Survival Time for Unpatched Systems Cut by Half
Brian Kelsay
bkelsay at comcast.net
Thu Aug 19 02:43:54 CDT 2004
Brian Densmore wrote:
> So I guess the pertinent question is, are Linux IM clients susceptible
> to this kind of <spellingnazi> virii </spellingnazi>? That is of course
> assuming some enterprising young cracker writes one for Linux systems?
> Of course if I was a cracker, I'd write cross-platform virii, and have friendly
> download pop-ups letting the user choose the proper poison pellet.
>
I would say it is somewhat vulnerable in that the same ports must be
open for clients on the same network. BUT the method of attack is the
sticker. In Monty's case, if your client is set to allow anyone to send
you a message or if you accept messages from people in your list and one
of those is an infected Winders user, then yes you might get the popup
msg. Then if you were dumb enough to click on the web link it would
launch your browser to that site. At the time that it tries to install
the plugin, if one is avail. for the Linux browser, it might install.
If the user is not allowed to install programs or plugins (winders or
Linux), then the plugin is dead. On Winders though, if they use a web
based IE exploit, one of the many, many buffer overflows or cli access
exploits, then the attacker can get elevated privileges and root access.
You're dead. The plugin would have to have dual payloads to get both
windows and Linux. This is why you don't run as root. If you put your
user ID in the root group, you're asking for it. I'd say that Java or
flash, possibly C payloads could be delivered in this manner and have
code to distinguish what environment they are in.
----------------------------------------------
Somewhere there is a village missing an idiot.
More information about the Kclug
mailing list