This doesn't work
|
| Author | Content |
|---|---|
| aronzak Feb 19, 2009 6:19 AM EDT |
Nice thought, but it wouldn't work in real life. http://aronzak.wordpress.com/2009/02/18/linux-malware/ |
| dinotrac Feb 19, 2009 7:21 AM EDT |
aronzak - You are a little too certain in your conclusions, but... One of the biggest psychological holes in the Windows world is the way that Windows hides file extensions from the user, but uses them in handling files. virus.jpg.exe will be displayed as virus.jpg in Windows land. Why not click on it? |
| Sander_Marechal Feb 19, 2009 7:41 AM EDT |
From the article (I don't know if you wrote that aronzak):Quoting:What does scare me, and should you, is the alarming ease with which someone with physical access to almost any machine can get full access to it. Well, duh. Even if the grub trick would not be possible this holds true. Take out the hard drive, put it in another machine and mount it from another OS. Then overwrite the passwd file. Any machine to which you have physical access can be broken. Only encryption helps. All the other access methods do not matter since you can always take out the drive anyway. |
| aronzak Feb 19, 2009 7:54 AM EDT |
"Even if the grub trick would not be possible this holds true" Yes of course, but many people are blissfully ignorant of the grub one. They give access to their computer to other people, thinking that it's 'safe' since they only have user privs. I was surprised when I heard about this one, given the ease to which it can be done. |
| Sander_Marechal Feb 19, 2009 9:12 AM EDT |
If you have physical access to a readable drive then you can do anything. The only options are to prevent physical access or make the drive unreadable (encryption). The only thing that can be said for the grub method is that it could also work if you have a remote serial console. But I presume that people smart enough to setup and use old fashioned serial consoles are also smart enough to put a password on the boot loader :-) |
| phsolide Feb 19, 2009 9:48 AM EDT |
Why did this article raise such a stink? Absolutely nothing in it has any novelty. In 1984, Fred Cohen wrote his first (?) virus fo r Unix: http://vx.netlux.org/lib/afc01.html#p5 In 1988, Usenix published the source code for two sh-script viruses: http://plan9.bell-labs.com/who/dmr/tdvirus.pdf http://www.cs.dartmouth.edu/~doug/v101.ps.gz That's correct, *source code* for two viruses, both of which would probably work today, with very minor debugging. There's even a "HOW-TO" write a virus: http://virus.bartolich.at/virus-writing-HOWTO/_html/index.ht... Now, an article that enumerates reasons *why* Unix/Linux have never supported viruses, that would be interesting, and a topic that the "malware" industry has studiously ignored. |
| theboomboomcars Feb 19, 2009 10:13 AM EDT |
The main thing that got me is that when I download a file I want to execute I have to change the file permissions to allow it to execute. So it seems that his malware loader wont work because unless I explicitly tell it that it can execute the file won't execute. |
| ColonelPanik Feb 19, 2009 12:07 PM EDT |
Should we Panik? |
| tuxchick Feb 19, 2009 2:14 PM EDT |
Did anyone actually read this article? It's the sorriest collection of recycled FUD I've seen in a long time:Quoting: It isn't that Windows is technically inferior, it's that the majority of the world runs on Windows. This fact alone is very attractive for any virus coder or exploiter. As a virus writer, you'd want to attack the majority, not the minority... Gack. What a confused collection of wrong. Windows gets infected more because it's dead easy, which should be obvious even to the "open source means more vulnerable" crowd. But of course facts are inconveniences to the Windows apologists. Windows gets infected because it is easy to exploit, and because the entire Microsoft software stack is designed with one overriding purpose: lockin. Performance and security are tiny afterthoughts. Blaming the user is the #1 talking point from the MS FUDbook, and it is a big fat lie. Windows gets infected even when the user does everything they're supposed to. Linux and free Unixes like FreeBSD have equivalent or greater market share than Windows in nearly every market segment except the desktop, which means that popularity and open source should be a double whammy, and the entire infrastructure of the Internet, Google, Amazon, Facebook, the top 500 supercomputers, and so on should be massive wriggling infestations. It is truly amazing how the myths in this article persist despite years of abundant evidence to the contrary. |
| techiem2 Feb 19, 2009 2:52 PM EDT |
I thought the same thing TC.
