LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-02-2004, 07:23 PM   #1
SuSE_User
Member
 
Registered: Jan 2004
Distribution: SuSE 9.0
Posts: 74

Rep: Reputation: 15
MyDoom Virus


I was just wondering...I hope this question isn't stupid but whatever. Does the new MyDoom virus going around affect Linux OS distributions? I heard that Linux is much less suseptable to viruses. So answers?
 
Old 02-02-2004, 07:26 PM   #2
teval
Member
 
Registered: Jul 2003
Location: Toronto, Canada
Distribution: Gentoo
Posts: 720

Rep: Reputation: 30
Viruses have to be designed specially to be cross platform or just for Linux.
MyDoom to my knowledge isn't (not sure how it works thought)

I think it's just another one of those outlook exploting viruses, which unless you run outlook won't affect you.
 
Old 02-02-2004, 07:55 PM   #3
heema
Senior Member
 
Registered: Sep 2003
Location: Egypt
Distribution: Arch
Posts: 1,528

Rep: Reputation: 47
No linux isnt affected by the virus , its ThierDoom not ours
this is one of the privileges using linux
 
Old 02-02-2004, 08:07 PM   #4
r_jensen11
Senior Member
 
Registered: Apr 2003
Location: Minnesota, USA
Distribution: Slack 10.0 w/2.4.26
Posts: 1,032

Rep: Reputation: 45
I'm pissed off. Yahoo filtered it out. They didn't filter out beagel, but they filter out mydoom? If anyone has a copy of this in their email, could you please send it to me(Compressed, like a .bz2 or .gz)? Compression seems to throw off email virus protection, at least for our type of compression. Who needs .zip anyway?

I just want to see the coding, and see what makes it tick and everything. If you have any questions about my motives, search for "Bagel virus" or "beagel virus" and you'll be sure to get my thread about it.
 
Old 02-02-2004, 09:02 PM   #5
questionasker
Member
 
Registered: Aug 2003
Location: North Carolina, USA
Distribution: Onebase 2004-r2 | Updated through 6-10-04
Posts: 359

Rep: Reputation: 30
i didnt get it.
i heard it wsa supposed to attack SCO, then microsoft.
i wouldnt mind helping the venture along, if it didnt mess with my comp.

i think it sent a sever request or somthing like that to SCO's website every milisecond. they shut the site down pretty quick.

at least thats what i heard.

id like a copy to.
 
Old 02-02-2004, 09:30 PM   #6
Greyweather
Member
 
Registered: Aug 2003
Distribution: Ubuntu 4.10
Posts: 311

Rep: Reputation: 30
"I think it's just another one of those outlook exploting viruses, which unless you run outlook won't affect you."

It doesn't need to be Outlook (though Outlook is probably more effective as a vector for this virus). It's an attachment and anyone who runs that attachment will infect their computer. By "anyone" I of course mean Windows users, as it is a Windows executable, and it can't run on Linux, BSD, Mac, etc under normal circumstances.
 
Old 02-02-2004, 10:16 PM   #7
r_jensen11
Senior Member
 
Registered: Apr 2003
Location: Minnesota, USA
Distribution: Slack 10.0 w/2.4.26
Posts: 1,032

Rep: Reputation: 45
Here's the lowdown, since I've been reading up on the virii lately:

MyDoom only infects Windows computers. I'm guessing that it's because it's like Beagel, where it affected the system's regestry. For that reason, it only affects Windows computers directly. However, it also uses those computers to perform DenialOfService attacks on SCO's website, and starting Feb. 3, it's going to go after Microsoft's website. For all infected computers, it looks through their addressbook for Outlook, because it doesn't affect Mozilla, and Netscape is based off of Mozilla. Anywho, it then goes and sends copies of itself to all people listed in the address book. But then again, it could also send itself to all people in your Yahoo account too, I'm not too sure on that aspect. If it's smarter, like Beagel, then it'll rename its attachment each time, using random characters, whenever it sends itself out to other email addresses.
 
Old 02-02-2004, 11:41 PM   #8
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
Hi r_jensen the 11th,

Virii sent :-)

I see that mydoom is very clever since it makes use of the stupidity of some system administrators who configure their mail servers to return the whole mail to the sender when the recepient mailbox is non-existing.
Mydoom simply sends itself with a spoofed sender address to a non-existing recepient at such a badly-configured mail server, which will then stupidly return the WHOLE MAIL (with the virus) to the spoofed sender.
This way the virus can completely hide the actual sender, and the final recepient will receive the virus in a real "undeliverable" message from a mailer-daemon.

I also see that some began to "manually" help mydoom to spread, as once I got mydoom via a non-existing mail address uristen(at)menny.hu ("god(at)heaven.hu"). If a virus needs a non-existing mailbox address, it will probably not scan your computer for non-existing addresses :-), but generate a random one or slightly modify an existing one, but, in no case will it invent a non-existent mail address that makes sense (is funny) in Hungarian.
I could still find out from the mail header that the virus was originally sent by an adsl user at axelero.hu, but axelero's customer service was not very eager to investigate the matter, though they could possibly catch someone who is actively and intentionally participating in spreading the virus.

Last edited by J_Szucs; 02-03-2004 at 12:12 AM.
 
Old 02-03-2004, 04:58 PM   #9
r_jensen11
Senior Member
 
Registered: Apr 2003
Location: Minnesota, USA
Distribution: Slack 10.0 w/2.4.26
Posts: 1,032

Rep: Reputation: 45
J_Szucs, I did not receive the message. Could you send it to r_jensen11<at>yahoo<dot>com please? And in case I didn't say anything before about compression, could you please compress it via bz2, gz, or tar? I know that bz2 works, because that's how I sent beagel to one of my accounts to see if it would pass the filter.
 
Old 02-03-2004, 05:04 PM   #10
Joey.Dale
Member
 
Registered: Jun 2003
Location: Tampa, Fl
Distribution: Gentoo, Slackware
Posts: 828

Rep: Reputation: 30
If you could send it to me as well at joey.dale@elkenserver.net

thank you
-Joey
 
Old 02-03-2004, 05:59 PM   #11
Vlad_M
Member
 
Registered: Aug 2002
Location: Cape Town, South Africa
Distribution: Red Hat 8.0 (Home), Red Hat 8.0 (Work)
Posts: 388

Rep: Reputation: 30
I have plenty of this in my inbox. If someone wants it please email me personally (vladATwebmailDOTcoDOTza) and I'll mail it to you tomorrow from work.
 
Old 02-03-2004, 06:32 PM   #12
r_jensen11
Senior Member
 
Registered: Apr 2003
Location: Minnesota, USA
Distribution: Slack 10.0 w/2.4.26
Posts: 1,032

Rep: Reputation: 45
vlad, the main thing with the virus is that if you want to send it to someone so they can look at it without it getting filtered out, you'll have to download it somehow, then compress it, then send it to the person. You can't just forward the message, because now the email providers are filtering it out.
 
Old 02-03-2004, 06:59 PM   #13
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
kind of funny...

My Computer
My Documents
My (illegally downloaded) Music
My Pictures
My Doom- will launch a DoS against SCO and MicroSoft.com
 
Old 02-03-2004, 07:06 PM   #14
Vlad_M
Member
 
Registered: Aug 2002
Location: Cape Town, South Africa
Distribution: Red Hat 8.0 (Home), Red Hat 8.0 (Work)
Posts: 388

Rep: Reputation: 30
Quote:
Originally posted by r_jensen11
vlad, the main thing with the virus is that if you want to send it to someone so they can look at it without it getting filtered out, you'll have to download it somehow, then compress it, then send it to the person. You can't just forward the message, because now the email providers are filtering it out.
Yeah, I know. They are on my machine thoough, so I just have to tar the attachment and send it like that. In case that the other people still didn't send it to you just email me and I'll send it tomorrow (well, today, technically! I better go get some sleep!!!)
 
Old 02-03-2004, 07:16 PM   #15
TheOneAndOnlySM
Member
 
Registered: Jul 2003
Location: Dallas, TX
Distribution: Ubuntu 10.04 LTS
Posts: 987

Rep: Reputation: 30
eh, another virus; heard many analysts say that this could be one of the worst ones known...

anyway, like stated before, virii for linux are not effective unless designed to attack something common between all types of operating systems (like just screwing the kernel) or are designed to attack linux directly

what saves linux from destruction even if a virus is made for linux is the very effective permissions system; unless you are careless with your system and browse the web a good deal wilst logged in as root, then virii are not likely to do damage to the system but may corrupt things that the user has permission to modify (normally only stuff in /home/user)

unless a virus can find a way to bypass the permissions and use some raw writing technique to "scratch" the harddisk (as in, bypass the permissions and actually burn those holes along the disk), then the virus can't do too much damage

there has actually been an experiment to demonstrate this concept

*actually, what would really prevent the cracking of the permissions system?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
Linux, SCO and Micro$oft on the big battle after mydoom virus demmylls General 25 02-15-2004 06:10 PM
mydoom patch jimi_j Linux - General 1 02-12-2004 06:13 PM
News: "Today the mydoom virus made the homepage of Linux unaccessible" J_Szucs General 31 02-09-2004 11:37 PM
Problem with downloads - Can this be the work of the mydoom virus? coolamit78 Linux - Software 1 01-30-2004 10:37 AM


All times are GMT -5. The time now is 03:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration