[Wolves] Linux viruses

Stuart Langridge sil at kryogenix.org
Mon Dec 6 18:07:41 GMT 2004


On 6/12/2004, "Chris Ball" <chris at mnemonik.net> wrote:

>I consede defeat on this subject, before we get technical, you are
>exactly right of course, but then there are a lot of "bot" type viruses
>with the sole intention of rooting the box to form ddos nets or spam nets.

I agree entirely. Note, though, that they don't actually need to root
the box; they just need access to any account that can open a port to
receive incoming commands and an outgoing port to send spam or network
traffic to a DDoSed host. The Apache www-data account I mentioned (and
other "unprivileged" accounts under which daemons run, like
"nobody") can do this in most default configurations (and in most
"secure" configurations, too, I imagine).

Aq.



More information about the Wolves mailing list