D1Wayne wrote: proof of concept, proves they vulnerability,
It proves a theory
... but putting a this into practice
is a different thing altogether. As I wrote in my earlier posting: Yes, there can
be Linux viruses. But are they in the wild? NO.
There once was some stupid worm that would attack PHP pages, but that hardly doesn't count as "virus" as this thing no matter what it did could never ever compromise the entire OS.
danger for a Linux system comes in the form of human hackers
... not virues. Different OS'es, different weaknesses.
And human hackers are very much
a reality and a real threat
to anyone running a UNIX-like system (be that Linux, BSD, HP-UX, Solaris, whatever.... ). But not viruses ...
D1Wayne wrote: the bug mentioned earler, is proof, that 1 digruntle person on adevelopemnt team could easily sabotage a project.
compared to what a real hacker can do to your network if he finds a way in ...
All this virus talk is just FUD and nonsense, sorry to say so
D1Wayne wrote: the link was simply to illustrate how easy it would be to slip in malicious or faulty code.
Or it rather illustrates that certain companies better check their procedures again and how the hell infected Windows machines were allowed to access a critical production area
Most likely some idiot with a Laptop ... maybe a sales guy? They travel around, travel from sales show to sales show, and don't always have enough bandwidth so that they could update their anti-virus definitions. They go home over the weekend, their kid takes the laptop for a ride, installs some games or other software of unknown origin, maybe even a "trainer" or "cheat", or maybe even a "key generator" ... and whhhhooooops!!!!! Laptop catches an infection and the sales guy doesn't realise it yet. So he comes back into corporate HQ, plugs in his laptop into the corporate network ... and whhhhoooops!! We have a virus spreading through the corporate LAN's ... Too bad if it reaches the factories and even gets hard-pressed onto driver CD's and USB-keys ...
That's how it works ... on Windows
And here is UNIX / Linux:
You have a lazy admin who keeps that one "not so important" web server unpatched and unguarded for too long ... "Ya know, it's just holding some boring marketing material, nobody is going to look at that anyway, so we need not hurry with those stupid patches ... Let's patch our 'high-profile' systems first, OK?"
... Yeah right. Been there, heard this BS before ...
But a human hacker has been paying close attention: He's been port scanning your web site for the past few weeks and knows pretty much which TCP/IP and UDP ports are open, and he almost has an orgasm
when he finds that your stupid admin still hasn't patched that old and obsolete application server version: It's time for a remote buffer overflow! He will send so many bogus signals until the application server dies, leaving a wide open root shell behind ...
So our hacker waits until the darkness of the night puts a shroud over everything. Like a vampire he's been sleeping all day long, just for this one night when he will strike.
And then he prepares his attack: One final portscan with "nmap
" in stealth mode, just to make sure one last time that nobody has fixed the security holes in the meantime. Better cautious than sorry, he triggers a few more scans, activates a few "packet generators" and generates some fake traffic, just to make sure he isn't running into a trap or "honeypot".
He keeps his eyes glued to the console ... everything silent. The target is real, it's clear, and it's darkest night: The admin must be sleeping now. It is time ...
And then he strikes: He activates a few C programs and shell scripts that generate the necessary traffic that will kill the application server he's been observing so long ... a few "packet generators" in the background keep the routers busy with fake IP headers so that it will be very hard to trace the origin of this attack back to our hacker ...
Target down! The application server dies a miserable death after receiving this punishment of bogus IP packets, and because the admin was so stupid and never put the server process into a root jail or a virtual machine (e.g. Xen) the application server's death leaves a root shell behind ... Our hacker is in Heaven! He's the "King of the World" ...
Quick! He opens a connection to his underground IRC channel and tells his hacker buddies about his new system that he just got into. "0wn3d
" as some people would say ... real hackers don't talk like that though
Two or three of his buddies get onto the party and also connect to the now compromised system.
Now the real work begins .... Scan the internal network without any of the admins or the "Intrusion Detecion System" noticing! And of course: Place backdoors, keyloggers and trojans somewhere ... Chances are that the admins will patch the application server now that it crashed under "unknown circumstances", so our hacker friends need a new way in. So they place a few backdoors: They are already "root", so nothing is stopping them from modifying a few system binaries and adding "more features" to them. The "postfix" mail daemon gets modified so that it will silenty open a backdoor once it's active. And the "apache" web server gets "patched" too and now will sniff the network for interesting traffic and send the results to a bogus e-mail address on Hotmail.com ...
Uh oh ... it's morning. Time to disconnect.
A few nights later our hackers are back. And with great amusement they see that this lazy stupid admin indeed patched the application server, but he obviously didn't notice anything else; especially he hasn't noticed yet the presence of those unwanted hacker guests and their "special" binary versions they installed.
Armed with the log files their sniffers produced in the past few nights they are now armed with usernames and passwords of several system user and mail accounts; and they find more vulnerabilities further inside the network. They compromise more systems .... And then they find the "holy grail": The database server which hosts all the credit card transactions and which keeps a record of all those precious credit card numbers ...
The next morning you can read this in the newspaper: Hackers stole 300'000 credit card numbers from company XYZ
That's what can
happen on UNIX / Linux and if you are too lazy and/or too stupid to properly take care of your servers ....
But viruses?? No. Definitely no.