Mpack threat, is Linux vulnerable?
 

Hi

I've read a lot in the media today about the new MPack malware, that also goes by the name "the iltalian job"

http://www.securityfocus.com/brief/529
http://www.symantec.com/enterprise/s...f_badness.html

But I find very little information about the targeted platforms. Now, my question is very simple, could this be exploited on Linux in genral, and OpenSuse 10.2 in special?

/A.

no, it's a microsoft exploit. http://www.symantec.com/enterprise/s...052712-1531-99

Even though the actual ANI exploit is targetted at Win this doesn't mean a) the sources (the webservers being exploited for redirection) could well be GNU/Linux boxen that where exploited by holes in PHP apps (since that's still common enough, sadly). And b) it's only Win is security-wise (and commercially speaking from certain types of crackers POV) a way easier target compared to Lin.

Note I'm not trying to spread FUD here, just trying to balance things a bit. Because they get exploited today we shouldn't get smug and leave implementing precautionary measures to tomorrow.

I have always wanted to be able to download a Windows virus and install it on my windows computer to see what happens, but I can never find a place to download them. It seems like you could use some of them for administrative purposes such as reformatting or shredding a drive.

<edit>I forgot you could download IE and Norton...;-)</edit>

Just pointing out the SANS Mpack analysis at http://isc.sans.org/diary.html?storyid=3015: "The Italian hosts responsible for most of the domains seen in a recent MPack attack are using cPanel, a Web administration tool for clients. A zero-day cPanel attack took place in the fall of 2006 leading up to the large scale vector mark-up language (VML) attacks at that time.".

I am not so sure. Here, bellow of page there are 4 links. Read MPack.pdf.

It's a M$ thing. Any server can host the IFRAME or other exploit (that's just markup in HTML, Javascript, etc.), but it's glass-jawed Windoze-only that gets whacked (again).

The lack of info as to what is effected by all MPack reports I've read is starting to make me think they left it out on purpose (eg, Hmmm... wonder if Linux is vulnerable too? Better check their article... [* increase appropriate website hit counter *] ).