Crossplatform virus - the latest proof of concept
Posted Apr 12, 2006 19:33 UTC (Wed) by malignance
In reply to: Crossplatform virus - the latest proof of concept
Parent article: Crossplatform virus - the latest proof of concept
>Maybe I'm too technical or pratical here, or perhaps I think that
>anti-virus companies can try to make a buck at Linux, but it seems that
>the propagation vector of such a dual-platform virus is quite restrained.
>A Linux virus ? OK. A Windows virus ? certainly. But one that does both ?
>Must be under certain precise conditions such as, you mentioned, running
The propagation vector isn't restrained because of some need for wine.
Wine, Windows, and to a more limited extent Linux in general are
among ways this can spread(anything that can run those two types
binaries). What restricts this particular virus from spreading is the fact
that it only infects binaries in the current directory. Making some moron
who runs His stolen wares in his "My Shared Files" directory Infect all
the binaries in that current directory (running windows or linux).
Running a virtual machine helps If you restrict filesystem access.
The propagation vector will grow dramatically when the infected binaries
can infect binaries in archives and/or in other directories and mounted
file systems. With the use of pre-packaged RPM and DEB binaries becoming
more prevalent, one sys-admin running some game he stole could potentially
infect an entire mirror.
>Now, I wouldn't be surprised that an anti-virus company tries to cash on
>the general ignorance of Linux systems. Why not ? As more and more people
>move towards Linux, this is a profitable avenue. These people are used to
>infested and otherwise unstable Windows environments and do not know much
>about Linux. A perfect combination for an aspiring anti-virus
>company ! ;-)
With all that said I think its safe to assume that Microsoft has the
biggest profit motive in releasing a cross platform virus. (A pure linux
virus I think would have a very limited propagation vector due to the
current state of its userbase, and architecture. Today it needs a windows
host to spread.)
to post comments)