write a Linux virus in 5 easy steps

Fri Feb 13 17:14:17 CET 2009

On Fri, Feb 13, 2009 at 2:24 AM, Stephan Arts <stephan at xfce.org> wrote:

> On Fri, Feb 13, 2009 at 11:05 AM, Yves-Alexis Perez <corsac at debian.org>
> wrote:
> > On ven, 2009-02-13 at 12:50 +0300, kalgecin at gmail.com wrote:
> >> I think this "virus" thing is stupid. I might as well send the user a
> >> binary and trick him to execute it. it's even easier than how the
> >> author wrote. how ever it's as stated "USER STUPIDITY"
> >
> > But $user *is* stupid. Windows are mostly affected by viruses because of
> > that, not because of flaws in the system.
>
> Do you want me to argue that user stupidity *is* a flaw of the system? :-p
>
> -
> Stephan

No but it should be taken into consideration anyway. It's best not to wait
until there's a huge exploit before we look these things. It is interesting
how easy it is to make a .desktop file for an app that a user expects to
type in the root password for. Of course we get back to human smarts, if I
had an icon that popped up on my desktop that said Synaptic I'd be wary but
that's just me, I know that shouldn't happen. What I'd be more worried about
is a script that read my panel bar files grepping for gksu or similar
command and substituted that file with a virus launcher. Something to keep
in mind because there's nothing protecting those files that I know of. Now I
know why kdesu and gksu are evil. Consolehelper is a pain to set up but
because it's set up by root I don't think this exploit would work on it.

Grant McWilliams

Some people, when confronted with a problem, think "I know, I'll use
Windows."
Now they have two problems
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.xfce.org/pipermail/xfce/attachments/20090213/8d8007cb/attachment.html>