Wednesday, September 21, 2005

Live Linux Virus!

This is very attention-getting.

Here's the first Unix/Linux virus we've seen since the Great Internet Worm.
Okay, it's in a Korean version of old versions of stuff, but still.

The Morris worm, which appeared 17 years ago, in 1988, infected an unknown number of machines (6,000 is the number often cited, but this was comparable to the 10,000 deaths in New Orleans: a number pulled out of thin air), bringing some of these machines down for an entire weekend. (The virus's attempts to replicate itself put such a heavy load on infected machines that it created what was effectively a denial-of-service attack.) CERT was created in response to this event.

The author, Robert Morris, Jr., a graduate student says it got loose accidentally. He was fined heavily, and sentenced to three years probation plus community service. Morris has since become a professor at MIT. I have a picture of him and Eric Allman, together, in my office, which I took at a Usenix conference shortly afterwards. (Morris exploited a bug in sendmail, which Eric wrote.)

Since then, although proofs-of-concept have been written, the actual mechanics of writing infectious malware that will propagate, in the wild, on Unix/Linux are difficult enough that I've never seen any.

None. Zero.

Writing Linux anti-virus software has been likened to playing a banjo for the money. Okay, admittedly, I still haven't actually heard of anything appearing on machines of anyone I've ever met, but is this a harbinger of problems to come?

Time will tell.


Post a Comment

Links to this post: