|
Don't get me wrong - I am not in the Windows is better than Linux camp, nor vice-versa.
My point is that all OS's have flaws, both minor and serious. Already Linux is starting to see an increase in the number of viruses. Even BSD-based OS's have their flaws and exploits. I remember one that related to a vulnerability with certain SSH installs, though I can't remember what the vulnerability was though. When more and more crackers and hackers turn their attention to Linux then I think you will see an increase in the number of vulnerabilies / exploits. Nobody can anticipate every interaction that code can have under every situation and this is why vulnerabilities such as the RPC one can exist in an OS for years before coming to light. |
Quote:
Hardly an internet stopper, but something to keep an eye on. Thanks, Ben |
Quote:
Quote:
Linux represents a very unhealthy enviroment for any virus, theres no VB macros, no unlocked ports, seperation of users and administrators and lack of binary executables, let alone executables that run without permission. For an interesting and accurate article on linux viruses, rather than speculation, try this: http://librenix.com/?inode=21 Quote:
Quote:
The only ones that have the kind of skill needed to crack Linux or any other kind of Unix are usually far too busy running security companies or writing virus TK's to be used against windows due to some kind of beef they have against MS. Even if they were to start writing viruses to be used against Linux, it would still be reliant on the user to do something truely stupid in order to allow the virus to propegate. Quote:
Ben |
LOL.
Everything is open for exploitation whether it be Microsoft, Linux, Mac. Just cos Microsoft are the largest people think it shouldn't happen. |
It's probably also fair to say that people who run Linux are likely to keep up to date with all the patches and bug fixes that are released.
While some Windows users do, unfortunately a large proportion don't. This is the main reason why Windows virii propagate so well. |
Quote:
SuSE however, well look here: http://www.suse.co.uk/uk/private/sup...ity/index.html There have been 9 updates in the last five months, 10 if you include the kernel patch I'm expecting sometime today and is already available via YaST. What more do I need to say? Regards, Ben |
Helping fight W32.Blaster.Worm
I'm sure you'll have seen in the news mention of the latest worm that's doing the rounds on the internet - W32.Blaster.Worm. This particular nasty will cause your machine to shut down and is designed to launch a DDoS attack against WindowsUpdate from the 16th. It is causing a whole lotta traffic on port 135 as the worm seeks to propagate itself.
We sat up late last night developing a small app that would use the port-forwarding abilities of a router firewall. Basically the incomming port 135 requests are router to port 10000 before they reach the machine so that Windows ignores them, and the app sends out a Net Send message to the connecting IP advising them they they appear to infected with W32.Blaster and would they please go to a webpage for more info. It does have the side-effect of messaging back those Messenger spammers that lurk around the net as well, but that's only a plus in my opinion. :D Most of the scans I get are from other NTL IPs, which indicates that the worm bases it's scanning on the local machine's IP, but there have been a few others. As a guide to how bad it's getting, I received 20 scans this morning while I was in the bath, and I wasn't in there that long. :) We may release the app when it's complete, but in the meantime check your firewall logs and let us know how many connection attempts you've had on port 135 over the past few days. |
Its great that people are developing ways to combat this worm. But I would hope people would be getting the security update from MS and running the MSblaster fix from symantec. I personally fixed two machines last night this way.
One thing that surprised me was that when I closed MSBlaster.exe from the processes list, approx 3 mins later the machine still shut down, the command had restarted itself, this made removal of the virus a tad tricky......eventually though I got the machine to stay on long enough to remove the infection. I dont know how many people would be interested in your application, I may be, but firstly I'd have to enquire who you work for Keep up the good work TW2001 |
well, as of lastnight, this was the fix we were giving out last night.... version 5 i think :erm:
Quote:
|
Quote:
|
Quote:
The program came about from a discussion with a friend of mine who writes shareware in VB and who was getting hammered as well. It started out as an intellectual excersise really, and once we found a way to get a message back to infected people then it kinda grew from there into a small app you can run on your desktop. One thing to note: Most of the machines hitting us don't appear to be protected at all. You can access the drives remotely using 'backslash-blackslash-ip' (eg: \\11.22.33.44) and most of them will show a list of shared directories, so it turns out that this worm is advertising open machines. Just doing our part :) |
I did consider 'net send'ing to folks during the worst of the Bugbear attacks, but refrained after having had a bad experience after replying to the sender of an email virus.
In that case, the receipent of my well-meaning note, thought that I'd caused the virus infestation of his PC, rather than being the receipient of the virus email that he had sent. He thoughtfully copied his flame to the postmaster at my ISP. Fortunately my ISP had better sense then to get involved. On a more positive note, the Messenger service displays your machine name rather than you IP address (I think), so Mr Angry would be unlikely to be in contact. Yours cautiously, Alan |
Quote:
|
Quote:
|
Quote:
Ah Well :-) Regards, Ben |
| All times are GMT. The time now is 05:34. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are Cable Forum