Source: NewsForge Have you heard the "news"? There's a new virus that attacks both Linux and Windows machines. Thus, once and for all, there is an end to the notion that Linux is somehow immune to the viral infections that plague the Windows world. Or at least so one anti-virus software vendor would have the world believe. Of course, there are a few caveats behind the headlines. One minor thing is that the alleged virus -- called Virus.Linux.Bi.a -- being trumpeted far and wide by Kaspersky Lab is not really a virus, but rather "proof of concept" code, designed to show that such a virus could be written. A second caveat is that for it to work on Linux, a user has to download the program and then execute it, and even then, it can only "infect" files in the same directory the program is in. Exactly how the program gets write permissions even in that directory is not explained. And finally, it's not a virus at all. It can't replicate itself, which is one thing that makes a piece of malware a virus. According to Wikipedia, as stated in the first sentence of the entry for "computer virus," a virus is "a self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents." The entry goes on to explain why computer viruses have been given that name, saying, "A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an 'infection,' and the infected file (or executable code that is not part of a file) is called a 'host.'" So the biggest question I had after reading the story in several different places, none of which provided any data beyond the blind repetition of the scare headline, was, "Why in the world are they calling this a virus, when one of the few facts they provide conclusively proves that it's not?" Kaspersky Lab has not yet responded to my query about this. Much smarter folks than I have pointed out that only idiots believe Linux is totally immune from such things. I agree with them. We can never safely assume that Linux is as secure as it can be. But when a Microsoft partner creates a tsunami of headlines with a story about a phony, fabricated "virus," which admittedly is not contagious, and which requires the user to execute it in order for it to do anything at all, I don't call it a virus. I call it BS.
From the 'details' ive read (and can remember) its: Written in assembler, it can be cross platform It can infect files, but only ones in the same directory as executed windows + Linux, its just a POC its not meant to be full-featured! I belive thats the same with all viruses, unless the have features than make them worms (Hybrids!). Is it real? well, i dont know.... why dont we wait and see if the POC appearz on the internet! even if this 'virus' is a fake, it will most likely inspire someone to attempt to create one! [ot] I can accross this news a few days ago while using stumbler, so i have no :swear: idear what page/s i read it on! [/ot]
I'm not sure if a buffer overflow technique could be used to run arbitrary code without the user actually executing the file.
Not unless the overflow was something to do with the file name, icon etc And viruses need the user to execute them (at least once anyway, infect startup items etc). if this was a worm, you wouldnt need to download the file! A cross platform worm would need to be able to exploit a vulnerability in both windows and Linux! A cross platform virus only needs to be able to deal with the filesystems of the target operating systems!
Linux / Unix is not immune to viruses per se, but is highly resistent to unfriendly/unwanted software by design. This is the primary reason there are no Linux viruses in the wild. For perspective, a virus on Windows must be executed, be it by manual execution or by exploit of a system vulnerability, and it will have the ability to infect the entire host. On a Linux rig, the virus must also be executed in a similar manner. The main difference lies in the fact that users are not allowed to write outside of their home directory. In fact, on well-configured systems users are not even allowed to execute binaries in their home directories at all. This coupled with the fact that the vast majority of software on a modern Linux system is handled directly by the system's package manager means that it is tough just to put the user in a position to execute the binary. Furthermore, the other conventions such as the NX-bit (implemented in the Linux kernel) and SEL schemas make it even tougher ...and we haven't even talked about adding an anti-virus yet, many of which are freely available. Basically, in terms of virus-friendliness think of Windows as a boat with a smooth hull and barnacles as computer virii. Barnacles stick to the hull because the smooth surface is an ideal place for them to attach themselves, and the hull was not designed to repel them. The only way to be rid of the barnacles (viruses) is to get down and scrape them all off. Sometimes, parts of the hull come of with the barnacles... whoops. Following this metaphor, think of Linux/Unix as a large fish covered in scales. The barnacles find the rough surface of the fish unfriendly to their habits, and so leave the fish untouched. It's not that the fish (Linux) is immune to barnicles (viruses), it's just resistent by design.
Magnetic Mines would have been alot more fun notice how some tanks have loads of ridges all over them? Thats to make it harder for the mine to stick to the armour!
The story is half true, for the virus to do :swear: all on windows you need to run as root and patch the kernal There is next to no detail in the article i found (other than a lnk to the source code ) but here it is! : http://www.chipzilla.com/?article=31092
