A virus or two

Gilles Gravier ggravier at fsfe.org
Sun Nov 21 08:57:02 UTC 2010 

Hi Arnold!

On 20/11/2010 17:00, AV3 wrote:
> On Nov/20/2010 8:0923 AM, Gilles Gravier wrote:
>> dOUG,
>>
>> On 19/11/2010 19:56, Doug Robinson wrote:
>>> Hello
>>>      While browsing at the local electronic toy store the topic of
>>> Linux arose. The man claimed that his linux system has had two viruses
>>> find their way into his system in the last year.
>>>
>>>      I have not heard much about nor experienced any such attacks on any of
>>> my linux systems .
>>>
>>>      What is the current state of the virus problem on the generic linux
>>> system and should I become concerned enough to actually do something?
>>>
>>> Thank you for your time.
>>>
>>> dkr
>> Short answer is yes. :)
>>
>> 1) There are viruses for Linux.
>> 2) They are hard to write. They require extensive knowledge of existing
>> bugs (unlike Windows viruses which tend to simply exploit design mistakes).
>> 3) In *MOST* cases they only infect users' files... not system. But
>> that's not a SYSTEMATIC rule. Some will manage to get administrative writes.
>> 4) For Linux, you find viruses, worms, rootkits, malicious scripts...
>> ALL OF THEM.
>>
>> But... in terms of numbers... there are MUCH MUCH more viruses on
>> Windows. In general, a Linux machine doesn't really need an antivirus.
>> It's not IMPOSSIBLE to get a virus. But it's VERY UNLIKELY. (Unlike for
>> Windows where it is VERY LIKELY).
>>
>> The guy was probably trying to sell you a Windows system... with a
>> valid, but unlikely scenario.
>>
>
> Could you be more specific about how one might get infected, please. I 
> am under the impression, that it is so far only possible by responding 
> to a Trojan horse with your password. Recently, a bug that could infect 
> both Mac and Windows systems appeared, but still only by Trojan horse. 
> This means that infection of a Windows partition on a Mac could also 
> bring infection to the Mac partition. I suppose that this might also 
> apply to a Linux partition. My fear is that this principle of 
> multi-threat infection could be applied to malware that can infect 
> Windows directly from the wild.

A virus can find an open port of a software with a vulnerability and
exploit it directly... without human intervention.

Depending on how your virus is written, it could be multi platform (AJAX
scripts, for example)... Or it could have a multi platform load (shell
script which works on Mac and Linux, and COMMAND.COM batch language for
windows) and then launch specific binaries.

I'm not here to give a lesson on how to write viruses. :)

Gilles.

More information about the ubuntu-users mailing list