Security Incidents mailing list archives
Re: New Linux Trojan
From: Ben Ford <bford () securityexchange net>
Date: Wed, 05 Sep 2001 13:57:12 -0700
Qualys Inc wrote:
executable programs. On Linux systems, the Remote Shell Trojan typically begins its replication activities in the current working directory and in the /bin directory.
[ . . .]
Mitigating Factors: -------------------The replication process of the Remote Shell Program can only effect binary files within the access privileges of the user who launched the originally infected program.
I think that this point should be emphasized a bit more, unless you are simply out for dramatization. A properly configured machine won't have the root user running untrusted binaries.
-b -- #===================================================================# # More dead people have written in support of Microsoft against the # # DOJ than any other single group, leading UMSA (United MS Shills # # of America) President Steve Barkto to lodge a formal complaint. # #===================================================================# ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New Linux Trojan Qualys Inc (Sep 05)
- Re: New Linux Trojan Ben Ford (Sep 05)
- Re: New Linux Trojan Russell Fulton (Sep 05)
- Re: New Linux Trojan Jason Robertson (Sep 05)
- Re: New Linux Trojan Gary Flynn (Sep 06)
- Re: New Linux Trojan Russell Fulton (Sep 05)
- Re: New Linux Trojan Nick FitzGerald (Sep 09)
- <Possible follow-ups>
- RE: New Linux Trojan Vidovic,Zvonimir,VEVEY,GL-IS/CIS (Sep 06)
- Re: New Linux Trojan Brett Glass (Sep 06)
- Re: New Linux Trojan Ben Ford (Sep 05)