Saturday, April 08, 2006

"Another" Linux virus?

There's "another" cross-platform virus capable of infecting both Windows and Linux making the rounds these days. The note from Kaspersky Lab's Viruslist goes into very little detail on the exploit, especially on how the virus might be injected into the Linux system. I'm assuming, for Linux, that you either have to be running as root for it to work, or else it takes advantage of a kernel exploit to elevate its privilege to root in order to infect Linux binaries.

The first case, running as root, may be more prevalent than you think. Linspire's default privilege level after installation is root. The second case, kernel exploits, depend on not keeping up with either a distribution's automated update (such as from SuSE) or not keeping a custom kernel up-to-date from You can even get into trouble by running an older distribution (an example might be Redhat 8) with an older, exploitable kernel.

I'm not in denial like a lot of Mac users. I just know that given sufficient time and motivation that any system may turn out to be vulnerable. If I can't stop the bastards at least I can make it hard enough that they go on to easier pickings. And I do that by keeping my systems up-to-date and running at the lowest privilege level needed to get my job done. That way, if a virus infection does attempt to vector through me (such as a drive-by infection from a website via Firefox, for example) then hopefully I can limit its spread, if not stop it from happening.

No comments:

Post a Comment

All comments are checked. Comment SPAM will be blocked and deleted.

Note: Only a member of this blog may post a comment.