LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Porting MyDoom to Linux

[ILUG] Porting MyDoom to Linux

NW Dublin linux at esatclear.ie
Tue Feb 3 17:32:53 GMT 2004 

Nick Murtagh wrote:

> Frank Boehme wrote:
>
>> * Convince the victim to unpack and execute binary mail attachments
>
>
> That's easy if the users aren't security conscious. Most windows
> users aren't. The assumption is that most linux distribution users
> are, but that won't be true forever.
>
>> * Do all this without write access to /etc. We are not root.
>
>
> We can get root with a local exploit. There have been a few of these
> discovered recently. There are probably lots of vulnerable linux
> desktops out there at the moment.
>
>
> Nick


You know there might actually be a good system hiding in here waiting to 
get out!

Install the LiDoom package which contains the lidoom program.
The LiDoom site maintains a suite of "virus" in two groups:
    1.   Programs that spoof emails
    2.   Programs that attempt to get root
Set up cron jobs to test each type as you wish.

The payload of type 1 is simply an email injected into the active local 
email users accounts (including people using pop/imap clients) which has 
an attachment which if run will tell the system admin that this user ran 
the attachment!   These could get smeaky and use your sent emails to 
create a spoof email reply from someone with the attachment, or they 
could produce radom junk or .....

The payload of type 2 is to email the administrator to tell them that 
they are vulnerable to the exploit used!

The devil is in the detail, but I for one would love as an administrator 
to be able to slap my users hands for being victims of social 
engineering, and having an automated check from a trusted source of 
whether you are vulnerable or not to exploits would outway the fact that 
it would be supplying exploits to the crackers.

What am I missing?

Niall

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell