A virus or two

Tue Nov 23 00:36:36 UTC 2010

On Sun, Nov 21, 2010 at 8:36 AM, AV3 <arvimide at earthlink.net> wrote:
> On Nov/21/2010 4:0450 AM, Mark wrote:
>>
>> Do you have any idea what you're talking about, because I can't figure it out?
>
> I am quite patient in explaining things to supercilious, snide dummies.

Touche - that came out quite a bit worse than I meant it to, and I
should have re-read at least once more, but I did find your question
obtuse.

> In this very forum several months ago one message reported a new single
> piece of malware capable of infecting both Mac and Windows computers.
> After checking it out, I pointed out that the malware in question was a
> Trojan horse, requiring the victim's password. On reflection, however,
> it seems to me that a Mac user with a Windows partition might acquire
> that malware from a previously infected victim, both of his partitions
> then being liable to infection.
>
That is much clearer, thank you.  I have not been on this forum for
several months yet, so the context escaped me, not having been brought
up recently.

>> Fundamentally, no, a Windows virus cannot infect anything other than a
>> Windows system.
>>
> See above.
>
Then we agree.  "Above" was about a virus, not the same thing as a
Trojan (as you are obviously aware).

>> Trojan horses do not "infect" anything, technically speaking.
>>
> Duh! Trojan horses try to be persuasive. They can include personal
> information to try to get one to act urgently without checking them out.
> They can appeal to an appetite for sex, etc. A sucker is born every
> minute, as your mother should have told you.
>
Again, technically speaking, all babies are suckers....

>> What the heck is a "multi-threat infection" and how and what kind of
>> malware "infect[s] Windows directly from the wild?"  What does that
>> mean?
>>
> A single piece of malware that can infect both Mac and Windows
> computers. Since the Mac X OS is based on Unix, it seems possible to me
> that Linux computers might likewise be vulnerable to such malware, maybe
> even to the single example mentioned above. Of course, malware probably
> does less damage the a Mac than to a Windows computer, but nobody wants
> any such damage at all.
>
The kind of malware that would affect multiple platforms would have to
be based on something less platform specific, say an HTTP or word
processor macro exploit, or something like that, so it is possible,
but I've never heard of it being terribly effective on more than a
single platform (care to guess which one?  :-).

I vaguely remember hearing of a browser exploit a year or two back,
and possibly a W.P. macro Trojan, but not since.

> Since the malware mentioned above was never mentioned in any Mac forum I
> subscribe to, and never again here, my concerns are theoretical. I
> imagine that malware to have a Mac-infecting component and a
> Windows-infecting component in a single package. Can you imagine a
> Linux-infecting component?
>
It would probably be of a similar nature to the Mac component (as you
pointed out, Mac <- UNIX and UNIX =~= Linux).  Still, most Linux/UNIX
attacks are more code exploits that are targeted and specific kernel
weaknesses, which by definition could not attack more than one
platform.

Other than Trojans and rootkits, which are more user and
hardware-level attacks, my answer would be "no."  On most UNIX/Linux
systems, the attacks that succeed are usually the fault of poor system
administration (best example - the infamous Morris worm).  I am quite
pleased to notice that the security exploits I've seen patches for in
Ubuntu are found and identified by contributors, and fixed with
satisfyingly fast responses.