Linked by Thom Holwerda on Fri 3rd Feb 2006 22:41 UTC
Bugs & Viruses Security watchers say the Kama Sutra worm, which is programmed to overwrite files on infected Windows PCs today, will have a damaging but not catastrophic effect. The Kama Sutra worm (or Nyxem-E or Blackworm) poses as an email message offering a variety of salacious content. Subject lines used in the malicious emails include: The Best Videoclip Ever, Fw: SeX.mpg, Miss Lebanon 2006 and Fuckin Kama Sutra pics. The worm, which can also spread across network shares, only affects Windows PCs.
Thread beginning with comment 92531
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Too bad eh..
by jaylaa on Sat 4th Feb 2006 00:35 UTC in reply to "RE[2]: Too bad eh.."
jaylaa
Member since:
2006-01-17

Remember please that scripts dont come executable in Linux

Why don't they? Is that just by convention or is there actually some safeguard which prevents it?

Reply Parent Score: 1

RE[4]: Too bad eh..
by raver31 on Sat 4th Feb 2006 00:52 in reply to "RE[3]: Too bad eh.."
raver31 Member since:
2005-07-06

yes, there are safeguards against it.

first and foremost...

all files you download are simply that, files.
you have to make them executable, then run them.
Sometimes however, you can download a binary file from a webpage with the execute bit set, but that leads to the next stage.......

Permissions.

although YOU downloaded the file and YOU set the execute bit to true, if you had a titter of wit about you, you would have already set up your partitions so that files on /home cannot run, so any downloads on there will need to be physically moved into your path so that they can run.

As you can see, malware would be ineffective against safegaurds like these. Any that did find its way into your system would sit there dead in your /home

HOWEVER

I have seen some people set up there systems so that users can run programs from their /home. This is VERY bad practice, and destroys one of the defenses Linux has over malware.

Reply Parent Score: 3

RE[5]: Too bad eh..
by raboof on Sat 4th Feb 2006 09:34 in reply to "RE[4]: Too bad eh.."
raboof Member since:
2005-07-24

I have seen some people set up there systems so that users can run programs from their /home. This is VERY bad practice, and destroys one of the defenses Linux has over malware.

This is a trade-off. I like to be able to install things local to my homedir, without becoming root, so i'm sure the installation procedure doesn't mess with the stable part of my system.

Also, though not allowing executables in homedirs is a possibly layer of defense, it's not a very strong one. If an exploit can write a malicious file, it can probably also append something to your .bashrc, for instance.

Reply Parent Score: 1

RE[5]: Too bad eh..
by thecwin on Sat 4th Feb 2006 12:10 in reply to "RE[4]: Too bad eh.."
thecwin Member since:
2006-01-04

Actually, lots of people use their ~/.local or ~/software/ or something as a place for testing untrusted software.

Reply Parent Score: 2

RE[4]: Too bad eh..
by Richard James on Sat 4th Feb 2006 01:24 in reply to "RE[3]: Too bad eh.."
Richard James Member since:
2005-07-07

Remember please that scripts dont come executable in Linux

Why don't they? Is that just by convention or is there actually some safeguard which prevents it?


That is due to umask. When you download a file it is created as a new file. All new files in Linux have their permission set from the umask which is by default 022 on most systems.

The permissions are umask & 077, so umask of 022 is 644 which is -rw-r--r-

if you create a file that is a script in Linux you will then have to chmod the permissions to execute before it is run.

Yes this is a security safeguard.

Reply Parent Score: 3

RE[5]: Too bad eh..
by GvG_ on Sat 4th Feb 2006 23:28 in reply to "RE[4]: Too bad eh.."
GvG_ Member since:
2005-07-07

The permissions are umask & 077, so umask of 022 is 644 which is -rw-r--r-

Me thinks you're a bit off here. With an umask of 022 and a creation mode of 0777 the resulting permissions would be 0755, which is -rwxr-xr-x.

Reply Parent Score: 1