You Like A Child
Oh, But The Fire Went Wild

CHORUS
I Fell [yahoo.com] Into A Burning Ring Of Fire
I Went Down, Down, Down
And The Flames Went Higher

And It Burns, Burns, Burns
The Ring Of Fire
The Ring Of Fire

I Fell [yahoo.com] Into A Burning Ring Of Fire
I Went Down, Down, Down
And The Flames Went Higher

And It Burns, Burns, Burns
The Ring Of Fire
The Ring Of Fire

And It Burns, Burns, Burns

The Ring Of Fire

The Ring Of Fire

Your comment has too few characters per line (currently 14.3).Your comment has too few characters per line (currently 14.7).Your comment has too few characters per line (currently 15.6).Your comment has too few characters per line (currently 16.5).Your comment has too few characters per line (currently 17.4).Your comment has too few characters per line (currently 18.4).Your comment has too few characters per line (currently 19.3).Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted. Your comment has too few characters per line (currently 20.2).Your comment has too few characters per line (currently 21.1).Your comment has too few characters per line (currently 22.0).Your comment has too few characters per line (currently 22.9).Your comment has too few characters per line (currently 23.8).Your comment has too few characters per line (currently 24.7).Your comment has too few characters per line (currently 25.6).Your comment has too few characters per line (currently 26.6).Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.Solid.

Re:why i love my mac (0)

Anonymous Coward | more than 11 years ago | (#3627277)

No crossingover to this platform

Hmmm... you must have some sort of "Super Mac" or something because most other Macinstosh seem to be vulnerable [sherpasoft.org.uk] . Hmmm... I guess you won't be needing this [symantec.com] .

Re:why i love my mac (3, Funny)

Anonymous Coward | more than 11 years ago | (#3627287)

No crossingover to this platform

You mean virues, or software in general?

Re:why i love my mac (2)

WildBeast (189336) | more than 11 years ago | (#3627308)

My OS/2 WARP machine is still virus free since 1997. I just can't believe how secure it is :)

Use the source Luke! (1)

Tyler Eaves (344284) | more than 11 years ago | (#3627142)

Compiling all my apps from source removes worries about this kinda thing ;)

I *never* run prebuilt binaries if at all possible.

Re:Use the source Luke! (5, Insightful)

Anonymous Cowrad (571322) | more than 11 years ago | (#3627162)

If you read the source. I don't know about you, but I don't have time to go through everything I build with a fine tooth comb looking for nasties.

Grabbing source and make installing it is about the same as grabbing a binary, as far as security goes. You just don't know what's in there.

Re:Use the source Luke! (0, Troll)

gTsiros (205624) | more than 11 years ago | (#3627231)

No, you dumbass. that would be true if you were the only one who wants to install a program. However, it isn't so. YOU might not look in the code, but OTHERS do.

Troll. (or ignorant, pick one)

Re:Use the source Luke! (3, Insightful)

djmurdoch (306849) | more than 11 years ago | (#3627241)

No, you dumbass. that would be true if you were the only one who wants to install a program. However, it isn't so. YOU might not look in the code, but OTHERS do.

And why worry about downloading binaries? Even if you don't scan them for viruses, others do.

Re:Use the source Luke! (1)

Anonymous Cowrad (571322) | more than 11 years ago | (#3627261)

No, you dumbass.

Off to a great start...

YOU might not look in the code, but OTHERS do.

Man, that's a fantastic security plan.
"I dunno, somebody checked it... ./configure"

Troll. (or ignorant, pick one)

I can only pick one? No ignorant troll option? Well, then, I'll take ignorant. I hear it's nice.

Re:Use the source Luke! (0)

Anonymous Coward | more than 11 years ago | (#3627263)

But do you wait until you know someone who has a clue has read and analysed the source before you install? Or do you just hope?

But that's what all the others think too (2)

DABANSHEE (154661) | more than 11 years ago | (#3627295)

They are hoping you checked it.

Re:Use the source Luke! (0)

Anonymous Coward | more than 11 years ago | (#3627173)

Not having sex removes worries about STDs.

I don't want to compile my apps from source because it is fucking slow, cumbersome and leads into a dependency hell.

Re:Use the source Luke! (0)

Anonymous Coward | more than 11 years ago | (#3627215)

Aha! I see one person whos not yet tried a 'ports' system, ala FreeBSD. Try it and come back, bub.

Re:Use the source Luke! (0)

Anonymous Coward | more than 11 years ago | (#3627259)

Yeah, I don't know what his problem is... ports worked pretty effortlessly for me (like apt-get but with source). I'm just sorry the project is dying... I really liked FreeBSD. :P

Re:Use the source Luke! (5, Informative)

Anonymous Coward | more than 11 years ago | (#3627177)

Running ./configure can be just as bad if you aren't extremely careful. The monkey.org server was compromised last week, the security tools hosted on the site had backdoors placed into their configure scripts, and almost a thousand people were hit with it...

url: http://online.securityfocus.com/archive/1/274927

Re:Use the source Luke! (2, Insightful)

Anonymous Coward | more than 11 years ago | (#3627180)

Do you read over the entire source code for all of the apps you install? If not, what's not to keep someone from incoporating the source code for this, or some other virus, directly into the source code for one of the apps you installed via (./configure; make; make install)?

Re:Use the source Luke! (5, Insightful)

innocent_white_lamb (151825) | more than 11 years ago | (#3627203)

Do you read over the entire source code for all of the apps you install?

You forgot to include "and completely understand" in the above quotation.

We all know (I'm sure) that the function of a routine isn't always obvious. And especially if someone is trying to hide a routine, the functionality could be made very un-obvious.

A complete source code audit for any major application would be far more labourious than any individual would have the time to undertake in most circumstances.

that doesn't help (-1)

ArchieBunker (132337) | more than 11 years ago | (#3627202)

unless you read every single line of every program you install. Saying "someone else" will catch it is even worse. How many prebuilt binaries does a redhat distro come with?

LIKE THAT MATTERS???? (1)

ramdac (302865) | more than 11 years ago | (#3627249)

That means less than a shit if you don't actually AUDIT the code before compiling.....

First post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627143)

First post!

FKCS Post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627148)

First Kansas City Sucks Post!!!!

One more reason... (3, Redundant)

forged (206127) | more than 11 years ago | (#3627150)

...not to be logged in as root. At least the typical Linux user can limit the damage this way.

Re:One more reason... (0)

voxel (70407) | more than 11 years ago | (#3627170)

Not really. There are hundreds of applications on the system that are CHROOT'ed, that is have access as root when executed. If one of these hundreds of apps were to become infected (chances are fair to good), than you can kiss your entire system good-bye.

Thank you very much, drive thru, have a nice day.

Re:One more reason... (2)

gmack (197796) | more than 11 years ago | (#3627188)

You mean SUID root and you need to be root to write to those files in the first place... so the original statement was correct: not running as root will limmit the possible damage.

Re:One more reason... (0)

Anonymous Coward | more than 11 years ago | (#3627208)

There are hundreds of applications on the system that are
CHROOT'ed, that is have access as root when executed.

Maybe the word you are searching for is SUID, not chroot

Re:One more reason... (2, Informative)

RealUlli (1365) | more than 11 years ago | (#3627230)

There are hundreds of applications on the system that are CHROOT'ed, that is have access as root when executed.

You mean setuid(root). Chroot means the root-directory of the software is changed, in effect putting it in a rather secure sandbox...

If one of these hundreds of apps were to become infected (chances are fair to good), than you can kiss your entire system good-bye.

No, they aren't. If the virus manages to infect one of these binaries, it already *has* root, so it can infect any other binary, too. Basically, it depends on if the virus is able to execute a local root compromise, which is easier than remote, but not *that* easy.

Regards, Ulli

Re:One more reason... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627235)

because everyone else is telling you that you fucked up, i'm going to also:

you meant set suid root, not chroot.

Read my post about breaking my penis...it does a world of wonders.

Re:One more reason... (-1, Troll)

mosch (204) | more than 11 years ago | (#3627237)

you're a fucking retard.

chroot [nodevice.com] does not do what you think it does. chroot allows an application to sandbox itself, limiting the potential exposure to the system should that application have a security issue.

additionally, if you're running as a regular user, then you don't have write permissions on system apps, and they can not get infected, even if they are SUID root.

i repeat, you're a fucking retard.

Re:One more reason... (0)

Anonymous Coward | more than 11 years ago | (#3627256)

Unless there is a local explote for one of the suid binaries.

Re:One more reason... (2, Offtopic)

garett_spencley (193892) | more than 11 years ago | (#3627281)

Man, if I had mod points right now I'd mod you a troll even though your point is right.

So they guy didn't know and he was ignorant. Ignorace != stupidity and it was rude of you to call him a fucking retard.

I'm sorry but in my eyes you're the fucking retard.

--
Garett

Re:One more reason... (0)

Anonymous Coward | more than 11 years ago | (#3627275)

I'm not sure what kind of system you are running, but on all the production servers Iv'e ever encountered, there were at max 3 chrooted processes (on any single server, which is pretty rare in itself), usually BIND, httpd, and ftpd.

Usually, those are obtained from whatever distro you run, and updated only when a security concern arises for that daemon, and normal users don't have write access to infect those binaries anyway... Unless there is a virus in the bootloader, and not alot but common sense and keeping the stupid people away from your machine physically can do anything to prevent that, you're argument is full of holes (and big ones at that).

Maybe you meant SUID 0, that's another concern, and any compentant sysadmin won't put any such programs on a multiuser system in the first place. About the only SUID 0 program that Iv'e ever found to be necessary at all (and infrequently at that, if you aren't a lazy bum) is sudo. If you need sudo in the first place, you're begging for trouble (even as good a tool as it is), 'cause 99.99% of the users out there don't need any SUID 0 access at all ever.

Read: there is probably a better way to do it in the first place, but sudo is a great shortcut, and is reasonably safe if up to date, and your users aren't genious hackers with bad attitudes toward their sysadmin.

Re:One more reason... (2)

forged (206127) | more than 11 years ago | (#3627292)

The point of my post was that it is fairly unlikely that your suid root server application will be surfing the web, download the binary and launch the program. If the infected file is downloaded to your PC and ran, that's exactly because it will be _downloaded_ by some user and ran. If some user != root then you can limit the damage substantially.

Now if you're logged in as root and you download & run the infected file as root, then any of your applications (incl. the suid which you are refering to) will potentially spread the virus further, but that's already beyond the point of initial infection.

Re:One more reason... (4, Insightful)

Anonymous Cowrad (571322) | more than 11 years ago | (#3627195)

Sure you can limit it, but losing ~ is still a bitch. If anything, I'd rather lose everything but ~ because that's where my files are changing all the time. Everything else is fairly static, so rolling back to yesterday's backup isn't so bad.

Re:One more reason... (1)

kc8apf (89233) | more than 11 years ago | (#3627255)

But really, how many ELF binaries are in your ~?

Re:One more reason... (0)

Anonymous Coward | more than 11 years ago | (#3627291)

Many, if you write many simulations or otherwise code a lot!

Re:One more reason... (5, Insightful)

garett_spencley (193892) | more than 11 years ago | (#3627305)

Someone else already mentioned this but I'll say it again.

There is no difference as far as I'm concerned as losing my entire system or losing my home directory. You're right that at least if you don't use the root account to catch the virus only your own files would be destroyed but really the files in my home directory are the only files that I care about getting destroyed.

It only takes me about 10-15 minutes the get my system back up if I had to reinstall. It's all my personal files that can't be replaced that would make the experience traumatic.

--
Garett

Good thing this can't infect Linux! (5, Funny)

overturf (193264) | more than 11 years ago | (#3627151)

Whew! For a second there I thought it was a virus that could infect Linux (which is, of course, not possible). What a relief that it's a virus that only infects Win32/Linux!

Re:Good thing this can't infect Linux! (0)

Anonymous Coward | more than 11 years ago | (#3627168)

+5, Funny... MY ASS!

Re:Good thing this can't infect Linux! (0)

Anonymous Coward | more than 11 years ago | (#3627280)

actually it is prety funny

now could you please cover it?

Re:Good thing this can't infect Linux! (2, Funny)

davmct (195217) | more than 11 years ago | (#3627201)

How could you ever think GNU/Linux would be prone? Being built on GNU tools and all with of RMS, no virus could defile that!

Re:Good thing this can't infect Linux! QWZX (0)

Anonymous Coward | more than 11 years ago | (#3627226)

...of RMS, no virus could defile that!

Pretty hard to defile something that's so vile already.

But I heard that GPL is viral! (0)

Anonymous Coward | more than 11 years ago | (#3627227)

Surely that can't be a good thing.

Re:Good thing this can't infect Linux! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627248)

How is this funny and my breaking my penis not???

It's time moderators get some humor and read my story about breaking my freakin penis!

I hurt myself today (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627155)

i was running around outside and i fell and broke my penis.

It was a terrible feeling because it made the same poppping sound that you hear when you are piercing the top portion of your ear...or nose.

Anyway I though I should extend this to people so they don't get the idea that running around outside is safe, you might break your penis

Re:I hurt myself today (0)

Anonymous Coward | more than 11 years ago | (#3627179)

Goddam right that's funny. Mod up further please.

Re:I hurt myself today QWZX (0)

Anonymous Coward | more than 11 years ago | (#3627190)

Anyway I though I should extend this to people so they don't get the idea that running around outside is safe,

Fah, as if that's a problem for a Slashdotter ("Sun? What is this sun of which you speak?").

Re:I hurt myself today QWZX (1)

BJH (11355) | more than 11 years ago | (#3627279)

It's a hardware manufacturer... good boxes, too.

Re:I hurt myself today (0)

Anonymous Coward | more than 11 years ago | (#3627207)

Just one thing: were you running around with a hard-on?

Details are important, you know.

Re:I hurt myself today (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627229)

well i was watching my pirated copy of Ep 2 and natalie portman gave me a raging hardon. I went outside to run up and down the streets cheering because Ep2 was so well done and I tripped.

I feel right on my penis...it hurt a lot :(

Re:I hurt myself today (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627307)

In that case they really should have a US Surgeon General warning for this scene in Ep 2 [episode-x.com] .

Hmm, thats not the first PE/ELF virus. (2, Informative)

Anonymous Coward | more than 11 years ago | (#3627160)

If my memory serves me right the first windows/linux virus, was the Lindose.

For more information see:
http://www.europe.f-secure.com/v-descs/lindo se.sht ml

Damn broken link (0)

Anonymous Coward | more than 11 years ago | (#3627169)

This should work
www.f-secure.com/vdescs/lindose.shtml [f-secure.com]

How to scan Linux (1)

grahammm (9083) | more than 11 years ago | (#3627165)

Is there an NAV for Linux? Otherwise, how do we scan to ensure that we are not infected?

Re:How to scan Linux (3, Informative)

chabotc (22496) | more than 11 years ago | (#3627196)

There are several virus scanners available for linux. Sophos, mcaffee, etc..

Re:How to scan Linux (3, Informative)

forged (206127) | more than 11 years ago | (#3627212)

There used to be a McAfee version available, though with not all the functionnalities that the W32 version, yet the scanning engine worked well.

I haven't used it in so long that I can probably throw it away: last time must have been 1997 or so ;)

Re:How to scan Linux (0)

Anonymous Coward | more than 11 years ago | (#3627223)

Is there an NAV for Linux?

Symatec just hopes so. Who do you think writes computer viruses? 31337 h4x0r5? Hahahahahahaha ...

