Linux worm discovered!!!

If you want to talk about your personal paperweight, you've found the right place!

Moderator: Moderators

Postby monday90 » Wed May 23, 2007 0:08

I don't believe it is. This is just a Macro virus. More of an irritation than a serious threat. I'm not entirely sure of the mechanism it is meant to use in order to spread though.
monday90
Simple Hen
 
Posts: 71
Joined: Thu Mar 15, 2007 23:13
Location: Aldershot, U.K.

Postby totedati » Wed May 23, 2007 17:49

if it has the power to do a 'rm -Rf $HOME' you can call is a angel virus, for me damage is still catastrophic ... worm, macro, rootkit who care !?. Can touch my data? Can delete any file from my account? Then it is bad news for me ... And deleted file recovery in any modern linux filesystem, excluding ext2 & ext3 fs, is a nightmare ...

so ... were is source code for this macro virus? ... i want to see it ... i'm curious ... :oops: :oops: :oops:

I see what can tell you me now ... do you backup often ? ... really ... i will do when can grab a backup system that can backup quick, 5-10 min no more, 200-300 GiB, and can cost less than a 50 RON ... period .. :roll:
linux is free, the expertise to harness it is not!
you don't make so much money selling open source software!
You make MORE money USING it, just like google!
linux registered user #352479
totedati
Technological Hen
 
Posts: 417
Joined: Thu Jan 11, 2007 0:24
Location: Sibiu, Romania

Postby davemc » Wed May 23, 2007 19:15

monday90 wrote:I don't believe it is. This is just a Macro virus. More of an irritation than a serious threat.


Pricisely. This was nothing more than a test done by a real cracker to prove the point that Linux systems are vulnerable to attack methodologies such as this. And this is OLD! ie. this is what crackers were doing 10 or more years ago to infect Windows systems. Nowadays they are much more advanced. So, the point is that if a Linux system can be cracked with very old code, then the newer methods are fullproof and will most likely work with 100% effectiveness.

Get it now?

Dont be stupid enough to think that crackers (who are far more computer savvy than 99% of the linux types) who spend every day thinking up new ways to crack closed sourced Windows are too dumb to crack open sourced Linux code. It WILL happen and probably already is, in ways that you dont even realize yet. Not saying that Linux isnt far more secure than Windows, because it most certainly is, but its far from being immune to this sort of thing.

Keep in mind too that by saying, "security vulnerabilities", often is the result of user misinteractions - NOT the result of faulty code! ie. opening a laced file such as above, or visiting a spoofed website -- just a pittance of the pitfalls out there now, all caused by the user doing something to cause the vulnerability to his/her system. There are so many stumbling blocks out there now that that line of "secure system" does not mean that you are immune to attacks just because you run XYZ system. The Linux method for security is isolation, but that just means that only a narrowly defined subset of your system can be corrupted or cracked, however, you are still vulnerable and that subset is unsecure.
davemc
Sharecropper
 
Posts: 680
Joined: Tue Jan 02, 2007 17:08
Location: Virginia, usa

Postby monday90 » Wed May 23, 2007 21:32

About 10 years ago the advice went around "Don't open any old shite someone sends you". This still holds true today. Remember things you run run with your permissions if they choose to delete /home they will. Backups are as important now as they ever were, I personally keep everything important on a rHDD. Never get complacent about basic security just because you run Linux.
monday90
Simple Hen
 
Posts: 71
Joined: Thu Mar 15, 2007 23:13
Location: Aldershot, U.K.

Postby Darksurf » Tue Jun 05, 2007 17:44

First off, most linux users aren't stupid enough to open crap they don't know or understand.
Second off, As long as you keep your software up-to-date there will always be patches.
That is the beauty of opensource, freedom, and linux. There is no way something like that could be just as widespread as any Windows "Worm" in history. (not for the time being at the very least)
Darksurf
Old Dear Hen
 
Posts: 782
Joined: Sat Sep 16, 2006 4:01

Postby mbuel » Wed Jun 06, 2007 17:21

totedati wrote:for all this crazy worms is only one simple and safe way to go out to the wild, aka internet, in linux and windows ... when you surf, and get e-mails, and etc ... etc ... with outside and untrusted data do it only with program loaded with another user rights that you normal user account. In this way when a macro so simple as this 'Badbunny-A' usually can not touch our data, and can not do a 'rm -Rf $HOME', which for many of us in more catastrophic than a corrupted os. How many do this? I think that none, here including myself ....

By the way, is only a openoffice macro? Hmmm ... i want to see her source code ... maybe is GPL'ed!? :twisted:


(new to the boards, but this is a topic I'm interested in.)

a few issues with this "worm".

#1) it is an open office vulnerability, independent of whatever platform you are running open office on. (which is one of the reasons I prefer Koffice.)

#2) It like all malware (adware, virus, worm, trojan, etc) requires social engineering to execute. The creator has to convince strangers to open an untrusted document, then it will propagate itself and steal your information. Is linux any safer from such social engineering versus windows? For the time being yes, because linux users tend to be more computer literate and more security orientated.

#3) I've heard the rm -rf myth for awhile, (and I call it a myth for a reason) While it is certainly feasible for someone to socially engineer a _few_ people to "click on this for nood women!", the linux community would stop it quickly, and word would get out quickly. Do the malware programmers destroy the data on windows users computers? No. The data on the harddrive is valuable. It contains information about you, and they want to extract that information not destroy it.

I've dealt with that situation on friends windows computers, that have a piece of malware running that looks like the windows XP error, in the system tray. All the while it's streaming personal information to a server overseas...

First off, most linux users aren't stupid enough to open crap they don't know or understand.


I agree!

Second off, As long as you keep your software up-to-date there will always be patches.
That is the beauty of opensource, freedom, and linux.


I agree with this also. Open source evolves faster than closed source software.

check out secunia.com for proof:

Windows Vista released about 6 months ago, has eight advisories (all for JUST windows vista) two of which are unpatched.

http://secunia.com/product/13223/?task=advisories_2007

Ubuntu linux has 14 advisories in the 2 months it's been out. ONLY because linux advisories include all the packages in it's umbrella.) Even considering the greater number of problems discovered (and more are discovered, more quickly becuase of the open nature.) ALL of them are patched.

http://secunia.com/product/14068/?task=advisories
mbuel
Simple Hen
 
Posts: 44
Joined: Fri Jun 01, 2007 17:03

Postby totedati » Sun Jun 17, 2007 13:34

mbuel wrote:#3) I've heard the rm -rf myth for awhile, (and I call it a myth for a reason) While it is certainly feasible for someone to socially engineer a _few_ people to "click on this for nood women!", the linux community would stop it quickly, and word would get out quickly. Do the malware programmers destroy the data on windows users computers? No. The data on the harddrive is valuable. It contains information about you, and they want to extract that information not destroy it.


and when the sniffing part is over how can cover you trail best, with logic embedded in worm to a minimum level? jump to a 'erase all info that you can solution'. Is true that password and creditcard info sniffing is the goal, but after that ... go to hell with your victim ...
linux is free, the expertise to harness it is not!
you don't make so much money selling open source software!
You make MORE money USING it, just like google!
linux registered user #352479
totedati
Technological Hen
 
Posts: 417
Joined: Thu Jan 11, 2007 0:24
Location: Sibiu, Romania

Postby mbuel » Tue Jun 19, 2007 17:13

totedati wrote:and when the sniffing part is over how can cover you trail best, with logic embedded in worm to a minimum level? jump to a 'erase all info that you can solution'. Is true that password and creditcard info sniffing is the goal, but after that ... go to hell with your victim ...


from the worms/trojans/malware I've dealt with on windows machines, it seems they hang out as long as they possibly can, gathering as much information as they possibly can. Remember in the information age, the value of a rm -rf is zero. (or format C, etc.)

The majority of these pricks that spread malware, don't care about covering their tracks. most of them put their signature in the malware, as a sort of narcissistic tag.

Have you personally heard of any windows malware/trojan/worm victims complaining that their windows will no longer boot because their hard drive has been fragged? No, the majority of them complain about windows running slow, not bothering to notice the thousands of applications running in the system tray.
"Democracy means government by the uneducated, while aristocracy means government by the badly educated."
GK Chesterton
mbuel
Simple Hen
 
Posts: 44
Joined: Fri Jun 01, 2007 17:03

Postby mocoy35 » Mon Jun 25, 2007 7:59

i am a linux neophyte so a lot of this thread is above my head but just wanted to say that in my experience NOTHING is 100% secure. as the old saying goes locks are meant to keep honest people honest

mocoy
mocoy35
Baby Hen
 
Posts: 2
Joined: Sun Jun 24, 2007 18:38

Postby Darksurf » Mon Jun 25, 2007 8:20

OOoooo.... That is true philosophy!! I like that! True, nothing is 100% secure, so why the hell worry when your system is 99.999% secure 99.999% of the time!!!??!? Unlike in winblows where you are only 50% secure 110% of the time. :mrgreen: :lol:
Darksurf
Old Dear Hen
 
Posts: 782
Joined: Sat Sep 16, 2006 4:01

PreviousNext

Return to Off Topic

Who is online

Users browsing this forum: No registered users and 1 guest