Linked by Thom Holwerda on Mon 10th Apr 2006 21:17 UTC
Bugs & Viruses Virus researchers at Kaspersky Lab have found proof-of-concept code for a cross-platform virus capable of infecting both Windows and Linux systems. In an alert posted to Viruslist, Kaspersky said the sample virus has been given a dual name - Virus.Linux.Bi.a/ Virus.Win32.Bi.a - and highlighted the way attackers are targeting multiple platforms in malware attacks. "The virus doesn't have any practical application," the company said in the alert. "It's classic proof-of-concept code, written to show that it is possible to create a cross-platform virus."
Thread beginning with comment 113635
To read all comments associated with this story, please click here.
I'm calling it FUD
by ozonehole on Tue 11th Apr 2006 00:58 UTC
ozonehole
Member since:
2006-01-07

To infect ELF files, the virus uses INT 80 system calls and injects its body into the file immediately after the ELF file header and before the ".text" section. This changes the entry point of the original file.

Sure, its always been possible to write a Linux virus. The problem (for virus writers) is that when you download a file with Linux, it's not executable. Thanks to umask, file permissions will be set to either chmod 644 or 600 (that is, umask 022 or 077). In order for the malware to execute, the user would first have to make it executable using the chmod command. That would be a dumb thing to do.

After years of trying, no one has yet been able to create a practical Linux virus. Rootkits, yes, viruses, no. Or have I missed something?

Reply Score: 5

RE: I'm calling it FUD
by Finalzone on Tue 11th Apr 2006 08:15 in reply to "I'm calling it FUD"
Finalzone Member since:
2005-07-06

In addition, virus writers will have to deal with active security systems like SELinux found on Fedora Core/RHEL and AppArmor on Novell SLES making their life harder. Starting from FC5, packages have now SElinux policies included.

Reply Parent Score: 1

RE: I'm calling it FUD
by Ronald Vos on Tue 11th Apr 2006 15:02 in reply to "I'm calling it FUD"
Ronald Vos Member since:
2005-07-06

After years of trying, no one has yet been able to create a practical Linux virus. Rootkits, yes, viruses, no. Or have I missed something?

It's impossible to write a practical Linux virus, as the marketshare is so little it would never spread. A cross-platform virus has more potential, but the added pay-off in exchange for a massive jump in complexity and thus buggyness and detectability wouldn't be worth it.

However, to infect Linux files, it's simply a matter of infecting Windows, loading the appropiate filesystemdriver (ext2 driver for windows is available, ext3/reiser not, and fat could be used for shared files), infecting the right files, and setting permissions right. Trivial is otherwise of course ;)

PS: hardly anyone writes viruses these days. Any self-replicating code these days is simply a worm. To infect Linux systems undetectably code-inserting will be necessary however.

Reply Parent Score: 1