Monday, April 4, 2011

Re: [LINUX_Newbies] Re: New virus infects Linux and Windows platforms (cross-platform infections)

On Sun, Apr 3, 2011 at 9:59 PM, g.linuxducks@gmail.com
<g.linuxducks@gmail.com> wrote:
>
> On 04/03/2011 11:20 AM, chas kennison wrote:
> >
> > ok, so was it an april fools joke or is it valid?
> >
> > --
> >
> Are you serious ! Read the sources ! I do not engage in 'april fools'
> jokes. Myself as source, on Windows, I perform malware removal help and
> amatuer forensics, free lance IT Security. ... http://bluecollarpc.us/
> since 2005.
> This is the original message...
> http://tech.groups.yahoo.com/group/LINUX_Newbies/message/29350
>
> What part exactly makes you think this is a joke ? Sources of the
> statement/information:>

I was the one who first suggested it was a joke, I believe. And I was
serious. Why did I believe it was a joke? First, you posted it on
April 1st. Second, this 'New Virus' has been around since 2006, and
the one link claiming it was new had no source referenced, and the
first link had no dates of publication whatsoever. Third, the second
paragraph in your original post was using a silly headline "Linus
patches kernel to enable broken virus". Finally, a majority of the
original message was using convoluted grammar that made it hard to
understand what exactly was being said. Plus it was fairly long and
rambling, making it unlikely anyone would really read the entire
thing. So no, I was not teasing. It sounded like a prank designed to
inspire a bit of fear.

What, may I ask, was your intent in posting 5 year old information as
if it was new and hot off the press?


