Here’s a repost of an entry I made on New Linux User.

ZDnet is reporting a Linux virus this morning. Since there are so few Linux virii out there in the wild, I immediately get suspicious when I hear of one. I investigated this virus and here are my thoughts on it:

First off, while everyone is indeed calling this a Linux virus, I must disagree.

The vulnerabilities that this virus attacks actually belong to three scripts, not the OS itself. Therefore, I really wouldn’t call this a Linux virus. That’s like calling a vulnerability in MS Word or Windows Skype a Windows virus. That’s just not correct.

As McAfee states:

This worm spreads by exploiting web servers hosting vulnerable PHP/CGI scripts.

It’s the scripts, not the OS.

I think people are calling it a Linux virus because these three scripts primarily run on Linux machines, however I’m pretty sure the AW stats plugin is a Wordpress plugin will therefore run on IIS if the Wordpress installation it is plugged into is running on IIS. That’s just speculation on my part, though.

There are many things inherent in GNU/Linux that make it very difficult for a virus to function which is the main reason why there’s virtually no GNU/Linux viruses out there. However, as the OS gains popularity, more people are going to start focussing on it and I expect we’ll see more viruses pop up. They won’t be nearly as destructive as Windows virii though.

You might remember show #17 with Mark Rais where we discussed GNU/Linux virii and security.

This entry was posted on Wednesday, November 9th, 2005 at 5:39 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.