LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Dual Platform (Window/Linux) Virus ???

[ILUG] Dual Platform (Window/Linux) Virus ???

Gerard J Keating gerard.keating at fintrax.com
Mon Apr 2 09:55:08 IST 2001 

Symantec add the following at
http://www.symantec.com/avcenter/venc/data/w32.peelf.2132.html


W32.Peelf.2132 is a proof-of-concept virus that has not been reported in the
wild. It searches for and infects Microsoft Windows PE files and Linux ELF files
on Microsoft Windows systems and on Linux systems. This virus has the ability to
infect files from both Windows and Linux operating systems at the same time. The
infection code within this virus understands the file structure of both Windows
and Linux executable files. This gives it the ability to infect files on either
system. When an infected file is executed under Microsoft Windows, the virus
will search the current folder and up to 20 folders above it for all PE and ELF
files, regardless of extension. When an infected file is executed under Linux,
the virus will search the current directory only. If a PE file is found which
has a relocation section that is at least as large as the virus, then the virus
will write itself there and remove the reference to the relocations. Thus, the
file size will not increase. If an ELF file is found with a code section at
least as large as the virus, the virus will copy those
bytes to the end of the file and overwrite the code at the entry point with
itself. In this case, the file size will increase.

Files infected with this virus will contain two strings:

Win32/Linux.Winux] multi-platform virus by Benny/29A
This GNU program is covered by GPL

No reports of infections have been received by SARC. This virus does not have
the ability to spread itself from the current drive and contains no payload,
thus it does not appear to be a high risk threat.



-- 
Gerard Keating              Tully
Fintrax Teo                 Ballinahown
Tel: +353 91 558205         Galway
Fax: +353 91 558222         Rep. of Ireland

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell