Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: virus exploits Web 2.0 technology to cross platforms ..

____/ Jim on Tuesday 19 June 2007 11:41 : \____

> Doug Mentohl came up with this when s/he headbutted the keyboard a moment
> ago in comp.os.linux.advocacy:
> 
>> 'Badbunny .. was judged to pose little risk to anyone since it was not
>> believed to be propagating on the internet or "in the wild."'
>> 
>> 'The worm's ability to spread is aided by its use of components written
>> in scripting languages such as Javascript, Perl, Python and Ruby that
>> can operate across multiple operating systems — a cornerstone of
>> so-called Web 2.0 applications'
>> 
>> http://www.cbc.ca/technology/story/2007/06/11/badbunny-worm.html
>> 
>> I thought it was a worm and what the heck has Web 2.0 got to do with it.
>> This is total nonsense. The so called 'virus' or 'worm' requires user
>> interaction. Finally it requires logging in as root, something no self
>> respecting Linux user would do. So perhaps the reason the 'virus' failed
>> is not that it was filled with bugs but that it didn't work.
>> 
>> Scripting languages, perl for instance have been around long before Web
>> 2.0. So has mIRC, the same thing applies as to an Open Office macro
>> script, it is impossible to launch an IRC script without user action.
>> 
>> "Upon execution, it drops a Python script file to {Linux root
>> folder}\.badbunny.py, which is detected by Trend Micro as ELF_BADBUN.A"
>> 
>> "It also drops the Perl script {Linux root folder}\BadBunny.pl, which is
>> detected by Trend Micro as PERL_BADBUN.A, and executes it"
>> 
>>
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=XML_BADBUN.A&VSect=T
>> 
> 
> Came across this a couple weeks ago. It hit the headlines as the bad boy of
> openoffice "viruses", to which I scoffed and asked: why is Sophos the ONLY
> AV outfit to have actually detected this?

They are just picking on the big guy (security wise). Mac/Linux/OpenOffice
worms are not a dime a dozen. Some go as far as trying to attach the word
virus to a media player like the iPod. Hilarity ensues.

-- 
                ~~ Best of wishes

Roy S. Schestowitz      |    United States: #1 in spam export
http://Schestowitz.com  |    RHAT Linux     |     PGP-Key: 0x74572E8E
 09:05:01 up 3 days, 14:33,  4 users,  load average: 0.71, 0.81, 1.02
      http://iuron.com - Open Source knowledge engine project

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index