[ILUG] Porting MyDoom to Linux

[Rick Moen]

Quoting Nick Murtagh (nickm at go2.ie):

> Frank Boehme wrote:
> >* Convince the victim to unpack and execute binary mail attachments
> 
> That's easy if the users aren't security conscious. Most windows
> users aren't. The assumption is that most linux distribution users
> are, but that won't be true forever.

Here's an experiment for you:  Pretend you're such a user.  Send
yourself a "hello world" executable attached to a mail.  Count the steps
required to run it, given your choice of MUA.

With a typical MUA, you're obliged to (1) save it to /tmp (or
elsewhere), (2) "chmod u+x" it (because the MUA saves it without the
executable bit), and then (3) "./hello" to run it.

If you can find any counterexamples, please let the Linux community
know, so we can severely LART the author until he fixes his deficiently
designed program.

(Recitations of inventive ways in which users can go out of their way to
shoot themselves in the foot, with or without WINE/VMware, etc., will be
considered tedious ignoring of the point and will be ignored.)

> We can get root with a local exploit.

You know what I tell people who get bitten by fixable exploits that
they've stupidly failed to fix?  "Gee, that's an ugly hole you've shot
in your foot.  Would you like help learning how to aim elsewhere?"  The
fact that the bullet was malware-tipped is rather irrelevant to the
fundamental cause, which was insufficient admin education and diligence.

We in the Linux community have cures for insufficient admin education
and diligence.  Or people can learn from Papa Darwin, if they prefer.
The latter will receive scant sympathy, though.

-- 
Cheers,                                     SPAM SPAM SPAM SPAM!         
Rick Moen                                   SPAM SPAM SPAM SPAM!    
rick at linuxmafia.com              (_Nobody_ expects the Spammish Repetition!)