| |||||||||||||
Crossplatform virus - the latest proof of conceptCrossplatform virus - the latest proof of conceptPosted Apr 11, 2006 11:50 UTC (Tue) by carcassonne (guest, #31569)In reply to: Crossplatform virus - the latest proof of concept by malignance Parent article: Crossplatform virus - the latest proof of concept The partition type is irrelavant, if the partition can be mounted then the file can be read if you're running something that can run win32 binaries ie. windows, wine. then an infected win32 binary can infect other binaries(in this case in the same folder) Maybe I'm too technical or pratical here, or perhaps I think that anti-virus companies can try to make a buck at Linux, but it seems that the propagation vector of such a dual-platform virus is quite restrained. A Linux virus ? OK. A Windows virus ? certainly. But one that does both ? Must be under certain precise conditions such as, you mentioned, running Wine. I don't know about Wine since I'm using VMware since many years, but it looks like running Windows exe files directly in Linux is not a good idea to start with. Better run a virtual machine instead. Some Windows dlls are used in Linux. Like codecs or hardware drivers (Linksys WiFi adapters for instance). These could be infected right at the distributor. Linksys could have infected dlls but that's something quite rare, even today. Companies, especially large, do look after the condition of their binaries. Now, I wouldn't be surprised that an anti-virus company tries to cash on the general ignorance of Linux systems. Why not ? As more and more people move towards Linux, this is a profitable avenue. These people are used to infested and otherwise unstable Windows environments and do not know much about Linux. A perfect combination for an aspiring anti-virus company ! ;-) Hopefully, the mandatory bunch of developers moving to Linux (also coming from Windows) won't facilitate the spread of virii and other worms in Linux systems !
(Log in to post comments)
Crossplatform virus - the latest proof of concept Posted Apr 12, 2006 19:33 UTC (Wed) by malignance (guest, #37047) [Link] >Maybe I'm too technical or pratical here, or perhaps I think that>anti-virus companies can try to make a buck at Linux, but it seems that >the propagation vector of such a dual-platform virus is quite restrained. >A Linux virus ? OK. A Windows virus ? certainly. But one that does both ? >Must be under certain precise conditions such as, you mentioned, running >Wine. The propagation vector isn't restrained because of some need for wine. Wine, Windows, and to a more limited extent Linux in general are among ways this can spread(anything that can run those two types binaries). What restricts this particular virus from spreading is the fact that it only infects binaries in the current directory. Making some moron who runs His stolen wares in his "My Shared Files" directory Infect all the binaries in that current directory (running windows or linux). Running a virtual machine helps If you restrict filesystem access. The propagation vector will grow dramatically when the infected binaries can infect binaries in archives and/or in other directories and mounted file systems. With the use of pre-packaged RPM and DEB binaries becoming more prevalent, one sys-admin running some game he stole could potentially infect an entire mirror. >Now, I wouldn't be surprised that an anti-virus company tries to cash on >the general ignorance of Linux systems. Why not ? As more and more people >move towards Linux, this is a profitable avenue. These people are used to >infested and otherwise unstable Windows environments and do not know much >about Linux. A perfect combination for an aspiring anti-virus >company ! ;-) With all that said I think its safe to assume that Microsoft has the biggest profit motive in releasing a cross platform virus. (A pure linux virus I think would have a very limited propagation vector due to the current state of its userbase, and architecture. Today it needs a windows host to spread.)
|
|||||||||||||