[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[seul-edu] virus/worms (was: High School Educational Programs)

On Wed, 2 Jan 2002, Michael Viron wrote:

> so forth at the moment -- there are many problems that such a virus would
> have to overcome to be harmful in any significant way:
>
> 1.  It would have to be sent to root via e-mail

Really this doesn't matter.

> 2.  The e-mail itself would then have to be opened by root
> 3.  The attachment (whether a shell script or C program) would then have to
> be saved to a file.
> 4.  Next, root would have to do a chmod +x on the file.
> 5.  Finally, root would have to execute the file.

It doesn't matter if it is root. The virus may be able to do its damage
with the privileges that the current user (and group) allow it.

For example, it could replicate itself by sending to everyone in your
address book(s).

Or, it could run a network (even http or smtp) service (using some high
port); i.e. it could be used to to relay mail by listening to smtp on some
port (like 2525) and then send the mail on.

Or under regular user privileges, you could run a file server on a high
port to distribute illegal or inappropriate files.

> If such a virus is sent to a user instead, at most it would delete that
> users files (if they decided to save / add execute permission / and execute
> the attachment -- unlikely, if you ask me), which can be easily restored
> from backup.

The exploit can be more than just deleting files; for example, it could
modify your current files and user configurations. (Maybe change the shell
login script to reprompt for username and password and then mail them to
the virus maker. Or set an alias for "su" to their own code for stealing
and emailing the root password!)

On Thu, 3 Jan 2002, Chris Hornbaker wrote:

> With email, virii are pretty much not a problem. Most virus writers that I
> have heard of try to attack Outlook or some part of a specific OS. Not only
> that, but a student would have to save the attachment, open a terminal (the
> admin could simply make it so that they can't open a terminal), become root
> (this would stop them dead in their tracks), type chmod +x filename, then
> ./filename to run it. So as you can see email virii aren't a real problem for
> Linux. not only that but email clients default to text only. So, macro virii
> would would simply be seen is a bunch of gibberish, if seen at all.

The main problem is getting the user to execute the virus (including
making it executable). So maybe the virus writer can hide his weapon
within a game and include the instructions on how to use it.

Or is there any email clients or file managers that try to automagically
make programs executable and execute them for you if you double-click on
them?

There are other ways to take advantage of a user (including root), for
example the Blackbox window manager allows the style (theme) file to
include code that can be ran when the style is loaded; usually this if for
setting the background. But some malicious style designer could take
advantage of root running blackbox. (By the way, I wrote a patch to fix
that Blackbox problem.)

   Jeremy C. Reed
   http://www.reedmedia.net/