Viruses for Linux -- Was [techtalk] Question for the group

Laurel Fan lf25+ at andrew.cmu.edu
Thu Oct 14 20:16:19 EST 1999


Hmm.  It is well known how to exploit a buffer overflow for any unix
platform.  It is also usually possible to determine remotely or locally
what OS a machine is running.  Root can watch what any user does.  So,
to have an interesting virus/worm:

1.  Get on a system.
2.  Get root. (Either use a normal root exploit, or watch the user and
see if they su.)
3.  Look for .rpms, .debs, .tar.gzs that look like a source or binary
distribution of a program,  and replace them with your own.(These might
be stuff that the user has dowloaded but not yet installed, or better
yet, stuff they've put up for download)
4.  Modify gcc such that every program compiled with it will contain the
virus. (Make it harder to get rid of..)
5.  Modify telnet/ftp/ssh etc. to notice when a user logs in to another
system, and log the hostname, username, and password. (Get on some more
systems.. even better if someone logs in as root somewhere.)
6.  Modify various mail clients to send the virus to random people in
the address book. (Standard email virus.. might work better because its
from a "trusted" source)
7.  Modify servers/daemons to exploit vulnerable client programs.
8.  Look for other systems by watching the network, determine what they
are, and try to exploit something to get in.

And then do something so that newer versions can upgrade older ones when
old holes get fixed and new ones are found... (Or just write an AI
program that can subscribe itself to bugtraq and figure it out
themselves..)  As long as its done right, there's no reason a virus
can't be cross-platform and portable.  (Ok, this is nontrivial.  but it
is possible.) 

************
techtalk at linuxchix.org   http://www.linuxchix.org




More information about the Techtalk mailing list