does virus ELF.OSF.8759 affect debian?

2002-04-10 Thread Narancs v1
Hi there!

I've read a srtange info at
http://www3.ca.com/Virus/Virus.asp?ID=11513

is it true?
can it infect my debian systems? (woody, sid, potato)?
how?

thanks

ELF.OSF.8759
Alias: Linux.Osf.8759
Category: UNIX/Linux
Type: Virus
Wild:
Destructiveness:
Pervasiveness:

CHARACTERISTICS

OSF.8759 is a Linux virus infecting ELF executable programs.

OSF consists of two quite distinct parts: a viral part and a backdoor
part.

The virus checks if its code is executed under the debugger and if so, it
skips the file infection routine altogether. This routine is also avoided
if the infected file is executed from the /proc or /dev directories.
Otherwise, it infects up to 201 files in the current directory as well as
up to 201 files in the /bin directory. The virus avoids infecting the ?ps?
program (and all programs with names ending with the string ?ps?).

Infected files increase their size by 8759 bytes. The virus marks all
infected programs by setting a value of the byte at offset 0x0A to 2.

The backdoor procedure establishes a server listening on port 3049 (or
higher). Depending on the contents of packets received from a client OSF
may present a remote user with an interactive shell or execute commands on
a local system using the syntax: ?/bin/sh ?c command?.

-
Narancs v1
IT Security Administrator
Warning: This is a really short .sig! Vigyazat: ez egy nagyon rovid szig!



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



does virus ELF.OSF.8759 affect debian?

2002-04-10 Thread Narancs v1

Hi there!

I've read a srtange info at
http://www3.ca.com/Virus/Virus.asp?ID=11513

is it true?
can it infect my debian systems? (woody, sid, potato)?
how?

thanks

ELF.OSF.8759
Alias: Linux.Osf.8759
Category: UNIX/Linux
Type: Virus
Wild:
Destructiveness:
Pervasiveness:

CHARACTERISTICS

OSF.8759 is a Linux virus infecting ELF executable programs.

OSF consists of two quite distinct parts: a viral part and a backdoor
part.

The virus checks if its code is executed under the debugger and if so, it
skips the file infection routine altogether. This routine is also avoided
if the infected file is executed from the /proc or /dev directories.
Otherwise, it infects up to 201 files in the current directory as well as
up to 201 files in the /bin directory. The virus avoids infecting the ?ps?
program (and all programs with names ending with the string ?ps?).

Infected files increase their size by 8759 bytes. The virus marks all
infected programs by setting a value of the byte at offset 0x0A to 2.

The backdoor procedure establishes a server listening on port 3049 (or
higher). Depending on the contents of packets received from a client OSF
may present a remote user with an interactive shell or execute commands on
a local system using the syntax: ?/bin/sh ?c command?.

-
Narancs v1
IT Security Administrator
Warning: This is a really short .sig! Vigyazat: ez egy nagyon rovid szig!



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]