I still think this will only affect the unwarey and stupid. most people even before d/l tars check for the signiture signed file.. Nige ----- Original Message ----- From: "foodog" To: Sent: Thursday, March 07, 2002 9:52 AM Subject: regularly scheduled paranoia. Was: Re: Anti Virus > "der.hans" wrote: > ... > > Haven't used it as viruses are completely irrelevant to me ( other than the > > bandwitdth they use ), but: > > > ... snip > > der.hans > > -- > > # http://home.pages.de/~lufthans/ http://www.DevelopOnline.com/ > > # We now return you to your regularly scheduled paranoia... > > I think the days of not worrying about virus scanning on Linux are > numbered. In the early days pirates were largely responsible for > viruses spreading under DOS. Eventually viruses started to "get lucky" > and make it into official software releases. > > I think script kiddies are the best vector for widespread Linux > infections. Their own machines will get infected, then they'll pass the > infection on as they root other boxes. > > There's a thread on Vuln-dev this week about a possibly fake Apache > 1.3.22 exploit that infects all elf binaries and opens a port on UDP > 3049. To clarify, the Apache exploit is the possibly fake part, the elf > infector appears to be legit. > > A clean and an infected grep were posted, in case anyone wants to get a > jump start on being the McAfee of the Linux world. I don't think it'll > be long before someone with more coding talent decides it'd be cool to > add stealth. If that had happened, the current thread would just be > disappointed kiddiez complaining that their new 'sploit didn't work as > advertised. > > Steve > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >