| |||||||||||||
Crossplatform virus - the latest proof of conceptCrossplatform virus - the latest proof of conceptPosted Apr 10, 2006 16:44 UTC (Mon) by carcassonne (guest, #31569)Parent article: Crossplatform virus - the latest proof of concept I thought that .exe/.com files cannot run in a etx2/3/resiserfs filesystem. And vice-versa. Do they provide both .exe and ext3 executable in one virus package ? Someone care to explain ?
(Log in to post comments)
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 20:33 UTC (Mon) by malignance (guest, #37047) [Link] >(#179323 by subscriber carcassonne in response to Crossplatform virus ->the latest proof of concept.) > >I thought that .exe/.com files cannot run in a etx2/3/resiserfs >filesystem. > > >And vice-versa. > >Do they provide both .exe and ext3 executable in one virus package ? > >Someone care to explain ? I run a dual boot XP/Debian setup With 1 FAT-32 partition and several ext2 and ext3 partitions, I have a very stripped down windows running on that FAT-32 Partition and I use EXT2-IFS to mount partitions for my home directory and my "Program Files". Programs in windows run much faster on ext2 file systems than on native NTFS or VFAT I wish I could boot from one, though thus far I am unable. The partition type is irrelavant, if the partition can be mounted then the file can be read if you're running something that can run win32 binaries ie. windows, wine. then an infected win32 binary can infect other binaries(in this case in the same folder), If you're running something that that runs ELF binaries ie. Linux, etc. the same story. This seems like it will mostly be a problem for those stealing software on p2p networks, who are running executables in their shared folder.
Crossplatform virus - the latest proof of concept Posted Apr 11, 2006 11:50 UTC (Tue) by carcassonne (guest, #31569) [Link] The partition type is irrelavant, if the partition can be mounted then the file can be read if you're running something that can run win32 binaries ie. windows, wine. then an infected win32 binary can infect other binaries(in this case in the same folder)Maybe I'm too technical or pratical here, or perhaps I think that anti-virus companies can try to make a buck at Linux, but it seems that the propagation vector of such a dual-platform virus is quite restrained. A Linux virus ? OK. A Windows virus ? certainly. But one that does both ? Must be under certain precise conditions such as, you mentioned, running Wine. I don't know about Wine since I'm using VMware since many years, but it looks like running Windows exe files directly in Linux is not a good idea to start with. Better run a virtual machine instead. Some Windows dlls are used in Linux. Like codecs or hardware drivers (Linksys WiFi adapters for instance). These could be infected right at the distributor. Linksys could have infected dlls but that's something quite rare, even today. Companies, especially large, do look after the condition of their binaries. Now, I wouldn't be surprised that an anti-virus company tries to cash on the general ignorance of Linux systems. Why not ? As more and more people move towards Linux, this is a profitable avenue. These people are used to infested and otherwise unstable Windows environments and do not know much about Linux. A perfect combination for an aspiring anti-virus company ! ;-) Hopefully, the mandatory bunch of developers moving to Linux (also coming from Windows) won't facilitate the spread of virii and other worms in Linux systems !
Crossplatform virus - the latest proof of concept Posted Apr 12, 2006 19:33 UTC (Wed) by malignance (guest, #37047) [Link] >Maybe I'm too technical or pratical here, or perhaps I think that>anti-virus companies can try to make a buck at Linux, but it seems that >the propagation vector of such a dual-platform virus is quite restrained. >A Linux virus ? OK. A Windows virus ? certainly. But one that does both ? >Must be under certain precise conditions such as, you mentioned, running >Wine. The propagation vector isn't restrained because of some need for wine. Wine, Windows, and to a more limited extent Linux in general are among ways this can spread(anything that can run those two types binaries). What restricts this particular virus from spreading is the fact that it only infects binaries in the current directory. Making some moron who runs His stolen wares in his "My Shared Files" directory Infect all the binaries in that current directory (running windows or linux). Running a virtual machine helps If you restrict filesystem access. The propagation vector will grow dramatically when the infected binaries can infect binaries in archives and/or in other directories and mounted file systems. With the use of pre-packaged RPM and DEB binaries becoming more prevalent, one sys-admin running some game he stole could potentially infect an entire mirror. >Now, I wouldn't be surprised that an anti-virus company tries to cash on >the general ignorance of Linux systems. Why not ? As more and more people >move towards Linux, this is a profitable avenue. These people are used to >infested and otherwise unstable Windows environments and do not know much >about Linux. A perfect combination for an aspiring anti-virus >company ! ;-) With all that said I think its safe to assume that Microsoft has the biggest profit motive in releasing a cross platform virus. (A pure linux virus I think would have a very limited propagation vector due to the current state of its userbase, and architecture. Today it needs a windows host to spread.)
|
|||||||||||||