Forgot your password?
typodupeerror

Ambidextrous Linux/Windows Virus 361

Posted by CmdrTaco
from the getting-it-from-both-ends dept.
Lam1969 writes "Kaspersky Labs has reported a new proof-of-concept virus that can infect both Windows and Linux systems. It's called Virus.Linux.Bi.a/Virus.Win32.Bi.a and affects ELF binaries and .exe's from windows. SANS has a brief item on the cross-platform virus as well, but no information about a patch or signature yet."
This discussion has been archived. No new comments can be posted.

Ambidextrous Linux/Windows Virus

Comments Filter:
  • How is it POC? (Score:5, Interesting)

    by liliafan (454080) * on Friday April 07, 2006 @03:07PM (#15086768) Homepage
    I guess it is time for me to double check clamav is still updating without any problems on my systems.

    In 2001, the sadmind/ISS worm exploited a hole in Sun Microsystems Inc.'s Solaris to infect systems running vulnerable versions of the operating system. Infected systems then scanned for and attacked servers running Microsoft Corp.'s IIS Web server software. That same year, another proof-of-concept virus named Winux infected both Windows and Linux systems.


    I am curious about how this is a proof of concept virus if it has been done before surely the concept has already been proven?
    • by JordanL (886154) <jordan.ledoux@[ ]il.com ['gma' in gap]> on Friday April 07, 2006 @03:15PM (#15086842) Homepage
      I am curious about how this is a proof of concept virus if it has been done before surely the concept has already been proven?

      It wasn't slashdotted last time?
    • Re:How is it POC? (Score:5, Informative)

      by EndlessNameless (673105) on Friday April 07, 2006 @03:17PM (#15086864)
      It seems that the reason it's considered a POC at this point is because it has no real payload. All it does is spread, and not nearly as heinously as Blaster/Welchia/Sasser.

      As soon as it gets backdoor or downloader functionality... then it becomes a more serious threat. And really you, me, and the guys at Secunia/SARC/SANS/ISC/etc all know that's where this is headed.

      So yes... in the sense of where this particular piece of malware is headed, this is a proof-of-concept. It's a live test of the progagation mechanism. The payload will be dropped into place soon... probably in the next version since this one looks like it's working fine.
      • Re:How is it POC? (Score:3, Insightful)

        by phorm (591458)
        And really you, me, and the guys at Secunia/SARC/SANS/ISC/etc all know that's where this is headed.

        Hmm, well in my case it would end up likely being blocked a network-level, as my IPtables log it's unusual activity. Of course, I don't run as root most times... so the best it could do is create infection in files writable by my user.

        I suppose it *could* try connecting to outside locations to send email or something of the like... assuming it could find a server to connect to (my webmail address book wou
    • A worm is not a virus. A virus doesn't exploit holes in web servers, it just infects binaries.
      There are challenges in making a virus for both windows and linux, although it is definetely possible:
      A while ago it was the winux [about.com] virus (also a proof of concept)
      Unlike a worm though, a virus would have a hard time to spread in a linux environment, as it is
      highly unlikely that enterprize linux users have write access to any kind of binaries... There is however
      a dangerous situation i can think of: a system running w
      • Re:How is it POC? (Score:3, Insightful)

        by Phillup (317168)
        There is however
        a dangerous situation i can think of: a system running windows that has access to linux system binaries through
        samba or nfs ...


        If you create a share to one of your binary directories (/usr/bin/) then you deserve what you get.

        Especially if you do it in a way that compromises the fact that only root can write to those files...
  • by Syberghost (10557) <.moc.tsohgrebys. .ta. .tsohgrebys.> on Friday April 07, 2006 @03:08PM (#15086776) Homepage
    ...BSD just coughed up water and started breathing again.
  • by JavaLord (680960) on Friday April 07, 2006 @03:09PM (#15086779) Journal
    100 bi jokes to follow
  • Not to worry (Score:2, Interesting)

    by shaitand (626655)
    Windows users are prepared for viruses and the reason Linux users do not sweat them much is not because linux viruses do not exist; it is because system design makes their impact minimal.
    • by GrumblyStuff (870046) on Friday April 07, 2006 @03:13PM (#15086831)
      Windows users are prepared for viruses...

