Virus writers have crafted another example of malicious software that can infect computers running Windows or Linux.
The proof-of-concept was submitted to Russian antivirus company Kaspersky Lab, which calls it Bi.a. The virus was written in assembler code and is limited, as it only infects files in the current directory, Kaspersky said on Friday on its Web site. However, it can infect files in the different formats used by Linux and Windows — ELF and PE, respectively, Kaspersky said.
The virus is a classic proof-of-concept, written to show that it's possible to create a cross-platform virus, Kaspersky indicated. "However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code and adapt it for their own use," Kaspersky wrote.
That concern is shared by Swa Frantzen, who tracks incidents at the SANS Internet Storm Center, which monitors network threats. "The impact of the proof-of-concept at this point is very low in itself, but it is a sign the cross-platform aspects are becoming important," Frantzen wrote on the ISC blog. "As the developers of viruses continue to research this, we will see more cross-platform malware come about in the future."
Kaspersky has added detection for the malicious software to its antivirus databases.
Talkback
It can't get round file permissions though. Linux users tend to run email and web browsers as non privileged users. The default setup for a vast number of XP users is to have administrator permissions. The likelihood of finding a binary file an ordinary user can write to under Linux is vanishingly small. The chances of finding a Windows binary the administrator can write to is 100%.
App armour and SeLinux.
It is a good thing that these two technologies are appearing on the Linux scene right now.
The approach with virus scanners has always been to know what is bad. And if something is bad don't let it run or quarantine it.
App armour takes the opposite route. Know what is good and if you don't know it don't run it.
Most people do not use more than 50 applications regularly. There a thousands of viruses around. It is simple to scan a program to see if it is one of the fifty that you know is all right. Especially in comparison to scanning for known bad profiles.
App armour and SeLinux also enforce system privileges. E.g. when your office program starts formatting your disk because of a macro virus app armours will not allow this action.
Once again describing and enforcing good behaviour comes a lot closer to preventing misuse.
You might wish to see app-armour as a vault and virus scanning as the crime scene investigators. The vault makes crime more difficult decreasing the likelihood of occurrence. CSI catches the bad guys most of the time.
To conclude the upgraded security profiles on Linux will make the chance of virus infection smaller. This is extending the least required privilege concept. If you only listen to music don't allow this account to reformat disks. Windows vista will include hard user limits as most Unix systems have done for more than a decade. However, the security benefits of SeLinux and App armour will not be in vista (or is at least not announced as a feature to my knowledge).
Think of this when calculating the return of investment of your next upgrade...
Remember there will always be security failures. It is inherent in human endeavour. Banks still get robed but not as often as house burglary's. If your house is as difficult to rob as a bank but does not contain large sums of money it won't get robbed very often. Even thieves know the story of ROI.
Whoo is the creep responsible ..put a price on his head before it gets any futher advanced ..
Rebuttal: The Case of the Non-viral Virus:
http://tinyurl.com/ngwba
The article's caption and insinuations the proof of concept could infect any linux machine is just plain wrong.
Being written in assembly code means that even if it is run by the user, it is limited to a specific architecture.