-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Tuesday 2007-08-07 at 14:31 -0400, Michael Letourneau wrote:
> Yes true, not typically what is thought of executing though, and not
> really what my point was. My point was that everyone was talking about
> having to have the file be "executable" and executed in order to get
> infected. That is not true. If you actually have to execute it, thats a
> trojan, not really a virus.
Well, even if you get, say, a usb disk containing a program contaminated
by a virus, or an email containing a virus, they are harmless till
executed. Till that moment they are just data, bytes.
A typical non boot sector virus, non macro virus, is a piece of code added
somewhere to a executable file (program). When the program is executed the
virus is also loaded (it is part of the program) and may try to infect or
copy itself to system memory (independent of the "vector" program) and
other programs too, in order to propagate. For instance, typically it
would try to infect programs on removable media, watching the floppy drive
for a victim.
Now, a user would have to get that infected program in some way (usb disk,
email, whatever) and execute it. A typical "well made" virus will use some
method to autoexecute. The infection vector may be a trojan, like a cute
screen blanker or Christmas card, but after that it behaves like a virus
jumping from one executable to another.
This process is more difficult in Linux. First, native linux email clients
do not execute attachments by default: they need manual intervention by
the user (they would act as a trojan). Some windows clients would execute
them without user intervention (thus, acting as a virus).
And Linux users don't usually carry executables on their removable
media, AFAIK.
Then the virus would have a harder time trying to contaminate other
executables, except those of the user "running" the virus.
> But again, in either of those cases not being root does not necessarily
> prevent your machine from being infected and/or the possible results
> thereof. Everyone remembers Melissa,
> http://www.cert.org/advisories/CA-1999-04.html, if that were designed for
> a Linux system, not being root would not stop/prevent it at all.
Ha!
] Our analysis of this macro virus indicates that human action (in the
] form of a user opening an infected Word document) is required for this
] virus to propagate.
Virus or Trojan? Or social engineering? :-p
All is not black and white...
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFGubxbtTMYHG2NR9URAlFkAKCQfioXqLJJp9pD4fbo/NZ/ihNzPACeLZv3
sDpjPBmCqQHk6K0NOCciE3A=
=zFA/
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
