David Skoll Bio    Free Software    Articles & Presentations    Signatures & Privacy    Careers   
Home > About > Articles

First Entry

The first entry in my challenge to infect my Linux desktop machine came from Roberto Antonio Ferreira de Almeida. Here is his devilishly clever entry:

From: Roberto Antonio Ferreira de Almeida
Date: Fri, 7 Dec 2001 11:17:10 -0200
To: dfs@roaringpenguin.com
Subject: Hi

In order to get your advice, I ask you to do the following:

   1. Type:

      su -c "touch /etc/VIRUS-WAS-HERE"
      echo "Hi" | mail -s "I GET THE PRIZE" dfs@roaringpenguin.com
      echo "Hi" | mail -s "I GET THE PRIZE" postmaster@roaringpenguin.com

   2. That's it!

Thank you for your cooperation!


Note the extremely clever nature of the virus: The request was written in a friendly tone, all the better to force a social engineering attack. The attack required only two steps, thereby making it much more likely to succeed.

In fact, if I had not been so flustered by this clever virus and momentarily forgotten my system's root password, it could very well have succeeded.

In order to protect innocent Linux users from this virus, I am recommending that McAfee, Trend Micro and all the other anti-virus vendors immediately release products for Linux, and in particular, block all e-mail with the words "su", "touch", "echo", "mail", and "Hi" in them. Consider those my contribution to the first Linux Virus Signature Database.

On to Entry 2

David F. Skoll

  Copyright © 2004 Roaring Penguin Software Inc.         Legal Notices