VectorLinux
October 24, 2014, 12:58:27 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: How to write a Linux virus in 5 easy steps  (Read 1524 times)
hata_ph
Packager
Vectorian
****
Posts: 3258


-- Just being myself --


« on: February 15, 2009, 03:07:56 am »

Interesting article about linux vulnerability....

http://www.geekzone.co.nz/foobar/6229

the follow up......

http://www.geekzone.co.nz/foobar/6236
Logged
Windozer
Vectorite
***
Posts: 386


Have Vector Linux, Will Travel.


« Reply #1 on: February 15, 2009, 10:24:26 am »

Quote
[From hata_ph's first link above, my emphasis: [step 4 of 5] Attach this [trojan/virus-infected] file to an email, which prompts the recipient to save and open the attachment. As explained, once it has been saved it will just appear as 'some_text.odt' on the user's desktop. And with the icon we have chosen in the launcher description it will look quite harmless.

Send this email out to as many email addresses as you can get a hold of.

Voila! A Linux virus in 5 simple steps. Every user that saves and opens the attachment you have sent them will get themselves infected with the malware script of your choice, which is then also restarted whenever the user logs in again.

That was easy, wasn't it?

Solutions for the problem

The easiest solution to prevent this kind of problem is to not just blindly click on attachments that people have sent you. [...]


Seem's like the "ease" of getting this kind of virus on a system depends on the user being asleep.   Is creating a linux-based virus that doesn't need user interaction much more difficult? If I recall correctly, we've talked about virus infections on *nix before here, but not from this perspective specifically.

- H
Logged

483,617th Registered Linux Snoozer
lagagnon
Global Moderator
Vectorian
*****
Posts: 1922



WWW
« Reply #2 on: February 15, 2009, 07:47:46 pm »

Windaze: if the Linux user is running the system as a user and not as "root" then the root filesystem cannot be infected. The virus might do something to the users /home filesystem but cannot infect / .

Logged

"As people become more intelligent they care less for preachers and more for teachers". Robert G. Ingersoll
bigpaws
Vectorian
****
Posts: 1856


« Reply #3 on: February 15, 2009, 08:07:22 pm »

The proof of concept for this malware would infect the users space including
all personal settings ... where is your mail stored ~/home/who/.thunderbird for
example.

To escalate this program sudo can be used to achieve root somewhat easily.

The article description was off, imho it should have been somewhere around the
lines of exploit the auto features in KDE and gnome, maybe why not is having all
these convenient services really good?

Since Linux is following the Windows crowd request of automount and other such
things then these attacks will grow since writing one is trivial and the Windows crowd
and perhaps others will be complacent.

Those that would put forward that Linux users are more prudent than to just click on
that link since Linux is invincible. Linux just like almost any other system can be
successfully exploited. It's just that some are harder to attack than others.

Bigpaws
Logged
stretchedthin
Administrator
Vectorian
*****
Posts: 3780


WWW
« Reply #4 on: February 15, 2009, 11:47:37 pm »

quote from the mentioned article...
Quote
Interestingly, the Thunar file manager under xfce (Xubuntu 8.10) is doing something that Gnome's and KDE's file managers are not doing: It will flag the desktop launcher file as potential malware and thus prevent execution via a simple click. This works whether the attachment was saved from within Thunderbird or from within a web-based email system, such as Yahoo Mail

Hats off to the developers of Thunar.
Logged

Vectorlinux screencasts and  tutorials can be found at....
http://www.opensourcebistro.com/blog1
http://www.youtube.com/user/vid4ken?feature=mhee
Triarius Fidelis
Vecteloper
Vectorian
****
Posts: 2399


Domine, exaudi vocem meam


WWW
« Reply #5 on: February 15, 2009, 11:53:30 pm »

Windaze: if the Linux user is running the system as a user and not as "root" then the root filesystem cannot be infected. The virus might do something to the users /home filesystem but cannot infect / .



That's where all the important, unique things are

Easy to recover LaTeX

Not so easy to recover one's master's thesis source

Whether h4x0rz would try to exploit that depends heavily on their aims
Logged

"Leatherface, you BITCH! Ho Chi Minh, hah hah hah!"

Formerly known as "Epic Fail Guy" and "Döden" in recent months
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!