2002-06-03 15:57:33

by Zack Brown

[permalink] [raw]
Subject: [OT] Linux virus?

Not really on topic for this list, but probably of interest to a lot of
people here.

http://www.symantec.com/avcenter/venc/data/linux.simile.html

--
Zack Brown


2002-06-03 17:15:47

by Richard B. Johnson

[permalink] [raw]
Subject: Re: [OT] Linux virus?

On Mon, 3 Jun 2002, Zack Brown wrote:

> Not really on topic for this list, but probably of interest to a lot of
> people here.
>
> http://www.symantec.com/avcenter/venc/data/linux.simile.html
>
> --
> Zack Brown
> -

Symantec is in the business of selling "anti virus" software.
In their "example", there is a cp_ini file owned by "guest".
This is apparently on a system that allowed guest access so
anybody could ftp a file called anything into that account.
Just because it's ELF, it doesn't mean it's executable even
though the executable bit is set. Even if it would delete everything
on your hard disk, I would need to be executed from the root account.
If somebody set up a system so root could upload a file using
ftp, without a password and/or without in being on the local LAN,
they get what they deserve.


Also, when you access the symantec site, you end up getting one
of those persistent "Casino on the Net" advertisements that won't
go away without disconnecting the network wire. Therefore, Symantec
contributes to virii themselves.... Also, if you use M$ Exploder,
check your "history" after accessing this site. You may find that
you just accessed a bunch of porno sites, according to the history.

Cheers,
Dick Johnson

Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips).

Windows-2000/Professional isn't.

2002-06-03 19:06:40

by Mike Dresser

[permalink] [raw]
Subject: Re: [OT] Linux virus?

On Mon, 3 Jun 2002, Richard B. Johnson wrote:

> > http://www.symantec.com/avcenter/venc/data/linux.simile.html
>
> Also, when you access the symantec site, you end up getting one
> of those persistent "Casino on the Net" advertisements that won't
> go away without disconnecting the network wire. Therefore, Symantec
> contributes to virii themselves.... Also, if you use M$ Exploder,
> check your "history" after accessing this site. You may find that
> you just accessed a bunch of porno sites, according to the history.

http://www.lavasoft.de

Get yourself a copy of ad-aware, and run it, to remove the spyware that is
installed on your machine.

I went to that address, definately no popup banner, nor anything new in my
history.

Mike