      What bizarro Earth are you from?
    • Re:Not to worry (Score:5, Informative)

      by Rosco P. Coltrane (209368) on Friday April 07, 2006 @03:18PM (#15086880)
      Windows users are prepared for viruses and the reason Linux users do not sweat them much is not because linux viruses do not exist; it is because system design makes their impact minimal.

      Actually, you're quite wrong. Linux flaws have existed and are still found today that can be (and have been) taken advantage of. The reason Linux users don't sweat is because flaws are spotted quickly by many people who read the code, and fixed quickly too. That and people who code open-source tend to produce good code, as a matter of pride.

      Oh and by the way, Windows has a "safe"(well, safer) operating mode in the form of a user account, but nobody uses it because it's a PITA, so everybody stays in supervisor mode and bad things happen.
      • Re:Not to worry (Score:3, Informative)

        by sbrown123 (229895)
        Oh and by the way, Windows has a "safe"(well, safer) operating mode in the form of a user account, but nobody uses it because it's a PITA, so everybody stays in supervisor mode and bad things happen.

        Actually most people run with the version of Windows that came installed on their computer. And these accounts are, from the best of my knowledge, always Admin.
        • Re:Not to worry (Score:4, Insightful)

          by Creepy (93888) on Friday April 07, 2006 @03:57PM (#15087242) Journal
          Yeah, but even people that know about the "normal" user accounts quickly discover that almost all software written for windows doesn't handle non-admin accounts well. Ever try to install a program just in user space on Windows? If it works at all, you're lucky, and that isn't even scratching the surface of the problems. Got a network password? You can't just switch users to admin (like Linux) or use a sudo password (like Mac) - no, you need to log completely off of your user, then log on as the admin user, install the program, and log off as admin, then log back in as your regular user. Do you have any idea what a MASSIVE pain in the ass that is, especially when I have 20-30 windows open (many are Exceed based X sessions) and am trying to get work done? After 2 months of that and multiple programs that plain wouldn't work if they weren't running as an admin user, I switched back to running exclusively as an admin on Windows.
          • Re:Not to worry (Score:2, Informative)

            by LightCecil (792100)
            I do it all the time in windows. this is an XP-only solution, but meta-l-s or logout/switch user leaves your windows untouched to open an admin account. And if that's too much work, there's a 'Run As' box that (on my system) automatically appears when something that requires admin powers to install is run. Not to mention you can also do something like I do, install it in a folder with it's ACL set to child inheritance and rwx for your user account, which doesn't even require admin power to install in.

            So it'
          • Re:Not to worry (Score:3, Informative)

            by Reo Strong (661900)
            Evern heard about the runas [microsoft.com] command? It is also known as Secondary Logon [microsoft.com].

            Remember, just because you don't know how to use it, it doesn't mean that the tool isn't there for you to use.

            • Re:Not to worry (Score:4, Interesting)

              by andreyw (798182) on Friday April 07, 2006 @04:46PM (#15087683) Homepage
              The problem isn't that it isn't there. The problem is that you need to do something to make use of it. On OS X, if there is some task that needs admin access, I get prompted accordingly. With windows, such functionality is only available in certain control panel applets.
      • Re:Not to worry (Score:3, Informative)

        by shaitand (626655)
        "Actually, you're quite wrong. Linux flaws have existed and are still found today that can be (and have been) taken advantage of."

        Actually that is pretty much in line with what I have said and does not make me wrong at all.

        The system design and development model has led to two things, a shortage of privilage escalation flaws (flaws isn't good enough, they have to allow a user account to gain root under conditions the virus can create) and a short lifespan of any such flaws that exist.

        Open source development
      • The lack of market share makes a big difference too. Ignoring the (generally true) presumption that most virus writers aren't going to target an OS whose users are by far in the minority, there's also this to consider (shamelessly plaguarised from some guy's journal I read. Wait, that was my journal. Just wait until I get my hands on myself.

        Here's a question. Suppose you have a biological virus that can only live inside of hosts that are human, male, that have blue eyes and black hair, and that are over 6

      • "The reason Linux users don't sweat is because flaws are spotted quickly by many people who read the code, and fixed quickly too."

        It leads me to assume as though you are implying that "Linux users" as a whole also UPDATE patched software compared to Windows users which I have a hard time believing personally. I am NOT implying however that Linux users are worse at maintaining updates than Windows users...It would be interesting to know a factual study since many Linux distros as well as Windows provide a
      • Oh and by the way, Windows has a "safe"(well, safer) operating mode in the form of a user account, but nobody uses it because it's a PITA, so everybody stays in supervisor mode and bad things happen.

