Nick Murtagh wrote:
> Frank Boehme wrote:
>>> * Convince the victim to unpack and execute binary mail attachments
>>> That's easy if the users aren't security conscious. Most windows
> users aren't. The assumption is that most linux distribution users
> are, but that won't be true forever.
>>> * Do all this without write access to /etc. We are not root.
>>> We can get root with a local exploit. There have been a few of these
> discovered recently. There are probably lots of vulnerable linux
> desktops out there at the moment.
You know there might actually be a good system hiding in here waiting to
Install the LiDoom package which contains the lidoom program.
The LiDoom site maintains a suite of "virus" in two groups:
1. Programs that spoof emails
2. Programs that attempt to get root
Set up cron jobs to test each type as you wish.
The payload of type 1 is simply an email injected into the active local
email users accounts (including people using pop/imap clients) which has
an attachment which if run will tell the system admin that this user ran
the attachment! These could get smeaky and use your sent emails to
create a spoof email reply from someone with the attachment, or they
could produce radom junk or .....
The payload of type 2 is to email the administrator to tell them that
they are vulnerable to the exploit used!
The devil is in the detail, but I for one would love as an administrator
to be able to slap my users hands for being victims of social
engineering, and having an automated check from a trusted source of
whether you are vulnerable or not to exploits would outway the fact that
it would be supplying exploits to the crackers.
What am I missing?
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!