On Thu, 24 Aug 2006 13:02:16 +0100, Roy Schestowitz wrote:
> The short life and hard times of a Linux virus
>
> ,----[ Quote ]
>| For a Linux binary virus to infect executables, those executables must
>| be writable by the user activating the virus. That is not likely to be
>| the case. Chances are, the programs are owned by root and the user is
>| running from a non-privileged account. Further, the less experienced
>| the user, the lower the likelihood that he actually owns any
>| executable programs. Therefore, the users who are the least savvy about
>| such hazards are also the ones with the least fertile home directories
>| for viruses.
>|
>| [...]
This is simply not true. Under perfect circumstances, that would be
correct, but there are a number of things that mitigate this.
First, a virus need not infect *ANY* files, other than the users startup
script. All it has to do is run, and send out copies of itself to users it
finds in address books, web caches, newsgroup caches, etc...
Second, this theory ignores the existence of local privilege escalation
exploits, something that any virus writer would likely take advantage of,
especially if it's a new 0-day vulnerability.
Of course you still need to get the user to execute your virus, but that's
possible in a number of ways, including telling the user that the content
is something they REALLY want to see (Jessica Simpson Naked) or something
like that.. or, the code could execute via a vulnerability in a different
program like a web browser or email client.
|
|
