[Sussex] Oh please, can I run my virus in Linux too?
Steve Dobson
steve at dobson.org
Fri Jan 28 13:49:28 UTC 2005
Angelo
On Fri, Jan 28, 2005 at 01:22:52PM -0000, Angelo Servini wrote:
> Har.. Har ho ho.. this is a funny article.
>
> http://www.newsforge.com/article.pl?sid=05/01/25/1430222
>
> I mean running viruses in Linux cant be THAT hard, can it?
I think I've found another reader of Groklaw :-) I read that
earlier from a link there.
I noted the following while reading:
"...[I] re-ran the virus. After waiting for a few minutes,
and receiving no mail, I gave Symantec's summary of the
Klez virus another look. Klez is so un-RFC compliant that
it doesn't even bother to query DNS for the mail server of
a given domain. It just tries "smtp.domainname.com." My
mail server isn't named smtp.mydomain.com, but the Panix
ISP (where I have a shell account) has such a host, so I
edited my .txt file and tried again. After waiting half an
hour, still nothing."
I don't like his testing methods. He didn't use tcpdump(1) to
monitor the network traffic to see if the virus made a connection.
All he did was check his mail box. What if Panix's mail server
is running a spam/malware/virus filter - a lot do these days.
Matt Moen doesn't seam to be doing a "proper" job in testing. If
you're going to test virus you should run them on an isolated
network so the think can't spread itself even if it WINE would
let it.
I didn't find this article that funny as the guy could have help
spread the virus - not a kind and friendly think to do.
Steve
More information about the Sussex
mailing list