does virus ELF.OSF.8759 affect debian?
Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? thanks ELF.OSF.8759 Alias: Linux.Osf.8759 Category: UNIX/Linux Type: Virus Wild: Destructiveness: Pervasiveness: CHARACTERISTICS OSF.8759 is a Linux virus infecting ELF executable programs. OSF consists of two quite distinct parts: a viral part and a backdoor part. The virus checks if its code is executed under the debugger and if so, it skips the file infection routine altogether. This routine is also avoided if the infected file is executed from the /proc or /dev directories. Otherwise, it infects up to 201 files in the current directory as well as up to 201 files in the /bin directory. The virus avoids infecting the ?ps? program (and all programs with names ending with the string ?ps?). Infected files increase their size by 8759 bytes. The virus marks all infected programs by setting a value of the byte at offset 0x0A to 2. The backdoor procedure establishes a server listening on port 3049 (or higher). Depending on the contents of packets received from a client OSF may present a remote user with an interactive shell or execute commands on a local system using the syntax: ?/bin/sh ?c command?. - Narancs v1 IT Security Administrator Warning: This is a really short .sig! Vigyazat: ez egy nagyon rovid szig! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
does virus ELF.OSF.8759 affect debian?
Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? thanks ELF.OSF.8759 Alias: Linux.Osf.8759 Category: UNIX/Linux Type: Virus Wild: Destructiveness: Pervasiveness: CHARACTERISTICS OSF.8759 is a Linux virus infecting ELF executable programs. OSF consists of two quite distinct parts: a viral part and a backdoor part. The virus checks if its code is executed under the debugger and if so, it skips the file infection routine altogether. This routine is also avoided if the infected file is executed from the /proc or /dev directories. Otherwise, it infects up to 201 files in the current directory as well as up to 201 files in the /bin directory. The virus avoids infecting the ?ps? program (and all programs with names ending with the string ?ps?). Infected files increase their size by 8759 bytes. The virus marks all infected programs by setting a value of the byte at offset 0x0A to 2. The backdoor procedure establishes a server listening on port 3049 (or higher). Depending on the contents of packets received from a client OSF may present a remote user with an interactive shell or execute commands on a local system using the syntax: ?/bin/sh ?c command?. - Narancs v1 IT Security Administrator Warning: This is a really short .sig! Vigyazat: ez egy nagyon rovid szig! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]