David Bolt wrote: > That depends on whether you include worms and trojans under the > definition of a virus. If so, there have been Linux viruses in the wild. > I still have a copy of a loader script and the IRC bot[0] that was > installed by it, grabbed from an infected server just over 2 years > ago[1]. > > IIRC, the method of infection for that particular worm was to insert > shell commands[2] into a URL passed to a web server running an > exploitable version of PHP. The commands were executed by a root shell > and was used to download the loader script, set its mode to 744 and then > execute that. The script in question downloaded 2 files, one was the IRC > bot, the other was used to search out and try to infect other web > servers.
Yes, I remember dealing with some similar worms on linux servers - the difference being, if a linux system gets a worm, you install the security upgrade from the vendor, clean up the files left behind by the worm (which will typically be found only in world writable areas), and life goes on, without a reboot, and perhaps a momentary interruption in service while the daemon is reloaded. If a windows web server gets a worm, game over. wipe the box and reinstall. At least that's what my mcse friends tell me. Joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
