On 2005-11-19, Chad Smith <[EMAIL PROTECTED]> wrote: > http://www.vnunet.com/vnunet/news/2143697/grisoft-warns-linux-virus > > Grisoft predicts Linux virus plague
Kind of reminds me of the dire warnings regarding the Y2K debacle. Somebody smells a gravy train hyping up a potential threat. If exploit threat were truly proportional to market share, as this article seems to suggest, shouldn't we see substantially more exploits for e.g. the open source Apache web server (over 70% market share) than we do for Microsoft IIS (less than 25% market share)? In fact we see the opposite, with IIS having many times more exploits than Apache. > Listed from www.f-secure.com/v-descs/l.shtml<http://www.f-secure.com/v-desc= > s/l.shtml> > > --> Linux virus (Linux/Bliss) > --> Linux.Devnull > --> Linux.Ramen (Ramen) > --> Linux.Slapper-A (Slapper) > --> Linux.Slapper-Worm (Slapper) > --> Linux/Adore (Adore) > > --> Linux/Bliss > --> Linux/Kork (Kork) > --> Linux/Lion (Lion) > --> Linux/Ramen (Ramen) > --> Linux/Staog Did you look at the descriptions for these? Linux/Bliss: Found in the wild in February 1997 [...] Bliss does contain potentionally harmful code, but it is unclear if this is executed or not. Linux.Devnull: This worm was found on Monday the 30th of September 2002. Linux/Adore: Adore is a worm, that spreads in Linux systems using four diffrent, known vulnerabilities already used by Ramen and Lion worms. These vulnerabilities concern BIND named, wu-ftpd, rpc.statd and lpd services. [...] All four vulnerabilities have been already fixed by different Linux vendors. Linux/Kork: Kork is a worm that uses the known vulnerability in lpd service to propagate from a vulnerable Linux system to another. [...] It attempts to download a trojanized login and the main part of the trojan from a web site. Since April 26th, 2001, neither of these files are available, so the worm cannot replicate any further. [...] The vulnerability in the lpd daemon is known and already fixed. Linux/Lion: Lion is a Linux worm that uses transaction signatures buffer overflow (also known as TSIG) vulnerabilitiy in BIND named server to spread itself. This vulnerability exists in BIND versions 8.2.0-8.2.3(beta). [...] Lion downloads its the main part from a web server located in China. This web server was closed at March 24th, 2001, effectively stopping the worm. Linux/Ramen: Ramen is an Internet worm, which propagates from a Linux based server to another. [...] Ramen affects systems running a default installations of Red Hat Linux 6.2 and 7.0. Linux/Staog: Found in the fall of 1996, Staog is the first known Linux virus. So, once we eliminate the duplicates from your list, we have a total of seven linux viruses, the most recent of which is over three years old; the oldest nine years old. Seven viruses in nine years. Compared to what? Over 70,000 in Windows, with more appearing every day. None of these are considered to be a significant threat anymore. Several, as the pedants among us will doubtless point out, are worms, not viruses, and exploit services that end users are unlikely to be running. > http://news.com.com/New+worm+targets+Linux+systems/2100-7349_3-5938475.html > > New worm targets Linux systems Despite the title of the article, this worm does not target linux systems, but the Apache web server. If you don't run Apache, there is no risk. And the problem has already been fixed. > A Google search for Antivirus Linux returns 14 million results The only use for antivirus software on linux is for linux servers that serve mail or files to Windows clients; that is what these 14 million results refer to. -- John ([EMAIL PROTECTED]) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