>
> antivirus.about.com ?
> networkcomputing.com ?
> darknet.org.uk ?
> computerworld.com ?
> pcworld.com ?
>
> You asked .... (I don't understand why, or you are just teasing ? The
> post is quite self explanatory, why do you ask ?)...
>
> New virus infects Linux and Windows platforms (cross-platform
> infections).....
>
> Winux Virus
> New virus infects Linux and Windows platforms*: security technology
> studies microsoft windows versions linux viruses malicious payload
> william stearns....
> http://antivirus.about.com/library/weekly/aa032801a.htm
>
> Winux: Two in One Virus
> The first Windows, Linux cross-platform virus discovered
> http://antivirus.about.com/library/weekly/aa032801a.htm
> "Virus researchers have discovered a new breed of virus that infects
> both Windows and Linux files on Intel-based Pentium PC's. Considered a
> proof-of-concept virus, it has not been found in-the-wild. As such, it
> is not posing a threat to users, but could signal the beginning of a new
> precedent in virus writing - the cross-platform threat. Within less than
> a day of discovery, the new virus has already been assigned a number of
> different names, including Linux.PEElf.2132, W32.Winux, Linux.Winux,
> W32/Lindose, and W32.PEElf.2132. .....
>
> HISTORY.....
> Cross-platform Virus Infects Linux And Windows
> http://www.networkcomputing.com/data-protection/cross-platform-virus-infects-linux-and-windows.php
>
> April 7, 2006
> A Russian security company announced Friday that it had found a
> cross-over virus that can infect PCs running either the open-source
> Linux or Microsoft Windows operating systems. Dubbed "Linux.Bi.a" and
> "Win32.Bi.a," the split-personality malware doesn't do any damage.
> Instead, said Moscow-based Kaspersky Labs in an online briefing, it's a
> proof-of-concept to prove that a cross-platform virus is possible.
>
> Java Based Cross Platform Malware Trojan (Mac/Linux/Windows)
> http://www.darknet.org.uk/2011/01/java-based-cross-platform-malware-trojan-maclinuxwindows/
>
> 20 January 2011
> It's pretty rare to read about malware on the Linux or Mac OSX
> platforms and even more rare to read about cross-platform malware which
> targets both AND Windows by using Java. A neat piece of coding indeed,
> it targets vulnerabilities in all 3 operating systems -- the sad thing?
> The malware itself is vulnerable to a basic directory traversal exploit,
> which means rival gangs can actually commandeer the infected targets.
> They went to lengths to keep it secure and unseen (encrypted
> communications etc) -- but didn't program the malware itself securely...
>
> Computerworld -
> http://www.computerworld.com/s/article/110330/Kaspersky_warns_of_cross_platform_virus_proof_of_concept
> *Kaspersky Labs is reporting a new proof-of-concept virus capable of
> infecting both Windows and Linux systems.
> The cross-platform virus is relatively simple and appears to have a low
> impact, according to Kaspersky. Even so, it could be a sign that virus
> writers are beginning to research ways of writing new code capable of
> infecting multiple platforms, said Shane Coursen, senior technical
> consultant at Kaspersky.
>
> RELATED:
> Torvalds Patches Linux Kernel, Fixes Broken Virus -
> http://www.pcworld.com/article/125461/torvalds_patches_linux_kernel_fixes_broken_virus.html
> PCWorld
> After discovering that the virus didn't work on recent versions of
> Linux, ...
> "We may see another virus using the same method of cross-platform
> infection. ... "
>
> Linux malware From Wikipedia, the free encyclopedia
> http://en.wikipedia.org/wiki/Linux_malware
> A new area of concern identified in 2007 is that of cross-platform...
> was discovered that contained a script that used the infected Linux PC
> in denial-of- service attacks. ... There are a number of anti-virus
> applications available for Linu*, .... Windows Viruses".
>
> FROM OUR BLOG ON THIS......
> My Linux choice -- Ubuntu (dual boot systems, security myth already)
> August 15, 2010 --- bluecollarpc
> https://bluecollarpcwebs.wordpress.com/2010/08/15/my-linux-choice-ubuntu-dual-boot-systems-security-myth-already/
> "....Of course as webmaster of the BlueCollarPC since 2005, I am
> obviously very, very, very security oriented and share this as a
> Community Help site -- free (Windows OS). We can review original 'horn
> locking' from mid-decade (2000 -- 2010) in the several arguments that
> Firefox browser, Linux OS (operating system) , Apple/Mac were safer than
> Windows between the two operating system users and conclude that in this
> new decade Windows users may begin to flock to Linux as a "back up
> system" to Windows being inoperative due to malwares. This is along the
> lines that much malware on Windows used the Active X maliciously (like
> trojans or malware toolbars, etc.) in Internet Explorer browser and the
> Mozilla Firefox browser operated without it. So the arguements began and
> the hype and so on that "Firefox is safer than Internet Explorer" and
> many, many Windows users have installed Firefox as a back up browser to
> use in the event malware affecting the Internet Explorer in some lock
> out denial of service manner occurred. In the early days this was
> working to achieve logging onto the internet when you could not on IE
> (Microsoft Internet Explorer, part of Windows OS). But cybercrime has
> evolved greatly in a very, very, very short time and with today's botnet
> activities and infections -- they can simply block many browsers from
> navigating to security sites for removal help and software and
> utilities. There was also a cross-infection that was achieved between
> the two browsers -- Firefox and IE.
>
> So, although this may be true in the Linux add on as a back up system
> right in the same computer (dual boot) with Windows - along those same
> lines as the 'back up browser' -- cyber crime no doubt has and is
> working on some "cross platform" type infection ability -- cross
> operating system malware -- to rule this out, meaning as fast as we get
> there with this idea -- they have already seen us coming. Suddenly just
> a couple years ago, all the Linux and Apple/Mac malwares were discovered
> and do not forget the other argument -- Linux and Apple/Mac were safer
> simply because 90 percent of the world was on Windows and are the target
