From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-148464-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 4913A1381F3
	for <garchives@archives.gentoo.org>; Sat,  6 Jul 2013 09:21:19 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id ED110E0AED;
	Sat,  6 Jul 2013 09:20:40 +0000 (UTC)
Received: from mail-ea0-f179.google.com (mail-ea0-f179.google.com [209.85.215.179])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 99DF9E0AE5
	for <gentoo-user@lists.gentoo.org>; Sat,  6 Jul 2013 09:20:39 +0000 (UTC)
Received: by mail-ea0-f179.google.com with SMTP id b15so1873100eae.38
        for <gentoo-user@lists.gentoo.org>; Sat, 06 Jul 2013 02:20:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=+fTEoden3t025OcGQWzK4eTbpT/JpDK2ZNyPYmTQROQ=;
        b=RTduc7kjeJjj6IG7FrgAjFsEuLTqCrjIfzCvcIQ64bfTNN+xoi11u+kAxXp8YuWKJn
         3XitjQVrrbedn93KDhugObcHfFcbnymR6ltShSojmkrM4isFs7DjK6Cp1bLvEfM+lxII
         yJMenfE+wRBiEkK5IxAfVl34A3PRffiZI8PKVbe063yy+S2W5QZ0xwIAKX+j0lY8EhWq
         tMyh3Yd6vBFuPha4XqkzAuDr9q1Pq85XZP9v/kbknvA+zrceyBnHBszJ5FrjNRxL1WD2
         BmcMtfhk8A2w4g0GdMvb0O8FRApFwajpADlYtGkcLwQAiJFFelBIXG6aUm0xumFVh6JL
         /UMg==
X-Received: by 10.14.194.133 with SMTP id m5mr15844008een.109.1373102433233;
        Sat, 06 Jul 2013 02:20:33 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPSA id n45sm21823364eew.1.2013.07.06.02.20.31
        for <gentoo-user@lists.gentoo.org>
        (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sat, 06 Jul 2013 02:20:32 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user]  Linux viruses
Date: Sat, 6 Jul 2013 10:20:15 +0100
User-Agent: KMail/1.13.7 (Linux/3.8.13-gentoo; KDE/4.10.4; x86_64; ; )
References: <51D728BA.4060906@gmail.com> <51D746E5.1040606@gmail.com> <51D7BFE2.3070300@mail.ru>
In-Reply-To: <51D7BFE2.3070300@mail.ru>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1783098.kHzvn5TRfL";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201307061020.26154.michaelkintzios@gmail.com>
X-Archives-Salt: 94795db2-4aba-4cc5-bef4-2ba2c350d06d
X-Archives-Hash: aa1ca3997e30fcf88e18231272c04257

--nextPart1783098.kHzvn5TRfL
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Saturday 06 Jul 2013 07:57:38 the wrote:
> On 07/06/13 02:21, Dale wrote:
> > William Kenworthy wrote:
> >> On 06/07/13 04:12, Dale wrote:

> >>> While we was
> >>> chatting, he said that Linux is just as prone to getting a virus as
> >>> windoze and so is a Mac.  I think my laughing let him know I wasn't
> >>> buying his comment.

Well this is just FUD.  Linux and BSDs are much much less prone to virus=20
infection due to their architecture and default authentication restrictions.
Also your average Linux user, well at least your average Linux desktop user=
 is=20
more clued up than the MSWindows equivalent.  With the advent of Linux to=20
mobile devices (Android) this statement is no longer true.


> >> food for thought - some years back a member of the local lug picked up
> >> that something was listening on a port that he didn't think should be =
in
> >> use.  Turned out to be an infected windows binary running under wine .=
=2E.
> >>=20
> >> I presume he had been using wine and this was left running, rather than
> >> self starting.
> >>=20
> >> BillK
> >=20
> > Well, no Wine here.  So that won't happen.  Actually, I don't have a
> > copy of windoze here at all.  Neither of my two rigs have ever had
> > windoze installed on them at all.

I'm sure some poster in 2003/04 posted in this same list about a MSWindows=
=20
malware running in Wine.  That's indication of good code as far as I'm=20
concerned, because most MSWindows programs that I tried would fall over=20
themselves in Wine!  LOL!


> > BTW, I have been known to open those attachments before. I usually open
> > them with kwrite or something and try to see what is human readable in
> > there.  Most is machine language but there is usually a small portion
> > that is human readable.  They sent it and I'm nosy that way.  lol
>=20
> Perhaps it's easier to use strings?

  hexdump -C <suspect_payload>

You may have to unzip it first, because a lot of malware is zipped to escap=
e=20
detection from some simpler anti-virus checkers.  You can also use dd and p=
ipe=20
it to an antivirus to see if it finds anything known.

All OS are susceptible to malware, but not all malware are viruses.  At lea=
st=20
one virus has existed for Linux (in the 90s or early 00s), but it was patch=
ed=20
overnight if I remember right.  Other than that I don't know of any program=
s=20
which can be replicated on Linux machines.  I think this is because despite=
=20
Lennart's efforts no two linux OS are exactly the same.  So, as the virus i=
s=20
trying to replicate itself it will fall down at the next box it tries to=20
infect.

However, rogue add-ons in browsers, increasingly sophisticated JavaScripts,=
=20
and HTML 5 with all its cross-domain/cross-site-request potential could wre=
ck=20
at least some of your data and steal your information, just as easily as th=
e=20
adjacent MSWindows box.  Oh, before I forget, did I mention Java?

Linux running on mobile devices is a different category because there is gr=
eat=20
uniformity of the OS across devices.  This is a big target for any malware=
=20
writers and state actors who value their coding time:

  http://techcrunch.com/2013/07/04/android-security-hole/

=2D-=20
Regards,
Mick

--nextPart1783098.kHzvn5TRfL
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)

iQEcBAABAgAGBQJR1+FaAAoJELAdA+zwE4YeUkoIAJi4krczJaKm9xp4/PbxpAUL
ZOkqe8MVpbhq1D30PE5cpsOs1J7PQt4ebc4UNFR52ofX8Qx2c/EjErRYmTl54yyj
o2QY9CV1ZE+g3Im1f6j/yyGFqNX1r0fu47rW1ZWAOD8TrpbT17qgfA1cpYd1ta98
bkSBkik2A2o08awqyAys05La0986fVhG/vifExXHsLF253KNDs8+E5LBL9yS3FXI
XkOSRFaqT6/eSTzoXuxMfhxk6lPs/0F5ziz+4cBFFG9MXCs5SkcebKzLjcEeOWjw
5V/7ndskcD7gdn9zzZ4kUjRgTTePd38AULTb6nmW76H0whtQzm/zoYxnMEA+jJE=
=R5kS
-----END PGP SIGNATURE-----

--nextPart1783098.kHzvn5TRfL--