a breakdown and testlab on the Linux/Windows proof of concept virus

[Senectus .]

Interesting results..
Shows that to get this thing working you _really_ need to hold your
tongue right :-)

http://os.newsforge.com/article.pl?sid=06/04/17/1752213

Our first test was run on an AMD64 box with a fresh install/update of
Ubuntu Dapper Flight 5 386 with the 2.16.15-20-386 kernel, with the
WINE and GHex -- a binary viewer/editor -- packages also installed.
After unzipping the viral package (clt.zip) into an empty directory,
we tested CLT.EXE by executing it under WINE in a subdirectory
containing only a small executable and linkable format (ELF) file,
called hello, written in assembler, that we created for the test. We
ran CLT.EXE, and a small window popped up saying that the "dropper" --
as the code calls itself -- had executed successfully.

When we examined the hello ELF file with GHex, however, it showed no
signs of contagion -- not even the lines of text which were supposedly
installed in lieu of the virus itself when run on Linux.



--
www.modmeup.net
Ubuntu Breezy 5.10
The less you know, the more you believe. - Bono