Novo - međuplatformski virus!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Tako sam i mislio. I Linux je samo jedan operativni sistem, ne treba ga mistifikovati. Nista na ovom svetu nije apsolutno, sve je relativno.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Interesantan text u vezi ovog "virusa":
Citat:
Zillions of articles on the so-called "cross-platform Windows and Linux virus" tagged by Kaspersky Labs as "Virus.Linux.Bi.a/ Virus.Win32.Bi.a":
Crossplatform virus - the latest proof of concept (April 7)
Sample virus targets Windows and Linux (April 7)
Cross platform virus PoC (April 7)
Virus threatens PCs running Linux or Windows (April 11)
The case of the non-viral virus (April 11)
Hands-on testing of the new Linux virus (April 17)
Torvalds creates patch for cross-platform virus (April 18-)
There is even a funny thing on why the said "virus" doesn't work under the latest kernel... unless a patch is provided, due to a bug in gcc! As Linus Tordvalds says, there is a problem with sys_ftruncate() which corrupts the register %ebx (due to a GCC issue) if the kernel is compiled with "-mregparm=3", which is a default option only with kernel 2.6.16.

Where is the truth? What was it all about? Practically speaking...

1. This is NOT a cross-platform virus!
— It is a Windows (PE) binary, not a Linux (ELF) one!
— It can only run in Linux with WINE, not as is!

2. From the *nix point of view, this is NOT a virus, but just a bad-behaving program!
— You have to download it and put it somewhere first.
— You might have to chmod it to make it executable.
— You have to trust it in order to run it!
— You have to have it run by WINE.
— It cannot infect files for which the user who's running the "virus" has no rights!
— If you run it, it will infect ELF binaries (in the same directory) which will then become able to infect other files. Does this qualify it for a Linux virus?

You could very well think of "rm -rf" as a virus -- the only difference is that rm deletes files, and a deleted file can not delete nor infect another file.

You could very well imagine and write ANY binary or script able to modify another binary (if it has proper rights to do so) in order to spread itself and to produce some damage as well. Who's forcing you to run such a program?!

Simply put, the said "virus" is just a program. You run it at your own risk. If you're running it as root, now you know whose picture should be put in the dictionary under "moron".

Extra quiz:
Do you have "." in your $PATH?
Do you run WINE as root?
Do you ever look into a makefile to see if "sudo make install" doesn't do anything wicked? (No, you don't.)

Izvor:
http://beranger.org/index.php?categ=0&offset=10#873

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Torvalds Creates Patch for Cross-Platform Virus

Newsforge is reporting that Linus Torvalds took a few minutes to review the cross-platform proof of concept virus covered yesterday and has proven that the virus does indeed not work with latest kernel version 2.6.16 and even released a patch in order to fix this "problem." From the article: "The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. [...] So the virus did a number of strange things to make this show up, but on the other hand the kernel does try to avoid touching user registers, even if we've never really _guaranteed_ that. So the 2.6.16 effect is a mis-feature, even if a _normal_ app would never care. It just happened to bite the infection logic of your virus thing."

http://linux.slashdot.org/