[Wolves] Linux viruses

Stuart Langridge sil at kryogenix.org
Mon Dec 6 16:44:00 GMT 2004


On 6/12/2004, "Chris Ball" <chris at mnemonik.net> wrote:

>Stuart Langridge wrote:
>[A large amount of text]

:-)

>I agree completely with what you said, and I understand that the loss of
>the home directory would be a huge loss to the user, and a worm with
>write access and network access in your user account would be damaging.
>Although, without root access, it would not be able to infect system
>files, have access to the password files, create users, install itself
>as a service or any of the other perks that windows virii enjoy.

It ought to be noted that Windows people are not supposed to make
themselves the Administrator, and if you're not the Administrator then
you can't do all of that stuff above either. Having said this, they
*do* do so (and are sort of encouraged to do so by Microsoft). All that
said, though, I can't think why a virus would want to do any of the
things you've mentioned above: infecting system files is only useful if
you're a hide-in-an-executable virus[1] and most of them aren't, these
days; I can't think why you'd want to create users or access the
password file, unless your goal as a virus was not to be a virus but to
provide lots of r00ted boxes for your creator to play with (which is a
common-ish goal for viruses, I admit, along with setting yourself up so
you can be part of a commanded DDoS on somewhere); installing yourself
"as a service" I covered in the earlier mail (all that means is that
you run on startup, and you can put yourself in ~/.xinitrc or whatever
for that).

Aq.

[1] well, not quite: if you can infect system files then you can set
yourself up to be run a lot more, but that's not a primary thing any
more if you're already running on startup.



More information about the Wolves mailing list