[Techtalk] Linux email viruses

[Evilpig]

On Fri, 23 Jul 2004 18:04:41 +1000, Mary <mary-linuxchix at puzzling.org> wrote:

<SNIP>
 
> With any luck, Linux mail clients will appropriately warn the user
> before launching executable attachments so this stuff would not be
> effective but "plain users" have plenty enough power for viruses to hurt
> them, should there ever exist a virus that spreads effectively on Linux
> machines or between particular Linux mail clients.
> 
> -Mary

I completely agree with Mary that the effects of malicious code
running under a normal user account should not be trivialized.  Not
only does this put all of the user's data at risk (which they
generally consider to be important), there has been no shortage of
local privilege elevation exploits on Linux over the years.

Designing an MUA to launch executables obviously isn't the best idea,
and this "feature" has been relied on by most (if not all) Windows
email-bourne malware.  Currently the Linux/UNIX MUA world doesn't do
such things, but that doesn't mean that email worms can't spread
effectively.  If the email client itself can be exploited by simply
viewing a message, the same damage can be done even without said
"feature".  This is not unheard of - an example of such a
vulnerability was found in PINE less than a year ago (see
http://archives.neohapsis.com/archives/bugtraq/2003-09/0181.html).

The upside of needing to have the client itself be exploitable is that
(hopefully) the same malware wouldn't be able to affect PINE users,
Mutt users, Evolution users, Thunderbird users, etc.  The Linux
userbase isn't an MUA monoculture, which works in our favor.  Of
course, there will always be people on every OS that will jump through
all the necessary hoops to get at the "Wicked Screensaver" ;-P

- Colleen