bascule wrote: >i find it odd that the only info out there is either symantec's own woefully >inadequate description - is it two versions of the same thing (ouch!), how >does running a PE infect an elf? and vice versa, how does it arrive in the >first place - every other mention of this is a link back to the symantec >paragraph, if it wasn't for the location of this snippet i'd be thinking >'hoax', also, symantec reported as of may31 that no customer had reported >this to them, so how do they know it's out there, maybe this is a lab >experiment that can't exist outside of the lab due to real world conditions, > >i have a feeling that there is egg somewhere, but will it be on my face? :-) > >bascule > >On Sunday 02 Jun 2002 7:41 am, you wrote: > >>All, >> >> Take it as you will apparently Symantic is reporting a virus that >>effects both windows and Linux. >> >> http://www.symantec.com/avcenter/venc/data/linux.simile.html >> >>Information on this page. Any Ideas on how to prevent/check for this >>thing now while it's not dangerous would be helpful to us all. >> >>James >> > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > I don't care WHAT files it can infect, it can infect them only in the write-access space of the user.... Hmmm, well I suppose you would be vulnerable if you ran as root, but the Standards say that ELF's go in /bin /usr /opt and /usr/local -- Last I looked the standard permissions was that root had write access there and no one else.
Sounds like a wonderful update of bliss, and just as interesting an academic curiosity. Now if someone wrote a virus that waited quietly as a masquerading process in memory until someone did a "make" and intruded its source into the pipeline, and kept it small enough to probably escape notice, I'd be impressed. It is possible to write millions of viruses for linux. Getting ONE of them to propagate in a properly-run system is an entirely different matter. Symantec should not feel too bad, though; Lycoris might be vulnerable for real, and MacAfee once claimed to have discovered Bliss. So an A for marketing dept effort is in order, and a D- for tech. Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
