Looking At The New Linux Trojan 263
Da Schmiz writes: "Security firm Qualys discovered a new Linux trojan on Saturday ... details can be found on their website.. Vnunet picked up the story earlier today, and then followed up with more details. They're comparing the potential impact to Code Red or worse, since more servers run Linux / Apache than NT / IIS. I don't think it's that bad, since the infection can be easily detected, but it certainly isn't good." Update: 09/08 11:58 AM GMT by H : Of course, as Kurt Siefried pointed out in e-mail: "The trojan has nothing to do with Apache. The virus attaches itself to an
executable, which you must run to infect other binaries (i.e. you must run
this as root). This means that infection vectors include, but are not
limited to email attachments, but you must of course save the binary, then
set it executable, and then run it, as root, to do any real damage.
Alternatively you must download binary software and run it (again as root to
do any real damage). In other words someone must run binaries of unknown
origin as root, and if this is common practice then you have larger policy
and education problems to deal with." So - comparing it to Code Red is a bit dubious.
This will be interesting.. (Score:2, Insightful)
Cute kittens (Score:3, Insightful)
bout frigging time (Score:0, Insightful)
Re:It's an email virus! (Score:2, Insightful)
The same is true in operating systems. Just because it is easy doesn't make it good.
These journalists must be desperate for attention. (Score:5, Insightful)
As virii go, this is pretty pathetic, and prompts one to question the competence of anyone who thinks it is significant. The email-vector mechanism can't even take advantage of address books, since Unix mail clients are so far from standardized.
It's a Virus not a Worm. (Score:3, Insightful)
Why on earth do people think that this code can infect machines remotely over the Internet ? Does it say so anywhere in the article ?? No !!
From the article:
The so-called Remote Shell Trojan spreads through email as well as replicating itself across the infected system.
It's simply a trojan that you will have to get in mail or on a floppy and execute YOURSELF.
Then it will infect other executables on your system, but in no case will it be able to infect any other systems without human assistance (i.e. executing a binary on that computer).
Whoever thought this is even remotely as scary as Code-Red is in need of some serious medication.
Re:Don't worry, this is no Linux Code Red (Score:1, Insightful)
Am I the only one that thinks the phases "Windows" and "no risk" should not be refering to each other?
We trust our severs with linux, but not our email. We'd rather use a product known to get hit by the Virus-of-the Week(TM)!
Consipiracy theory ... NOT (Score:2, Insightful)
Who ever wrote this article is just plain silly!
Impact on Linux (Score:4, Insightful)
If the popular media picks up a story that "LINUX USERS FACE DEADLY TROJAN (film at 11)", it will help create a perception of vulnerability, and its a small step to go to "and since Linux is freely distributed, who knows what can lurk in that copy you download..." While techies familar with Linux will have a reasonable grasp of the true threat and how to overcome it, what about the deciosn makers who are deciding what to implement at their companies? The ones that set budgets and decide what IT will implement (and IT may not have much of a say in the decision) will remmebr "Linux - oh yeh, that's the system that got hit with that DEADLY TROJAN."
Re:Trojan 101 (Score:2, Insightful)
I know a lot of Linux users who always use the root account.
Non-issue (Score:2, Insightful)
This is no more an issue than the is the "threat" of linux-based viruses. C'mon. Only a complete IDIOT would would "infect" his system with this sort of virus/trojan.
Linux COULD be affected by a virus IF root ran a virus-infected app or if one of the linux office suites develops a hole-laden macro system ala Word - IF that macro was run as root.
This is no threat or problem to any linux system except those few morons who do everything as root and would actually download and run an unknown application off the net as root.
This is a sham. This is FUD. This is either an M$-supported FUD or an attempt by some bozo to get web hits and, as another poster mentioned, harvest email address. Hello spam!
Re:Technical detail: (Score:2, Insightful)
I bet that if crackers do start scanning Linux boxes for this trojan, ports like 7777-7778 (UT) and 27015-27106 (QIII) will be primary targets.
Re:Technical detail: (Score:3, Insightful)
Except if it's a home machine with no personal/financial information on it, is connected to a cable line that can't do any damage sending data up its 128K upstream, and is running a few rudimentary firewall, you don't have much to worry about. Some people take their security WAY too seriously.