[lug] Scary precedent, W32.Winux virus
rm at mamma.varadinet.de
rm at mamma.varadinet.de
Wed Mar 28 14:58:43 MST 2001
On Wed, Mar 28, 2001 at 11:54:55AM -0700, D. Stimits wrote:
> I saw it. The author was no script kiddie, it was written in x86
> assembler.
Did you see the actual code? How does it handle the two different
ABIs? What kind of header does it have? I'd like to see code that
can convince both Win and linux loaders that it's PE and ELF.
Ralf
> FYI, here are links:
> http://dailynews.yahoo.com/h/nm/20010327/wr/virus_winux_dc_1.html
> http://support.avx.com/cgi-bin/command/solution?11=010327-0017&130=0985731825
>
> On the up side, it requires a linux user to actually run the program
> before it will attack, there doesn't seem to be a way to automate it,
> aside from tricking the user into running it.
>
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list