        Except for those of us who spent years on Unix boxes and thought that setting up user accounts was the natural way to configure WinXP...

      • Oh and by the way, Windows has a "safe"(well, safer) operating mode in the form of a user account, but nobody uses it because it's a PITA, so everybody stays in supervisor mode and bad things happen.

        It's not just that it's a PITA, it's that by the time you configured system security to the point where your apps would work in the user context, you've created enough holes to where it doesn't matter any more.

        Anyway, I haven't been infected by a virus in ages, yet I run as Administrator at all times -

      • by PhYrE2k2 (806396) on Friday April 07, 2006 @05:09PM (#15087858)
        Windows users are prepared for viruses and the reason Linux users do not sweat them much is not because linux viruses do not exist; it is because system design makes their impact minimal.


        There are lots of reasons why it's harder to infect 'NIX systems.

        1. Since on many LiNuX distros, the single source of binaries is usually the distributions' package system, it is usually very easy to detect anything out of the ordinary. The trusted channel is a GOOD thing in these cases.

        2. Add in a tool like AIDE (or Tripwire) and you can immediately see everything that is off with your system.

        3. How about Linux (and most UNIX) not allowing ctime changes to anything but the current time? The ctime (often said as creation time, but wrongly so- it's the CHANGE time) on any update will always be the current time. The _only_ way around this is to change the system time before you modify files

        4. Priv seperation is a big thing. Daemons aren't run as root (or if they do, they drop privs right away). There is no svchost.exe running your services at NT_AUTHORITY or SYSTEM like there is in Windows. Then of course there's no need to run your Web browser as a user with any rights at all. IE7/Vista will fix this of course. Personally I like making, even FireFox, setuid to some untrusted user with no access to files

        5. Embedding scripting in every tool isn't as popular in the UNIX worlds, as the core tools work so well. There's no need for office software to have scripting capabilities to change all the files on teh system. There's no need for it!

        Actually, you're quite wrong. Linux flaws have existed

        So do cars, toasters, appliances, and pretty much every item. Welcome to the age where quality means nothing.

        The reason Linux users don't sweat is because flaws are spotted quickly by many people who read the code, and fixed quickly too. That and people who code open-source tend to produce good code, as a matter of pride.

        They produce good code because they do it for themselves. Most open-source developers are developing for themselves. Every project starts up as "this IMAP server doesn't suit my needs. I'll make a better one". Of course the people who do that are normally the technically able. People make projects for themselves because there's a need that hasn't been met or they're unhappy how it's being met by someone else. Otherwise there's lots of people wasting their time. DJB was unhappy with sendmail/BIND and made alternates. BincIMAP, COurier, and Dovecat folks make them because the others and UW-IMAP didn't do what they want. Patches are submitted to fix something that's affecting them, may affect them, or to add an enhancement they want. Time is money, and people ultimately want to contribute their time for their own benefit somewhere down the road.

        Oh and by the way, Windows has a "safe"(well, safer) operating mode in the form of a user account, but nobody uses it because it's a PITA

        Even then, you'd be surprised what you can accomplish to destroy the system. Keep in mind, if you're running a SINGLE USER system as a user in order to add security, you're protecting your LEAST valuable asset. I can blow away a system and install Windows/Office/Adobe and all the tools I need in a few hours and have it configured perfectly. I'm sure most people here can. Now replacing the data would take years! Replacing the productivity lost to viruses/spyware/virii can't be measured. Assessing the impact of leaked administrator and bank passwords could be huge!

        -M
    • Wrong and right. (Score:3, Insightful)

      by khasim (1285)

      Windows users are prepared for viruses...

      Sure they are.

      ...and the reason Linux users do not sweat them much is not because linux viruses do not exist; it is because system design makes their impact minimal.

      Pretty much.

      Remember, it isn't about whether a virus exists for a specific platform or not.

      It's whether you'll be infected or not.

      And that is based upon the infection rate vs the removal rate. A virus that cannot spread faster than it is being removed will die.

      Microsoft made a number of bad decisions

      • Microsoft made a number of bad decisions (security-wise) in pursuit of "user friendly" systems.

        To be fair, most Unixish system developers made a number of poor decisions usage-wise in pursuit of "secure" systems.

        OS X seems to be the closest to blending the worlds, although it has some interesting foibles all its own. I look forward to the next ten years, because I think everyone is starting to get it all the way around. Uncharacteristically, I'm pretty damn optimistic.
    • Re:Not to worry (Score:2, Informative)

      by halcyon1234 (834388)
      Windows users are prepared for viruses and the reason Linux users do not sweat them much is not because linux viruses do not exist; it is because system design makes their impact minimal.

      Yes and no. It isn't so much that Linux is a more secure operating system (an argument I won't touch with a 1010 foot pole). It is more that Linux is a more diverse operating system.

      If I run Windows XP (perish the thought), and 1000 other people run Windows XP, we are all running the same operating system. Except for

    • Re:Not to worry (Score:5, Insightful)

      by RzUpAnmsCwrds (262647) on Friday April 07, 2006 @03:41PM (#15087104)
      it is because system design makes their impact minimal

      Deleting everything in my home directory is anything but minimal.

      Potentially exploting local privilage elevation exploits to get root is anything but minimal.

      Infecting software after it has been compiled is anything but minimal.

      Using social engineering to get root is anything but minimal. How many users do you know who would enter their superuser password to "get free screensavers"? Too many.

      Pretending that you're protected by design to the problem indicates that you don't understand how viruses really work. Guess what? You can run as a non-root user in Windows, too. But you can still do a ton of damage as a normal user. Spam relays and DDOs botnets don't need root access, just the ability to send data over the network. How about modifying your GNOME or KDE menu to point to a fake terminal entry or fake admin tools? How do you know that the "gnome-terminal-emulator" you're now typing your password into (through sudo) isn't actually stealing it?

      This is the real world. Attackers are smart, they are motivated by profit (because of the spambot racket), and they have plenty of time to find the next buffer overrun.
      • Deleting everything in my home directory is anything but minimal

        Here we have the single user versus multi-user idea. On a multiuser system the virus can only delete things that are owned by the same user or group as it is running as. *nix is a multiuser system even if only one person uses it, since various programs run as virtual users such as nobody, lp and various others. Unless you are tricked into running it yourself or it somehow gets root via privilage elevation through major flaws it can't do a lo

      • Re:Not to worry (Score:3, Insightful)

        by mrsbrisby (60242)
        Deleting everything in my home directory is anything but minimal.

        Compared to deleting your entire system?

        Nevertheless, why do you run at a privilege level that can delete everything in your home directory? Is it so you can delete _a_ file that you make it possible to delete _any_ file?

        This isn't necessary; I regularly run applications with split privilege levels. My "main" account and my "run" account are in the same group. If I need to edit a file, my vi-wrapper gives group-write permissions to the file I'
    • Linux users also don't open attachments in messages like: "Helo User! I find this new update for you! I hope you like!!! Plese OPEN OPEN PLEASE"
  • Whatever (Score:5, Insightful)

    by AKAImBatman (238306) * <akaimbatman@[ ]il.com ['gma' in gap]> on Friday April 07, 2006 @03:09PM (#15086785) Homepage Journal
    "For those thinking their "pet" computer is invulnerable to the virus threat -- it's not," SANS said.

    Cue ominous thunder. (rolls eyes)

    All this means is that data communications and storage has reached a point in time where no one (in theory) is going to notice that infected files get 3 or 4 megs chunkier. The virus writers still have to find vectors into these systems. If they can't find convenient vectors, then the ability to produce a fat binary is useless.

    What is this need that security researchers have to claim that all systems are equally vulnerable? Are they worried they're going to be out of a job if everyone moves to more secure computing platforms? I mean, really. They should be encouraging mass migrations to other systems, as it diversifies the playing field and theoretically helps everyone remain safer. But I guess that's not their bread and butter.
  • which architectures? (Score:4, Interesting)

    by jon787 (512497) on Friday April 07, 2006 @03:09PM (#15086788) Homepage Journal
    The article says the worm was written in assembly and I assume it means x86 assembly. Can the worm infect non-x86 Linux hosts?
    • by molarmass192 (608071) on Friday April 07, 2006 @03:34PM (#15087031) Homepage Journal
      I think you answered your own question in a way, if the host has x86 emulation, then why wouldn't it be able to? That said, it's a long way from a POC to a real live virus. I can write a virus today and claim a POC, nobody has ever said that Linux is immune to viruses. Viruses aren't that complicated. That said, an effective (ie. turn it lose and watch it spread) virus would be very difficult to achieve on Linux precisely because there isn't just one flavor of Linux, running the same binaries, on a single arch ... unlike another well known OS.
      • nobody has ever said that Linux is immune to viruses.
        Well... people kinda do make that claim, all the time. They claim it about the Mac, too.
        • Having had a Javascript based 'virus' run on Safari, I can tell you that it certainly isn't virus proof. It's just a little different :)

          Of course, it's reasonably easy to turn off js - not like ActiveX or something.

          -WS
      • > nobody has ever said that Linux is immune to viruses.

        Nobody said immune, many people say "practically immune" and they are right..

        > That said, an effective (ie. turn it lose and watch it spread) virus would be very difficult to achieve on Linux

        practically impossible you might say ...

        > because there isn't just one flavor of Linux,

        no, simply because linux users don't browse the internet logged in as root...

         
  • by da (93780) on Friday April 07, 2006 @03:10PM (#15086794)
    ... linux is ready for the desktop? [ducks]
  • Let's just go back to a.out...
  • 'It's important for enterprises to be aware of such issues and implement anti-virus tools for protecting non-Windows operating systems if they haven't done so already,' Ullrich said.

    Sorry, I got my hands too tied up with the Ambidextrous virus to be implementing any tools right now!
  • How does it work? (Score:2, Interesting)

    by Nazo-San (926029)
    I'm kind of curious how it works. You can't just take, say, C++ and simply write the exact same code and it will work in both Windows and Linux. Some of the basics like cout do, but, once you start getting a little more complicated and try to modify files, then it gets tricky. I'm guessing we aren't talking about a Java type thing (supposedly Java has securities in place, though I've never directly tested them -- I do know that it can delete or modify a file though.) They mentioned ELF and Win32 executa
    • “In it, one amazingly powerful virus was able to wipe out almost all major operating systems with the exception of the single one”

      So, let's try guessing what the single one is... OpenBSD? :-)

      Virus Writer 1: Hmm, let's see... first we have to crack the unbreakable encryption on the root password...

      Virus Writer 2: No, you idiot! You can't do that until you've found a security vulnerability in the operating system itself!

      1: Well, there is the guy running the machine in the first place...

      2: Y

    • The linux version comes with WINE ;-)

      When it says 'linux and windows', it will no doubt mean linux-x86, which means that java type code isn't required, as the processor instructions are the same (it's apparently written in assembly code). System calls would have to be done differently, as would inserting the code into an elf/exe file to infect it. One way I guess would be to have different entry points into the code, the linux/windows machines would start running at a different point within the code, but wh
    • Re:How does it work? (Score:3, Interesting)

      by alexhs (877055)
      I will give two possibilities :
      1. "universal binary" : compile code for each platform you want to infect. That one might even work on other architectures

      Code needs :
      a. an algorithm to know which OS/Arch an executable is for (and needs to know if a file is an executable in the first place)
      b. an algorithm to link the appropriate code part.

      You have an Win/x86 trojan. He checks for files and finds an PowerPC/Linux ELF. He adds itself to the end of the file, finds a jump in the original code, reroutes it to the
    • I'm kind of curious how it works. You can't just take, say, C++ and simply write the exact same code and it will work in both Windows and Linux. Some of the basics like cout do, but, once you start getting a little more complicated and try to modify files, then it gets tricky.

      If you stay within POSIX it'll work. Now, there's a lot you can't do, but for just opening and modifying files you should be fine.

      My guess is it's basically two separate pieces of code though. The advantage of doing this over separa

    • Could anyone who knows more programming than I do (which, btw, isn't so hard so feel free to hop in here) give me just an idea of how this is even possible?

      Sure. The code is compiled such that the code and data both link into the same segment. That segment can then be exported to a flat binary file. This file (the meat of the virus code) is then inserted into an EXE and an ELF executable. These two variants execute on their respective platforms. When the virus attempts to infect a new file, it detects wh

  • I, for one (Score:5, Funny)

    by sprag (38460) on Friday April 07, 2006 @03:16PM (#15086851)
    welcome our new cross-platform proof-of-concept viral overlords.

