Re: [Hampshire] Linux.Lion worm

On Thursday 09 October 2008 23:41:41 Alan Pope wrote:
> What leads you to think it's a _recent_ threat? All reports I can find
> indicate it's very old and well patched.

I was scanning a Windows USB HDD with a fully updated copy of ClamAV yesterday
afternoon and it flagged it, so I looked it up. One of the references on the
first page claimed to have come from Kasperski and referenced Symantec and, I
think, McAfee and was dated 2 months ago.

The rest, if they had dates at all, were far older - I found the 2001
reference for example. I also found references that said that it was more of
a theoretical threat than a real one.

But I have just talked this person into trying Linux, dual booting with
Windows because of Microsoft Publisher :-(. So the last thing I want to risk
doing is presenting him with a computer that is already compromised with a
virus, however remote the risk. The external drive is his backup.

So I asked you lot. I find you more reliable than Google and I knew that
someone would know something about it.

Can I safely assume that a copy of PCLinuxOS 2008 MiniMe, fully updated to
yesterday, will be safely patched? (Kernel 2.6.22.15.tex2) I shall anyhow
try to block the relevant IP provided that his router can. (I have not yet
checked, but I imagine that it can.) I'll also anyhow try to delete the file
in which ClamAV found it. But ClamAV says that it tried but could not.

TIA
Lisi