Especially
Quoting:It isn't that Windows is technically inferior, it's that the majority of the world runs on Windows.which just made me laugh and realize right off that thea article was clueless. |
| DarrenR114 Feb 19, 2009 3:06 PM EDT |
Quoting:Well, duh. Even if the grub trick would not be possible this holds true. Take out the hard drive, put it in another machine and mount it from another OS. Then overwrite the passwd file. Any machine to which you have physical access can be broken. Only encryption helps. All the other access methods do not matter since you can always take out the drive anyway.You don't even have to go that far - just stick in a LiveCD of most any distro (Puppy Linux will fit on a small CD) and reboot. Of course this only works if you can boot from the CD without a BIOS password. Otherwise, you'll still have to crack open the case and reset the BIOS. That Linux stuff is just so insecure. (Truecrypt anyone? http://www.truecrypt.org/ ) |
| techiem2 Feb 19, 2009 3:17 PM EDT |
Ok, here's a nice sudo-virus for ya (if you can get the user to run it). chattr -R +iu /home Would be amusing to see the practical effect that would have.... |
| ColonelPanik Feb 19, 2009 4:18 PM EDT |
Damn you techiem2. I am posting this from the public library because.... |
| Scott_Ruecker Feb 19, 2009 4:20 PM EDT |
I was wondering when someone was gonna call it what it is Carla, I read it, that's why I put the editor note I did in the lead.. ;-) |
| theboomboomcars Feb 19, 2009 4:28 PM EDT |
Yeah the tomshardware article was just FUD but the linked to article seems to be pretty good. At first I thought it was just bogus, but using the sample code he provided did create a launcher that would try to run but I didn't have a valid url to download a file from, so I don't know. Though it did not create a new file in the .local folder. The article of the original article does bring up some valid concerns, though the article in the newswire is FUD. |
| bigg Feb 19, 2009 4:48 PM EDT |
I don't know that it is 'valid'. For instance, from step 3:
Quoting:Now create a desktop launcher file for the installer of the malware, which is different than the launcher we use to restart the malware after a reboot. The desktop launcher for the installer is what we send as attachment in the email to the targeted user. It's what the user clicks on after they saved it. In other words you send someone a file, they download it and run it. That just doesn't qualify in my book as Quoting:prove that Linux is no more secure to malware than Windows is When I had problems before leaving Windows, I didn't know what activex is. After a very serious infection requiring the reinstallation of XP, the tech guy told me to use IE with activex turned off. This is far different. What if I told you to plug in your computer and dunk it in a bathtub full of water? Does anyone claim Linux protects you from that? How is that different from saying Linux doesn't prevent you from running programs that you shouldn't? It's far different from someone downloading a legitimate Excel spreadsheet and getting hit with a virus. (Yes, I did that too.) |
| NoDough Feb 19, 2009 5:00 PM EDT |
Quoting:It isn't that Windows is technically inferior, it's that the majority of the world runs on Windows. This fact alone is very attractive for any virus coder or exploiter. As a virus writer, you'd want to attack the majority, not the minority...This classic argument is easily debunked. If the proposed hypothesis is correct, then it necessarily follows that the world's most popular web server must suffer from far more exploits than its competitors. But it doesn't. The number two web server is by far the most exploited. Therefore, the basis for the above quote is disproved. So, what are the common elements between the most exploited operating system and the most exploited web server? The are both proprietary, Microsoft products (IIS and Windows.) And the common elements between the less exploited products in these comparisons? They are both Free, open source software (Apache and Linux.) So, scientifically speaking, what is the correct hypothesis? |
| tracyanne Feb 19, 2009 5:03 PM EDT |
Quoting:I thought it was just bogus, but using the sample code he provided did create a launcher that would try to run but I didn't have a valid url to download a file from, so I don't know. Point it at a file on your computer or on your network, that should be a good enough test. |
| tracyanne Feb 19, 2009 5:23 PM EDT |
IT's unlikely to work even on my little old ladies, because one of the things I do to educate is explain that, regardless of your operating system, you should not attempt to open files or emails that look strange - someimagename.jpg.desktop is pretty damn strange, and my little old ladies would be on the phone to me about it, or would simply delete the email, and tell me about it next time we spoke. |
| dinotrac Feb 19, 2009 5:34 PM EDT |
ta - I think you hit the nail on the head. Linux desktops don't mask filenames the way Windows desktops do. |
| theboomboomcars Feb 19, 2009 6:20 PM EDT |
I was able to get the desktop launcher to create a new folder and copy a file into it without having to set it as executable, so this is a potential security hole that should be looked at. Though they would have to know what icon that the intended target is using for an .odt flle for it to trick anybody. |
| Sander_Marechal Feb 20, 2009 6:04 AM EDT |
theboomboomcars: Icon paths are standardised across Linux desktops, so that shouldn't be too hard. I agree that the desktop spec should be changed to incorporate the executable bit, but the overall threat is very, very minimal. |
| dinotrac Feb 20, 2009 7:35 AM EDT |
>but the overall threat is very, very minimal. Minimal is in the eyes of the beholder. If you expose all of your cherished family photos, tax info, etc to destruction, it may not seem so minimal. OTOH -- You do have to participate in your own demise and Linux provides you with much more information than Windows. |
| jdixon Feb 21, 2009 10:44 PM EDT |
> If you expose all of your cherished family photos, tax info, etc to destruction, it may not seem so minimal. You do that everytime you power up your hard drive. :) Hard drive failure is a far more significant threat to your data than a Linux virus. |
| NoDough Feb 22, 2009 7:59 PM EDT |
>> Hard drive failure is a far more significant threat to your data than a Linux virus. Wow, that's a great point. I would love to see some statistics on that. I'm guessing the hard drive failure is a greater risk by a multiple in triple digits, perhaps more. |
| AwesomeTux Feb 22, 2009 11:49 PM EDT |
Um... I see "virus.jpg.desktop" and it's also not executable until I tell it it is. |
| hkwint Feb 23, 2009 5:22 PM EDT |
Quoting:The number two web server is by far the most exploited. Were can I find data to support this? Recently, as far as I understood, lots of Apache servers have been cracked too, making them spread Windows viruses. |
| NoDough Feb 24, 2009 10:24 AM EDT |
>> Were can I find data to support this? Recently, as far as I understood, lots of Apache servers have been cracked too, making them spread Windows viruses. Actually, my understanding is that there are an equal number of apache servers spreading malware as there are IIS servers spreading malware. That is not the same thing as counting cracked servers. Last time I looked for the vulnerability statistics was about 4 years ago. They were easy to find on the web. IIRC, they were readily available on cert.org and sans.org. Today, I went a looking expecting an easy task. But finding the stats today is needle-in-a-haystack material. It's not that the stats have skewed toward Apache, it's that they're nowhere to be found. I'll do some more searching later, when I have more time. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!