LinuxSA Mailing list archives

  From: David Newall <davidn@rebel.net.au>
  To  : Mark Newton <newton@atdot.dotat.org>
  Date: Mon, 29 Mar 1999 12:33:39 +0930 (CST)

Re: Viruses

>> Does Linux get viruses?
> Nope.

Theoretically yes.  Just because nobody has bothered to write one
(yet, and only to our knowledge) in no way means that it can't or
won't happen in the future.  I contend that believing Linux to be
proof against viruses would be a huge boon to virus writers.
Complacency on the part of system administrators is a virus writer's
friend.

On the topic of viruses, or rather on a related topic, I might just
remind the old hands, and educate the younger amongst us, of the
infamous Internet Worm.  Not a virus, in that it did not propogate
by modifying binaries; but never the less it shut down enormous
parts of the Internet back in the early 90's (or was it the late
80's?)  This was a program which exploited widely known and long
ignored security holes in a number of Unix network features, those
including sendmail and fingerd.

One of the more interesting methods of attack was to send a specially
crafted string to fingerd, that string being known to overflow the
buffer used to gather the request, and resulting in fingerd executing
"worm" binary code.  (Fingerd runs as root, so this was the keys
to the kingdom.)

To summarise: The Internet Worm did shut down large parts of the
internet; and it relied upon widely known and long ignored security
flaws.  Had security experts and Unix vendors not been complacent
for so long, the Internet Worm would not have "succeeded".

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject