Virus researchers at Kaspersky Lab have found proof-of-concept code for a cross-platform virus capable of infecting both Windows and Linux systems. In an alert posted to Viruslist, Kaspersky said the sample virus has been given a dual name - Virus.Linux.Bi.a/ Virus.Win32.Bi.a - and highlighted the way attackers are targeting multiple platforms in malware attacks. "The virus doesn't have any practical application," the company said in the alert. "It's classic proof-of-concept code, written to show that it is possible to create a cross-platform virus."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-11-14
you should take in account subtle, malicious modifications that may go undiscovered for several working days and several backup, making you take wrong decision based on wrong data, publish crippled results and so on, forcing you eventually to restore quite old father or granfather backup (if you do them and not simply a flat backup strategy) with an high payload of work to put the data up to date
BS. This can't be a general virus. You're saying the virus can analyse what kind of file it is editing, and knows how to modify some file types, to generate valid but modified files. The virus will need to know what the file is about for this to work.
This makes no sense from a virus writer POV : it's lots of hard work (nobody can program sth like that yet) for really little annoyance.
Even if you rely on an advanced backup system helping you in finding that little nasy modified files, it can be made very difficult to understand what are the legitimate modifications made to user files and those made by the virus running with the same privileges, moreover any modification can be covered finding a collision in the hashing or, more easy and trivial, the checksum strategy of the backup
It's even worse here : you're saying the virus can universally make modifications to files, in context, without most people noticing it for days.
That means the virus is more intelligent than millions of people.
I can tell you the AI in this virus we'll be so much a revolution, the writer will rather work in the AI field, it will be much more rewarding, and will make him instantly rich.
All of this is BS anyway, as you still don't know how the virus will run in Linux, and a hard disk failure or a user error ('rm -f *' equivalent) is far far more likely that your science-fiction virus.
Member since:2006-01-04
"This can't be a general virus. You're saying the virus can analyse what kind of file it is editing, and knows how to modify some file types, to generate valid but modified files."
I can imagine two easy way to accomplish it:
- simpler: the virus open a way to an human to do it and cover the tracks of the work dome by the human attacker... a problem, the user may not have the right to access the net... however firstly in this case it's very improbable that he got infected, if he got the virus, probably got it by the net, and voilą, the virus opens connections as the user would do legitimately;
- quite simple: read and change numbers (with adjacent ones, plausible but definitely wrong values) in spreadsheet or database, insert embarassing comment in text files and e-mail (like "note for the boss (remove this in final version of the document): if the cient sign this contract he should be totally a ***").
It's only very basical programming for text and only little more complicated for other common file formats... and to alter specifical format (that would be worthless try to automatize) there is the first option.
"It's even worse here : you're saying the virus can universally make modifications to files, in context, without most people noticing it for days."
It's totally unrealistic! Users tend to have thousands work files and to work, say in a given month, on a very little subset of those files. In 15 years in IT, I was asked more often to recover something lost since some time than something the user was aware to have found broken with recent activity.
Who is the user that read carefully (and count carefully each number in his databeses and spreadsheet) ALL of his files every day?
Who is the user that stay at work until the backup start (in deep night) to be sure that something will not alter his files when he went home and let the workstation doing the long boring math calculations all the night, then restoring an apparently normal situation and finally after some days messing up anything (done with truivial timers)?
Assume that a virus alter the content of an archive or an encrypted files the user uses only seldom (say, update once a week), data that have no mean for human, how can he be aware of the modification before eventually he need the specifical file?
Assume that a virus alter the content of an email inserting a insulting sentence before it is sent, what could the user do? Maybe he/she will never go in "sent" folder to see what actuallty was sent!
Assume that a virus insert "no" into some of your text files or document or in email text randomly, changing timestamps to avoid you be aware of the editing. Would you notiche two chars in a 20 pages document you jet red 10 times? Anyone would probably give a (bored, tired, superficial) look at it without even reading it carefully (not mentioning reading carefully everyday every single document!) and without noticing a world that may radically change the meaning of the document.
There are plenty (simple) ways for things to go worse than with a 'rm -f *'!
Edited 2006-04-11 13:06
Member since:
2006-01-04
"But I DO backups :-)"
that corrupt your data you should assume that the virus will not say you:
Yes, but if a "virus happens"
"hey those are the good files and those other the corrupted ones, please restore them from backups"
That would be definitely be a nice thing but reality is somewhat different; you should take in account subtle, malicious modifications that may go undiscovered for several working days and several backup, making you take wrong decision based on wrong data, publish crippled results and so on, forcing you eventually to restore quite old father or granfather backup (if you do them and not simply a flat backup strategy) with an high payload of work to put the data up to date.
Even if you rely on an advanced backup system helping you in finding that little nasy modified files, it can be made very difficult to understand what are the legitimate modifications made to user files and those made by the virus running with the same privileges, moreover any modification can be covered finding a collision in the hashing or, more easy and trivial, the checksum strategy of the backup.