On Thu Oct 09, 2008 at 23:41:41 +0100, Alan Pope wrote:
> What leads you to think it's a _recent_ threat? All reports I can find
> indicate it's very old and well patched.
"patched" ?
It is viral code, that attaches itself to a binary. If you download
a random Linux pre-compiled binary from an untrustworthy source it is
possible it could attach itself to any writeable binary upon the system
you run it on.
There is nothing to patch to fix this issue. If you can, for example,
write to /bin/ls, or /home/$user/bin/script, the virus can update that
binary to include a copy of itself.
In realistic terms it is a minimal threat because:
1. Any virus scanner worth its salt will detect it.
2. Linux users generally do not download precompiled binaries
from random sources.
3. It can only infect ELF binaries, and they will typically only
be writable to root.
So if you download untrusted code, run it as root, you're at risk of
it. (Minimal though that might be.) And short of running SELinux,
or similar system there is no magic cure or software patch that
will protect you.
(In the same way that if you download a random .exe file on
a Windows system it might do more than you expect the same is true
in the Linux world.)
In real terms you're almost never likely to suffer from this problem.
But that isn't to say you're secure. After all source code can be
compromised too .. and bugs are just as dangerous to your system as
malicious code if you don't have backups.
Steve
--
Managed Anti-Spam Service
http://mail-scanning.com/
