Linux Ducks

Linux Ducks Linux Operating System Club

News

Hands-on testing of the new Linux virus

Posted by Linux Ducks on April 5, 2011 at 2:25 PM

Hands-on testing of the new Linux virus

 

By Joe Barr and Joe Brockmeier on

April 17, 2006 (8:00:00 AM)

WEBpage URL: http://www.linux.com/archive/feed/53698

 

QUOTED>>>

Thanks to one of our readers, NewsForge has obtained a copy of the widely reported Windows/Linux cross-platform "proof of concept" virus. News reports thus far on the code have contradicted themselves: some reported the virus can replicate itself on both Windows and Linux, others saying it has a viral nature only on Windows. Testing by both NewsForge staff and Hans-Werner Hilse may reveal why the confusion.

Our tests shows the code's viral nature is sometimes -- but not always -- effective on both platforms, depending on the kernel being used. Of course, it's impossible for us to test every version of the kernel out there, but thus far, it looks like those prior to version 2.6.16 are susceptible, and at least some of those after that release are not. Here's how we tested at NewsForge. Our first test was run on an AMD64 box with a fresh install/update of Ubuntu Dapper Flight 5 386 with the 2.16.15-20-386 kernel, with the WINE and GHex -- a binary viewer/editor -- packages also installed. After unzipping the viral package (clt.zip) into an empty directory, we tested CLT.EXE by executing it under WINE in a subdirectory containing only a small executable and linkable format (ELF) file, called hello, written in assembler, that we created for the test. We ran CLT.EXE, and a small window popped up saying that the "dropper" -- as the code calls itself -- had executed successfully.

When we examined the hello ELF file with GHex, however, it showed no signs of contagion -- not even the lines of text which were supposedly installed in lieu of the virus itself when run on Linux. We soon learned that the reason hello remained uninfected in the first test was that the hello executable file is too small, not because the viral code could not replicate on Linux. Another NewsForge staffer testing CLT.EXE under VMWare found that it did infect larger ELF files. '''

FULL http://www.linux.com/archive/feed/53698

RELATED PREVIOUS POST

New virus infects Linux and Windows platforms (cross-platform infections).....

Winux Virus ......New virus infects Linux and Windows platforms: security technology studies microsoft windows versions linux viruses malicious payload william stearns....

http://antivirus.about.com/library/weekly/aa032801a.htm

FULL POST http://tech.groups.yahoo.com/group/LinuxDucks/message/211

Categories: None

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

You must be a member to comment on this page. Sign In or Register

0 Comments

Subscribe To Our Site

Send to a friend

Share on Facebook

Share on Facebook

Super Share

Share on Facebook

Recent Videos

548 views - 2 comments