Re:How to scan Linux (3, Insightful)

jcoy42 (412359) | more than 11 years ago | (#3627266)

how do we scan to ensure that we are not infected?

You do what you should be doing anyway. You run tripwire [tripwire.com] or AIDE [cs.tut.fi] . There is a free version of tripwire for linux, it probably came with your distribution. It *is* a slight pain to setup, mostly because of things like logrotated, but well worth the pain. AIDE I have no experience with because I am satisfied with tripwire. They both do effectively the same thing.

These products don't just "scan for virii", they check that the system is in the state you think it is in. If the system changes, you get a notification saying exactly what changed.

This lets you know if your box has been compromised, or infected, or even if the hard drive is starting to flake out.

Running tripwire/AIDE is just a good thing.

Re:How to scan Linux (5, Informative)

Hawkeye_RC5 (258133) | more than 11 years ago | (#3627267)

F-Prot antivirus software has a free (as in beer, not speech) anti-virus scanner for personal use. You can get it at http://www.complex.is/

The nice thing about this scanner is that it can both check for linux and windows viruses, and that it shares the regulary updated virus definition files for DOS/Windows.

They mean... (1)

hackwrench (573697) | more than 11 years ago | (#3627166)

the first virus in the wild perhaps? No wait... http://www.google.com/search?hl=en&lr=&ie=UTF8&oe= UTF8&q=winux+virus

More proof (4, Insightful)

Isaac-Lew (623) | more than 11 years ago | (#3627171)

OK, we're going to trust an anti-virus vendor about a virus/trojan that would be difficult (if not impossible) to spread in the wild? I haven't read *anything* about how this would attack a Linux system (does it cause a buffer overflow? Does it edit a system config file? Do you need to somehow accidentally execute an email attachment?).

I think that this was cooked up in Symantec's labs in order to scare people & possibly serve as an ad for their software, especially if they have a "solution" that runs on Linux.

Viruses are fake (0)

Anonymous Coward | more than 11 years ago | (#3627194)

I've never gotten a virus. Virus protection software is like condoms.. only idiots us them.

Re:Viruses are fake (1)

antistuff (233076) | more than 11 years ago | (#3627251)

So true.

Re:More proof (1)

Captain Pooh (177885) | more than 11 years ago | (#3627225)

What the virus does is display a message if a file has a specific date like March 17 and September 17.If it is a ELF binary the message is displayed through console, if PE a windows dialog box. If you click on the link from the post it will tell you.

This is great news! (5, Funny)

Mordant (138460) | more than 11 years ago | (#3627175)

While working to convince many of my friends and colleagues to give Linux a try, one of the most vexing hurdles I've come across is the following:

Me: "Dude, you should really try Linux! It's fast,
it's free, it's really secure - and, best of
all, you get all the source code, so you can
see how it -really- works, and even contribute
your own code, if you want."

Dude: "Is there antivirus software for Linux?"

Me: "Well, no - Linux doesn't have viruses,
per se, so there's no need for antivirus
software!"

Dude: "My bosses won't let us run any boxes
which don't have antivirus software
installed. Let me know when I can buy
antivirus software for Linux."

So, now that we have virii on Linux, we'll soon have antivirus software, and I can show my friends yet another way in which Linux has caught up with Windows!

Re:This is great news! (1)

voxel (70407) | more than 11 years ago | (#3627205)

I know you are just trying to be funny. (Thats a laugh), but in all seriousness, there is a virus detector for many *NIX's, including linux. McAfee makes one of them.

I was suprised when opening v4.x of mcafee zip file I had, and unix virus scanners were there..

Re:This is great news! (4, Interesting)

gmack (197796) | more than 11 years ago | (#3627214)

weve had that for awhile.. so the PHBs could have been happy for months. openantivirus.org for starters and there are plenty more.

Nice to run on Linux mailservers.

Re:This is great news! (3, Informative)

mosch (204) | more than 11 years ago | (#3627245)

There's actually lots of anti-virus software for *nix, though sometimes it's hard to purchase. Typically it's used to scan data that may be passed to non *nix machines, via http, ftp or email.

Re:This is great news! (2)

WildBeast (189336) | more than 11 years ago | (#3627290)

I believe that F-Secure has been making anti-virus products for Linux for a long time now.

Re:This is great news! (1)

archen (447353) | more than 11 years ago | (#3627294)

Free antivirus software:

in /root/.bashrc put

echo "don't run programs unless you absolutely have to using this account"

If you want one you pay for, I'll charge you for it - but you'll have to give me root access first :)

Re:This is great news! (3, Informative)

GoRK (10018) | more than 11 years ago | (#3627299)

F-Prot is available for Linux (non-commercial use is free) and it's very good. I have even seen it detect viruses that were not in its database yet. Updating my DAT files resulted in my ability to disinfect the virus. It detects and can disinfect about everything. I will scan your .prc and .pdb files for PalmOS viruses, even!

Re:This is great news! (3, Informative)

tringstad (168599) | more than 11 years ago | (#3627312)

Trend Micro, who is one of the better Anti Virus vendors, if not the best, IMHO, has been providing Linux anti-virus software for as long as I have been aware of them:

http://www.antivirus.com/download/ [antivirus.com]

Re:This is great news! (1)

nitemayr (309702) | more than 11 years ago | (#3627315)

Symantec makes a Linux based AV scanner too, though it is more of a cook your own virus scanner called Carrier Scan Server. It ships with an API that lets you make your own interface into the scanner. Sadly it is not free as in anything.

Linux get's (4, Funny)

incom (570967) | more than 11 years ago | (#3627176)

more and more windows fucntions everyday. Hopefully this new feature encourages some more switchover to linux.

Not the first (5, Informative)

kill-hup (120930) | more than 11 years ago | (#3627178)

This is not the first cross-platform Win/Linux virus: http://vil.nai.com/vil/content/v_99060.htm [nai.com] .


It is the first to use pretty much the same injection code routines for both, though. The previous virus I referenced had two separate infection routines for PE and ELF files.

Another excuse for AV companies to make money (2)

forged (206127) | more than 11 years ago | (#3627187)

  • So far Symantec has not received any submissions of this virus from customers.

Nonetheless you are encouraged to update your virus definition files to the latest and greatest. And for you who don't have an anti-virus software yet, this was the subliminal message in the announcement that you need to buy one !

*BSD? (1)

ealar dlanvuli (523604) | more than 11 years ago | (#3627189)

Does anyone know if this virus has the ability to target ELF binaries on a bsd platform, or is it safe for some reason?

The synaptic link was rather unhelpful in explaining how it is infecting, and a google search is coming up blank.

Any further info would be appreciated!

Re:*BSD? (1)

Morgoth_Bauglir (261701) | more than 11 years ago | (#3627274)

"The synaptic link was rather unhelpful in explaining how it is infecting, and a google search is coming up blank.
"

Unfortuantely your synaptic links won't work until you learn more about this. So if that's all your relying on, it's a regrettable Catch-22.

Affected... Not Affected (1)

Catskul (323619) | more than 11 years ago | (#3627198)

Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me......
Systems Not Affected: Windows.....

What the hell is that supposed to mean ? Windows != Windows ?

Re:Affected... Not Affected (1)

MrP- (45616) | more than 11 years ago | (#3627206)

maybe they're calling all 16 bit (win3.11, etc) windows just Windows?

Two Sided Sword (5, Funny)

Myuu (529245) | more than 11 years ago | (#3627220)

[root@bigassopendomain /]./virus
"virus" requires the following dependancies
libinfect.so
libcrash.so
please check the path and filenames and try again
[root@bigassopendomain /]

Re:Two Sided Sword (0)

Anonymous Coward | more than 11 years ago | (#3627278)

hahaha that is toooo funny... soo true

x86 Platforms Only? (4, Funny)

Anonymous Coward | more than 11 years ago | (#3627221)

Well, looks like this does not affect those using Linux on PowerPC, Sun, or any of the other platforms supported.

On a lighter note, if this virus were open source it would compile to the other platforms. Someone should post a link to the Sourceforge page, with links to source tarballs as well as Debian and RPM packages.

No one has ever been infected? (1)

qweqwe (104866) | more than 11 years ago | (#3627238)

The line in the document:
> So far Symantec has not received any
> submissions of this virus from customers.

is rather suspicious. If no-one has ever reported this virus, does it mean that Symantec created it?

There's also no information on how it would infect Linux systems. Does it affect user files or does it use buffer overflow to gain root access?

Re:No one has ever been infected? (2)

martissimo (515886) | more than 11 years ago | (#3627273)

is rather suspicious. If no-one has ever reported this virus, does it mean that Symantec created it?


it probably means that the first reports of the virus came from a non-symantec customer, and they just found out about it elsewhere.

So, how the infection... (2, Insightful)

dikappa (581761) | more than 11 years ago | (#3627240)

.. is supposed to spread around?

Infected win executables run on windows, ELF executables run under linux.. I don't think there are that many programs crossing the wall between the two platforms.

But probably i'm forgetting about wine, vmware and dual-boot machines ;P

Norton / Symantec. (0)

Anonymous Coward | more than 11 years ago | (#3627247)

[1] Viruses are an urban myth. It's like the story of alligators in the sewers of New York, everyone knows about them, but no one's ever seen them. [niu.edu]

HAHAHAH (0)

Anonymous Coward | more than 11 years ago | (#3627265)

OMGF OMGFKSAHJGKSJ LINUX DOESNT HAVE VIRUSES AHAHA LNOT ROFL NOT LIKE THAT WINDOWS SHIT HAHAHA

Dolts.

I've been saying it for years. Linux isn't some magical little leprechaun with a pot of gold. Or perhaps it is, and only now Virii writers are after its lucky charms.

We can look forward to even more virii coming out as popularity grows. I seriously hope someone with the knowledge to starts working on a virus checking program.

(Hopefully, not Symantec/etc. We'll know they're interested when we see a flood of virii like never before...)

FPBPFTM (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627276)

I think I've found at least the first posting in a month, if not the physical year of the Penis Bird...

Because no one likes my penis breaking story, I officially give a rebirth to: THE PENIS BIRD

O
( \
8==X==D

Re:FPBPFTM (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3627285)

and not only was it the first penis bird posting, but i fucked up the penis bird!

O
( \
8==X==D

This thing violates the GNU licence! (2, Funny)

Subcarrier (262294) | more than 11 years ago | (#3627283)

So this virus thing links against my GNU code, does it?

Where can I download the source?!?

thats to bad (-1, Flamebait)

VA linux Delisted Tr (582842) | more than 11 years ago | (#3627284)

Windows can handle viruses, but with all of linuxes security holes, this could be the end of the OS all together.

Va Linux will surely collapse now with this new news.

Source? (2)

gorf (182301) | more than 11 years ago | (#3627300)

So far Symantec has not received any submissions of this virus from customers.

From this I infer that the virus was not found in the wild. So where from, exactly? I'm thoroughly confused, this makes no sense.

Well obviously this calls for a... (1)

martinflack (107386) | more than 11 years ago | (#3627303)

Beer Party. We hit the big time. Our own virus!

Affected Systems confusion (1)

artoo (11319) | more than 11 years ago | (#3627310)

"Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, Linux

Systems Not Affected: Windows, Microsoft IIS, Macintosh, Unix"

I guess by Windows they must mean Windows 3.1 or 3.11, since that's the only M$ version I don't see listed. If not, I hope they fix that on the web page or your average user will get confused.

Rabid Speculation (1)

professortomoe (540098) | more than 11 years ago | (#3627314)

Well, heres something a bit interesting to think about. Maybe Norton made the virus. Why, you may ask? It very well may have been made so companies running linux will be fooled into buying their software. Seriously, if people keep migrating from Windows to Linux as it matures, where's Symantec's business gonna be?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>