> of the cyber criminal underground meaning Windows users are "where the
> money is". This is relating to the malicious ID Theft activity by cyber
> criminals and other various spyware scenarios and nefarioius use.
> In this new decade (2010 -- 2020) - I obviously predict this occurrence
> of the cross operating system infection for dual boot observing this --
> user security options as adding another OS creating a dual boot system
> computer. It will be exploding with all the ways in a dual boot system
> using Linux and Windows of how you can use Linux to actually hack back
> into the infected Windows sytem to get rid of malware infection. This is
> already possible in various ways. Not long and it is going to be the
> same with just Windows as with dual boot systems -- in worst infections
> there will be no way in to remove it. ....."
>
> ESET NOD32 has won the most awards for Windows protection...
> (about 25 percent more than second and third place worldwide - Symantec,
> Sophos)
> ESET NOD32 Currently 59 VB100 awards !
> http://www.eset.com/
> http://en.wikipedia.org/wiki/ESET_NOD32
> This brings the ESET Antivirus VB100 award total to 59 - still
> the highest of any antivirus vendor!
> December 2009 - ESET antivirus scoops 59th VB100 Award
> http://www.betterantivirus.com/nod32-and-virus-news/archives/1456-December-2009-ESET-antivirus-scoops-59th-VB100-Award.html
> ....So you figure if you absolutely need/want protection - they are a
> superb company....
> ESET NOD32 Antivirus 4 for Linux Desktop Beta Program
> Whether you use your Linux desktop to surf the Web or work on shared
> office documents, it is vulnerable to direct attacks by malware or may
> be targeted as a carrier for cross-platform viruses and other threats
> designed to target Windows and Macs. Network shares, email and removable
> media like USB keys are easy ways for multiplatform malware to spread
> under the radar.
> Runs on the following distributions: Debian, Fedora, Mandriva, RedHat,
> SuSE, Ubuntu, and other RPM and DEB package manager based installations.
> kernel >= 2.6
> GNU C Library 2.3 or newer
> GTK+ 2.6 or newer
> LSB 3.1 compatibility recommended
> THE MORE LINUX IS USED, THE MORE THE NEED AND REALIZATION OF COMBO
> PACKAGES FROM SECURITY PRODUCTS NO DOUBT* !
> Research Item:
> Executable and Linkable Format
> From Wikipedia, the free encyclopedia
> http://en.wikipedia.org/wiki/Executable_and_Linkable_Format
> I personally have been hedgy about dual boot (Linux and Windows on same
> computer) and have mine (Ubuntu Linux) on my Windows Vista machine of
> the which Vista is noteably the safest Windows operating system EVER
> conceived that does not allow viruses to "write to the computer disk"
> and any virus can only achieve residing temporarily in the tempfiles
> which would need stupidity or being duped to click and execute the
> infection. As well with UAC (User Account Control) on as recommended
> that does this protection -there is NO rootkit that can possibly run on
> Vista EVER found. ....
> Vista's Despised UAC Nails Rootkits, Tests Find - Business Center ...
> http://www.pcworld.com/businesscenter/article/146256/vistas_despised_uac_nails_rootkits_tests_find.html
>
> May 25, 2008 ... Most users find it annoying, but Vista's Account Control
> feature proves most effective in security tests.....
> QUOTED....
> "....Love or hate its nagging prompts, Vista's Account Control feature
> (UAC) has a security feature that marks it out from any other type of
> Windows security programme -- it can spot rootkits before they install.
> This is one finding buried in a report published in two German computer
> magazines some months ago after testing by the respected AV-Test.org
> <http://www.pcworld.com/article/id,136206/article.html?tk=rel_news>,
> which set out to find out how well antivirus programs
> <http://www.pcworld.com/browse/1228/topic.html?page=1&typeId=3?tk=rel_news>
> fared
> against known rootkits.
>
> The answer was not particularly well at all, either for Windows XP, or
> Vista-oriented products. Of 30 rootkits thrown at XP anti-malware
> scanners, none of the seven AV suites found all 30, a similar story to
> the six web-based scanners assessed. Only four of the 14 specialized
> anti-rootkit tools managed a perfect score.
>
> Best Protection
>
> The best of the all-purpose suites was Avira AntiVir Premium Security
> Suite, which found 29 active rootkits, with Norton finding as few as 18.
> The anti-rootkit tools fared better, with AVG Anti-Rootkit Free, GMER,
> Rootkit Unhooker LE, and Trend Micro Rootkit Buster achieving perfect
> scores. The scores for removal were patchy, however, with all failing to
> remove any of the rootkits they had found.
>
> The results for Vista products were harder to assess because only six
> rootkits could run on the OS, but the testers had to turn off UAC to get
> even this far. **Vista's UAC itself **spotted everything thrown in front
> of it.
>
> Only three of the 17 AV tools for Vista managed to both detect and
> successfully remove them, F-Secure Anti-Virus 2008, Panda Security
> Antivirus 2008, and Norton Antivirus 2008.*
>
> Once on a PC, rootkits can bury themselves quietly, but they have to get
> to that point first. As long as users interpret prompts from the UAC
> system attentively, or those messages haven't in some way been spoofed,
> rootkits struggle to jump to the PC without drawing attention to themselves.
>
> That UAC can tell a user when a rootkit is trying to install itself is
> not in itself surprising, as Vista is supposedly engineered from the
> ground up to intercept all applications requests of any significance.
>
> [Non-text portions of this message have been removed]
>
>


------------------------------------

To unsubscribe from this list, please email LINUX_Newbies-unsubscribe@yahoogroups.com & you will be removed.Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/LINUX_Newbies/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/LINUX_Newbies/join
(Yahoo! ID required)

<*> To change settings via email:
LINUX_Newbies-digest@yahoogroups.com
LINUX_Newbies-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
LINUX_Newbies-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

No comments:

Post a Comment