Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cross platform virus PoC

Published: 2006-04-07
Last Updated: 2006-04-07 22:44:30 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
Viruslist is reporting on a cross platform Proof of Concept (PoC) virus that works on both Linux and Windows machines. It is claimed to be capable of infecting both the linux ELF binaries and .exe's from windows.

The impact of the PoC at this point is very low in itself, but it is a sign the cross platform aspects are becoming important. As the developers of viruses continue to research this, we will see (more) cross platform malware come about in the future.

Even today websites sending exploits to their visitors tend to detect what browser/platform the visitor is using and send a matching exploit to install some malware and earn their quarter for each confirmed installation.

Planning ahead and also protecting the Linux, UNIX and Mac OS X, machines with anti-virus measures is a good thing to start on now if you haven't done so already.

For those thinking their "pet" computer is invulnerable to the virus threat: it's not. The vulnerability exploited by a virus is the ability of software to add or change other programs. All general purpose operating systems have that vulnerability to some degree.

Getting infrastructure that is fed signatures in an automated manner in place allows you to shorten the time needed to respond, even if the specific platform isn't targeted today. Since anti-virus measures are mostly reactive in nature, anything that makes your reactions faster is good.

Updates, clarifications:
  • We know about the sadmin worm. It was cross platform between Solaris and Windows. Although there is a technical difference between a worm and a virus.
  • Not running about as "root" or "Administrator" surely helps to protect your computer, but it does not and will not remove the ability of viruses to propagate to what you have access to. Only if you limit the user to have any change rights to all possible programs (including scripts and the like), will you be technically safe from viruses. Such a setup isn't likely to be usable on a general purpose computer anymore ... But if you can you might have a winner for protection against pure viruses.
    There are no patches against viruses.

--
Swa Frantzen - Section 66
Keywords:
0 comment(s)
Diary Archives