regularly scheduled paranoia. Was: Re: Anti Virus
foodog
plug-discuss@lists.plug.phoenix.az.us
Thu, 07 Mar 2002 15:07:04 -0700
Nancy Sollars wrote:
>
> I still think this will only affect the unwarey and stupid.
Yup, just like it's always been.
> most people even before d/l tars check for the signiture signed file..
I'll bet I'd really *like* it on your planet ;-)
Perhaps my impression of The Average Computer User has been tainted.
Steve
>
> Nige
>
> ----- Original Message -----
> From: "foodog" <foodog@uswest.net>
> To: <plug-discuss@lists.plug.phoenix.az.us>
> Sent: Thursday, March 07, 2002 9:52 AM
> Subject: regularly scheduled paranoia. Was: Re: Anti Virus
>
> > "der.hans" wrote:
> > ...
> > > Haven't used it as viruses are completely irrelevant to me ( other than
> the
> > > bandwitdth they use ), but:
> > >
> > ... snip <lots of av info>
> > > der.hans
> > > --
> > > # http://home.pages.de/~lufthans/ http://www.DevelopOnline.com/
> > > # We now return you to your regularly scheduled paranoia...
> >
> > I think the days of not worrying about virus scanning on Linux are
> > numbered. In the early days pirates were largely responsible for
> > viruses spreading under DOS. Eventually viruses started to "get lucky"
> > and make it into official software releases.
> >
> > I think script kiddies are the best vector for widespread Linux
> > infections. Their own machines will get infected, then they'll pass the
> > infection on as they root other boxes.
> >
> > There's a thread on Vuln-dev this week about a possibly fake Apache
> > 1.3.22 exploit that infects all elf binaries and opens a port on UDP
> > 3049. To clarify, the Apache exploit is the possibly fake part, the elf
> > infector appears to be legit.
> >
> > A clean and an infected grep were posted, in case anyone wants to get a
> > jump start on being the McAfee of the Linux world. I don't think it'll
> > be long before someone with more coding talent decides it'd be cool to
> > add stealth. If that had happened, the current thread would just be
> > disappointed kiddiez complaining that their new 'sploit didn't work as
> > advertised.
> >
> > Steve