[svlug] Cross platform virus question?

Dagmar d'Surreal dagmar at dsurreal.org
Wed Mar 28 13:39:01 PST 2001


On Wed, 28 Mar 2001, Steve M Bibayoff wrote:

> avx has just claimed to have found the first cross-platform(windows(?) 
> and Linux) virus. Of course the details are somewhat sketchy. 
> Would/could someone who has a better understanding maybe make a easier 
> to understand explanation. Details are here:
> http://support.avx.com/cgi-bin/command/solution?11=010327-0017&130=09857
> 31825
> web site here:  http://www.avx.com/

Lion is more dangerous than this thing.  First off, it's a research-grade
virus (I.e., no destructive payload), and secondly you have to actually
get the binary on your system and run it with enough permissions for it to
be able to do some damage before it's a threat.

For example, if you're not running around doing everything as root, the
only thing it could possibly infect under normal conditions would be
binaries owned by the user account that invoked it.  (Yay decent
permissions models!)  If you're not in the habit of running other people's
precompiled binaries this virus poses no threat to you.

...and as an aside, cross platform virii (like this one) are not entirely
new, nor are they as elegant as they might first appear.  I remember one
particular cross-platform virus which could infect both Macs and PCs from
several years back, and it amounted to starting by using a few opcodes
specific to the various CPUs so that if it was on a mac, the mac portion
of it's code would be executed, and on a PC the x86 code would be
executed... It essentially makes the virus twice as big, and considerably
easier to detect as a result.





More information about the svlug mailing list