LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-17-2003, 06:28 PM   #1
mrdensity
Member
 
Registered: Apr 2002
Location: Central US
Distribution: Libranet 1.9.1 & 2.0, tinyX (2dskxwin) & WinLinux 2001
Posts: 83

Rep: Reputation: 15
New LINUX virus in P2P networks


It looks like there is a virus written for the Linux operating system. It is currently affecting mpg123 ver 0.59. Please correct me if I am wrong but mpg123 is the backend for many of the programs we use on a daily basis for sound on our machines. Including xmms, cdrecord and the sound events in our gui web browsers. the details where I found this are at http://www.theage.com.au/articles/20...520656903.html . It does appear that the exploit involves a buffer overflow in the program and a fix is in place for mpg123 ver 0.59.

Even if you dont share files this could affect your system as well. It appears that it will recursively delete ALL files in the users folder and subfolders. I would suggest setting any music files to read only access and set the ownership to a priveledged account.

I know that the RIAA was given the greenlight for "cracking" into users computers by our (U.S.) gov't. But isnt the deletion of files a pretty serious offence if it involves more than something which they have "rights" to ? Not that I condone file sharing but the ONLY people in my machine are the ones <b>I</b> allow an account to gain ANY access. They might be powerful to an extent but the possibility exists of their virus deleting critical information from corporate desktops or hospitals still exists. And they cant be held liable in a US court, as I understand it. Something is REALLY wrong with this picture. I have wondered about all the connection atttempts to poprt 80 and others (most notably port 6272) and after helping a few friends with tightening their computers security
I think I found why. They were acting as an http server on port 80 that was displaying their p2p connection details as well as a few other details! man did we pull their plug quickly. I wrote the first one off to Kazaa spyware, but saw the same for other P2P nettwork users as well. Now it makes good sense what was happening. They were slowly gathering information for a giant lawsuit against literally hundreds of thousands of P@P users. Possibly even useres that werent interested in unlawful music and video swapping. This is wrong, at least how I percieve right from wrong, this is by definition wrong.

Tell a friend, they might appreciate it ! More than they think now.

PS if this topic has already been postred here please disregard it and move on. I considered posting this in Security section but decided that the General folder would get more visibility faster. If a moderator feels this not top be the case I will certainly conceed to your judgement.

Aaron
edited to correct inappropriate refference from "hacking" to "cracking".

Last edited by mrdensity; 01-17-2003 at 06:41 PM.
 
Old 01-17-2003, 07:02 PM   #2
mcleodnine
Senior Member
 
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
Hoax
 
Old 01-17-2003, 07:32 PM   #3
mrdensity
Member
 
Registered: Apr 2002
Location: Central US
Distribution: Libranet 1.9.1 & 2.0, tinyX (2dskxwin) & WinLinux 2001
Posts: 83

Original Poster
Rep: Reputation: 15
I guess I didnt search Linuxquestions thouroghly enough. I looked for "trojan" and "virus". I found no refference to this the mpg123 virus. But I just now found where unSpawn had already made a refference to this same topic 3 days earlier. With the search results from "RIAA". The reference I mentioned was dated the 15 day of January, 2003 so I guess by internet standards this was already old news when I passed it on.
The possibility does exist of this happening. If it can be imagined it can be accomplished. Time will only tell how this one will play out. I hope everybody has good backups of their /home directories plus any valid .mp3's they might have on their drives.
 
Old 01-17-2003, 07:47 PM   #4
mcleodnine
Senior Member
 
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
Oh the possibility is definately there, make no mistake about it. But if the RIAA/MPAA etc want to actively engage in this kind of vigilante justice then I think a few hundred years of law will have to be rewritten.
 
Old 01-17-2003, 07:50 PM   #5
mrdensity
Member
 
Registered: Apr 2002
Location: Central US
Distribution: Libranet 1.9.1 & 2.0, tinyX (2dskxwin) & WinLinux 2001
Posts: 83

Original Poster
Rep: Reputation: 15
Thanks, for the link to 'The Register'. Im still not entirely convinced that it wont happen. But just that it hasnt (?) yet.
But I know for a fact that I have seen lot more than 1 incidence of peoples computers running a web server on port 80 displaying details of the users P2P connections. Call me paranoid, but There might be more truth to article I originally cited than we think.
Of course it is also entirely possible that none of this will ever happen and I will regrett ever mentioning it at all. But never the less I will still continue to keep good backups.
Enjoy.
 
Old 01-17-2003, 07:55 PM   #6
macewan
Senior Member
 
Registered: Jan 2002
Distribution: Ubuntu, Debian
Posts: 1,055
Blog Entries: 1

Rep: Reputation: 45
http://www.immunitysec.com/GOBBLES/main.html
 
Old 01-17-2003, 11:11 PM   #7
mrdensity
Member
 
Registered: Apr 2002
Location: Central US
Distribution: Libranet 1.9.1 & 2.0, tinyX (2dskxwin) & WinLinux 2001
Posts: 83

Original Poster
Rep: Reputation: 15
OK , I'll admit that I may have posted early and didnt fully research the topic.
I want to thank those here that corrected my posting and did so in a curteous (sp) manner. I guess I was clearly wrong on more than one account as well.

I stated that the U.S. government HAD given them the greenlight to crack root on users computers to delete suspicious files. At one time they (the RIAA) were trying to get this passed with cyberterrorism issues in a bill before congress. It didnt make it. here is one of many links saying it didnt make it, http://news.com.com/2100-1023-939333.html .

They may well get it to go through, eventually. What then ? If their program does gain access to a users machine and rampantly deletes files how would you prove where it came from with a blank drive and all your logs gone?

I guess I was quick to the punch on this because I have been expecting it since the first time I read Windows Media Player now checks to see if your media is valid, before allowing it to play. Ahhh, Thank You open source developers !

Thanks to ALL !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Risk of Linux P2P vs. Windows P2P software snatale1 Linux - Software 2 12-04-2004 07:14 PM
No True Linux *DAEMON* for p2p networks Yalla-One Linux - Software 2 10-26-2004 09:41 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
Linux and Wireless Networks LinuxSeeker Linux - Wireless Networking 4 05-10-2004 04:03 PM
Linux server on 2 different networks mijohnst Linux - Networking 4 12-18-2003 03:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration