Fascinating - information Linux users should know.

Story: Comment of the Day - October 12, 2005 Linux Viruses ExistTotal Replies: 5
Author Content

Oct 12, 2005
11:23 AM EDT
Fascinating - information Linux users should know:

This is tangible, empirical information.

WOW. The links to the Linux viruses provided by phsolide are fascinating reading. I remember coming across one of those links now but it was long ago. But for anyone who thinks that they are absolutely bullet proof, read the material on the links.


Oct 12, 2005
12:11 PM EDT
Linux viruses/worms always existed nothing new. http://news.bbc.co.uk/1/hi/sci/tech/1123827.stm

But only Red Hat 6 & 7 saw the last outbreaks. And we never witnessed anything similar after that.

What may happen in future though are poli-platform viruses exploiting multi-OS plugins such as JVM or Flash.


Oct 12, 2005
12:56 PM EDT
Mesmeric: That's a link we should have in the body.


Oct 12, 2005
8:27 PM EDT
I am afraid I just don't see the fascination here. Read what Mesmeric said:"Linux viruses/worms always existed nothing new." Plug in UNIX instead of Linux. Same story.

Notice how there have NOT been anywhere near the same level of outbreaks for Solaris or AIX as for Windows? In spite of the billions of dollars of servers out there; really juicy high end machines with vital company data on them? Articles go back 20 years on why it is harder to pull the same tricks in the *nix world.

Do yourself a favor and follow the previously mentioned link to


and get a feel for why all these doom and gloom predictions of any *nix getting taken over are such bunk.

Poorly maintained sites of any system flavor will get slammed periodically, but it will take a Windows installation to get slammed while fully 'up to date'.

Oct 12, 2005
8:30 PM EDT
tbogart: Sorry, I forget this is text land. You didn't see the tongue firmly planted in the side of my cheek.


Oct 13, 2005
9:07 AM EDT
The "santy" worm may qualify as your "poly-platform worm". Written in Perl, it ran on Windows, Linux and Solaris at least. Looking in my home web server's access log, I did "xprobes" on the IP addresses, and Ofir Akin's xprobe identified at least that many different OSes.

The exploit amounted to a semantic version of a buffer overflow in a PHP bulletin board.

But to return to MESMERIC's point, yes, Unix worms predate almost all MS-DOS viruses, much less WIndows worms. I think this is another sterling example of the path that software takes through the market. Lots of stuff (Worms, viruses, web servers, web clients, PPP, DNS, TCP/IP, email) gets developed on some fringe platform, BSD Unix or TOPS-20, or NeXT (the original HTTP server and client ran on NeXTStep).

The Windows code monkeys grab it, mess it up, and the unwashed masses think that Bill Gates invented The Internet. Same with worms. The first real TCP-based worm, the November 1988 "Morris" worm was multi-platform (M68K-SunOS and VAX-BSD), a "blended" threat according to today's "AV" jargon (it exploited at least 2 vulnerabilities, plus the BSD r-suite, plus guessing passwords), and it did "topological searching" via /etc/hosts entries, or those Berkeley r-commands' .rhosts files.

That constitutes a level of sophistication not seen again until the Nimda worm came out.

But it's like that all over. MIT's X windowing system has a degree of network transparency not seen even now in Windows. The good stuff always starts out under something other than Windows or MS-DOS, and then Microsoft (or their henchmen) appropriate some twisted, low-rent version of it for their own.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!