    Its almost like playing buzzword bingo.
  • Reactions: (Score:5, Insightful)

    by Guppy06 (410832) on Friday April 07, 2006 @03:18PM (#15086872)
    1. Linux and Win32? W00t, my WfW3.11 box is invincible!
    2. So... why can't application developers do this?
    • 1. Linux and Win32? W00t, my WfW3.11 box is invincible!

      Except to the insults on slashdot!

      2. So... why can't application developers do this?

      What, make their software infect all the your exe and elf files on your system? I can see it pissing a lot of people off, which is probably why they don't do it.

      3. Profit!

  • Limited to ASM? (Score:3, Insightful)

    by neoshroom (324937) on Friday April 07, 2006 @03:18PM (#15086876)
    "Writing a cross-platform worm is difficult because it limits you to functions that are available on both operating systems," Ullrich said. "You have to also code the virus in assembly to make it work without relying on any OS-specific function," he said.

    This isn't actually quite true, it is merely one way of doing so. You could easily write a virus that uses tons of API and platform specific stuff, but contains a generic detection mechanism at the beginning of its execution and then forks between two pieces of code. One portion contains code specific to Windows and another code specific to Linux. Apart from the generic platform discovery code upon execution it would be like any other platform specific virus. I'm actually surprized this is the first, at least publicized, detection of such a virus.

    __
    Write My Essay [elephantessays.com]
    • Re:Limited to ASM? (Score:5, Informative)

      by x2A (858210) on Friday April 07, 2006 @03:57PM (#15087239)
      It's not the first, I recall one before. And you don't even need detection code, you just write a different entry point address into the elf header as you would the exe header. You can have two different payloads, and two different copy mechanisms, as long as both copy both, not just themselves. In fact, there's no reason to stick to just 2. You can have a single virus that spreads across platforms/architectures, it just makes it bigger and easier to spot.

    • What about the linking
  • by Eric Damron (553630) on Friday April 07, 2006 @03:20PM (#15086892)
    Well it's about time! Finally inter-platform operability.
  • "Writing a cross-platform worm is difficult because it limits you to functions that are available on both operating systems," Ullrich said. "You have to also code the virus in assembly to make it work without relying on any OS-specific function," he said.

    Why?

    Doesn't it seem plausible that it could just have one copy of itself for each executable type, and then whichever one actually executes knows how to insert the other(s) if needed? Then it's not really a single virus, but more of a set of symbiotic
  • Symantec (Score:5, Interesting)

    by rmsmith (930507) on Friday April 07, 2006 @03:28PM (#15086976)
    I find it interesting that this 'virus' appears shortly after Symantec reportedly gets cushy with the Linux press [newsforge.com]
  • "For those thinking their "pet" computer is invulnerable to the virus threat -- it's not," SANS said.

    Nooooo! not my AIBO. I knew I should have left off that email and news fetch hack.

    What a bunch of BS. How exactly are they supposed to get this assembly code kludge to my machine? Are they going to try to barf zlib? As the article also pointed out, these things have been around since year 2000. In those six years there has been a big fat nothing done with them.

    No, don't give me that "popularity" bul

  • by mogrify (828588) on Friday April 07, 2006 @03:43PM (#15087109) Homepage
    I'm just recompiling my kernel without support for ELF binaries. Just a quick reboot, and I'
  • My PET? (Score:3, Funny)

    by dbc (135354) on Friday April 07, 2006 @03:45PM (#15087132)
    "For those thinking their "pet" computer is invulnerable to the virus threat -- it's not," SANS said.

    Woah, not my Commodore PET [old-computers.com] (Personal Electronic Transactor)? Nooooo..... I *love* that chicklet keyboard. And the awesome monochrome graphics. They have the playing card suits built in as *characters*, mind you. You can 1000 PRINT them in the built in BASIC!

    Let me tell you, though, it was a bitch getting an entire TCP/IP stack working in the 4K of RAM and still have room for a web browser. And don't even get me started on how hard it was to get 100BaseT working over the exapasion port.

    Guess it's finally time to retire the old PET.

  • How About a Story? (Score:3, Insightful)

    by Einstein_101 (966708) on Friday April 07, 2006 @03:52PM (#15087198)
    Here's a quick anecdote for you:

    About a week ago, for various reasons, I decided to format my laptop and put Windows XP Professional on there. I previously had Slackware Linux 10.2 installed, but since my desktop has been dual-booting for a while, I figured I might as well get my money's worth and put Windows on the laptop (Linux also doesn't support the SD card reader, but that's another story). The installation went nicely, and I continued to do the tedious tasks that you do after a format. (validate windows, download patches, install drivers and apps, etc...) I installed a second user account for administrative uses and named it "Root".

    I logged into my "Root" account, and installed Chessmaster 9000. When I logged back into my regular user account, the game wouldn't start. After a while, it dawned on me that Chessmaster installs the bulk of the data in your My Documents folder. So I uninstalled it, then tried to install it under my user's account. Now, if you're trying to install a program, and you're not the Administrator, a simple dialog will pop up and prompt you the password. However when the install finished, the program wouldn't start. Since I installed as Administrator (I had no choice), I the data was stored in the Administrator's My Documents folder. I tried to link to it - I even tried to install as Administrator, and put a link to his folder (and changing permissions) in the default folder so all users would use it.

    Nothing worked properly. I ended up having to change my user account back to Administrator privileges, install the program, then change it back. And this is just for Chessmaster. Other programs are even worse. Doom 3, FarCry, and Call of Duty all install their data in the Program Files folder. So in order to play the game without being root, you have to change the permissions on the saved games folder.

    The point of the story is this: Linux doesn't have the problems that Windows has, because it's more secure by design - not by luck. A significant amount of programs are designed for the user to have Administrator access, and assume that you will always run with such permissions. Windows didn't switch the masses to the NT design until XP, which was released 4th Quarter 2001. As a result, you have generations of programs that assume they can read/write whatever and wherever they want - leaving a mess for the end user to sort out. In the end, they'll just say to hell with it and run as Administrator.

    (And that's not even addressing the masses that bought OEM pc's that run XP Home with Administrator priviledes by defaut)
  • ... will it infect an ebuild?
  • by WhiteWolf666 (145211) <.sherwin. .at. .amiran.us.> on Friday April 07, 2006 @04:08PM (#15087331) Homepage Journal
    How do you get this "virus"? You have to run infected code, right?

    Meh. Sounds like a non-issue to me. Especially considering the rarity of cross-platform Win32/Linux binaries.

    Just how does this badboy get on to my system in the first place?

    People need to understand that any system that permits a user to run unsigned executable code is susceptible to some kind of "malware", if you can call it that. I place these "viruses" in the same category of rm -r -f / wrapped into a shell script.
  • This is another one of those articles where they say the same 5 things 20 times in one page using different words.

  • Dioscription [viruslist.com]
    urrently there is no description available for this program.

    I look at Kapersky [kaspersky.com] and all Linux ones have the same information: NONE.

    So how real is this? Will it be used mainly for FUD?
  • by Liam Slider (908600) on Friday April 07, 2006 @04:41PM (#15087628)
    Yet another proof of concept Linux virus that will never actually get out of the lab...oh wait, it's also a Windows virus. I guess it will get out of the lab...
  • by rossz (67331) <ogre.geekbiker@net> on Friday April 07, 2006 @05:04PM (#15087806) Homepage Journal

    To Infect your Linux box with Virus.Linux.Bi.a, please follow these instructions.

    1. If gcc is not installed, install it.
    2. Unpack the archive: tar xvzf Virus.Linux.Bi.a.tar.gz
    3. Switch to the directory: cd Virus.Linux.Bi.a
    4. ./configure
    5. make
    6. su root
    7. make install

    Enjoy

  • by Ungrounded Lightning (62228) on Friday April 07, 2006 @09:17PM (#15089074) Journal
    I'm not sure from TFA exactly what concept this thing is "proving".

    But one I've been waiting for is a dual-boot virus or worm.

    When you're running windows, for instance, your unix filesystems are all there to be twiddled with, if the malware knows how. Unix' protection mechanisms would be useless because they're not what's running. So the virus could infect the unix partition and do all sorts of nasties later when you boot Linux. (The virus infection head or payload could include enough filesystem code to twiddle the linux files even if the windows system doesn't know how - all it needs is access to the raw bits, which good 'ol windows will be happy to grant.)

    It could also work the other way, of course, with a linux virus or worm infecting things on the Windows partition. But given the relative vulnerabilities I expect most will work the other way.

    Point is, a dual-boot system is only as secure as the weaker OS.

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Working...