regularly scheduled paranoia. Was: Re: Anti Virus

foodog plug-discuss@lists.plug.phoenix.az.us
Thu, 07 Mar 2002 09:52:40 -0700


"der.hans" wrote:
...
> Haven't used it as viruses are completely irrelevant to me ( other than the
> bandwitdth they use ), but:
> 
... snip <lots of av info>
> der.hans
> --
> #  http://home.pages.de/~lufthans/   http://www.DevelopOnline.com/
> # We now return you to your regularly scheduled paranoia...

I think the days of not worrying about virus scanning on Linux are
numbered.  In the early days pirates were largely responsible for
viruses spreading under DOS.  Eventually viruses started to "get lucky"
and make it into official software releases.  

I think script kiddies are the best vector for widespread Linux
infections.  Their own machines will get infected, then they'll pass the
infection on as they root other boxes.  

There's a thread on Vuln-dev this week about a possibly fake Apache
1.3.22 exploit that infects all elf binaries and opens a port on UDP
3049.  To clarify, the Apache exploit is the possibly fake part, the elf
infector appears to be legit.

A clean and an infected grep were posted, in case anyone wants to get a
jump start on being the McAfee of the Linux world.  I don't think it'll
be long before someone with more coding talent decides it'd be cool to
add stealth.  If that had happened, the current thread would just be
disappointed kiddiez complaining that their new 'sploit didn't work as
advertised.

Steve