On Wed, 28 Mar 2001, David Roberts wrote:
> Have any of you seen this one? It seems it can infect both M$ and Linux
> systems.
From what I've read:
The infector appears to have two implementations, one for Win32/i386, one
for Linux/i386. Both infectors can infect files on both platforms. It does
not work on non-i386 platforms. There is no other payload. The infection
pattern is to scan all files in the current directory, and to ascend into
parent directories. It does not desend into children of parents. It does not
bypass system security restrictions, limiting damage on Linux or WinNT systems
with sensible file permissions.
The thing I am unclear on is whether it has the capability of modifying raw
ext2 filesystems. If not, then the only way it can spread from a Win32 to a
Linux system is via a network mount, or a third-party Win32 ext2 driver.
Anyone else have more info on this?
> Sorry for the BCC's, but I wasn't sure all of you wanted your
> email addresses propagated ...
For which I thank you! I get enough spam as it is... :-)
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
