Ignore the Linux worm hype, say security vendors
Results 1 to 10 of 22

Thread: Ignore the Linux worm hype, say security vendors

Hybrid View

  1. #1
    Senior Member gore's Avatar
    Join Date
    Oct 2002

    Ignore the Linux worm hype, say security vendors

    Media reports circulating about the threat posed by a Linux worm called Mare.D have been written off as little more than the result of a "slow news week" by one leading antivirus expert.

    The stories stemmed from a fairly innocuous warning on F-Secure's blog about the virus which is targeting open source vulnerabilities, known about since last year, and the risk of infection is believed to be negligible.
    A worm that tries to find exploits over a year old??????? This is on an OS where you only need to reboot for Kernel patches..... Looking at the Slackware.com security patches, for 10.0 10.1 and 10.2 there hasn't even BEEN a Kernel patch.

    As such other security companies have told Silicon.com they are baffled by the media coverage the worm has attracted.

    But even F-Secure is confused as to how a run-of-the-mill blog posting has turned into a news story.

    Richard Hales, country manager at F-Secure, told Silicon.com: "I don't know why anybody has picked up on this anymore than they normally would. Our blog is there for commenting on everything from whether the chips were cold at a conference to reporting the latest variant of a worm. But if it's something serious we'd put out a warning and we'd issue a press release.

    "Perhaps because this had 'Linux' in the title it attracted a bit more interest."

    He said: "It does seem very odd to me to highlight a vector that is a year old and is very likely patched in production systems."

    Russ Cooper, senior information security analyst at CyberTrust, went further, suggesting the media is simply trying to "work up a lather among communities which don't normally buy antivirus software". He was referring to the fact a Linux worm might be seen as more newsworthy even if "there are no reports in the wild".

    Cooper added: "It must be a slow news week."

    Graham Cluley, senior technology consultant at Sophos, agreed. He confirmed his company had seen no reports of the virus and suggested novelty factor, rather than genuine threat may be behind the story.

    Cluley told Silicon.com: "At the moment, malware for all kinds of non-Microsoft platforms are making the news because of their novelty value I think. It's important that people who don't use Microsoft Windows realise that attacks do happen on other OSes but it's also important to keep these things in perspective."

    He added: "The problem is huge on Windows with 120,000-plus pieces of malware that figure is humongous compared to Macintosh, Unix and so on."

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    tsunami, you're replying to a thread that's almost 2 years old now..

    But in light of that and having re-read parts of it. It's an urban myth you need root/admin access to get infected with malware. Hence no exploits are needed to turn your *nix box into a spambot. Just the casual user clicking on an executable. So there really is no reason why viruses like NetSky can't exist on *nix.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Member tsunami's Avatar
    Join Date
    Jul 2003
    Quote Originally Posted by SirDice
    tsunami, you're replying to a thread that's almost 2 years old now..
    oops, i didnt look at how old the thread was. Oh well nevermind.

    I agree completely, you can have malware cause untold issues on a machine without it ever having admin/root rights.

    The biggest issue we see at the moment at work are linux boxes that get hacked and added into botnets rather than them being infected with malware. I put that down to linux/unix being used far more for servers. If it were used way more on the desktop then we would start seeing far more socially engineered attacks.

  4. #4
    Join Date
    Jan 2008
    that on some OSs reboots are only for hardware and Kernel code and the maybe reason of why no one saw it at all.
    Actually even in windows if you update a specific application alot of times it won't bother. And it's not as if you couldn't stop it from scheduling that through group policy.

  5. #5
    Senior Member
    Join Date
    Dec 2003
    considering what ive read above , im downloading slackware and using it on my network
    im a Steve Wozniak in a bill gates world

  6. #6
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    And now is a good time, given Slack 12.1 was just released :-)
    Only trust Pipe-smoking Penguins.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts