HOME    ABOUT    NEWS    PRODUCTS    LINKS    CONTACT    SEARCH   
 
  ABOUT  
 David Skoll Bio    Free Software    Articles & Presentations    Signatures & Privacy    Careers   
 
Home > About > Articles

Second Entry

The second entry in my challenge to infect my Linux desktop machine came from Michael Maxwell. Here's his entry: 

From: "Maxwell, Michael"
To: "'dfs@roaringpenguin.com'" 
Subject: EZIRP EHT TEG I

*** FOR IMMEDIATE RELEASE ***

VIRUS ALERT
I have discovered the first known mutation of the "Hi" Linux virus. 
This particular variant increases the annoyance factor by exploiting
a known vulnerability in the system's password database.

WORKAROUND
Deinstall Linux immediately!

SOURCE
The source code for this virus has been obtained!  I have included it
below:

From: Dialtone
Date: Tue, 11 Dec 2001 11:17:10 -0200
To: dfs@roaringpenguin.com
Subject: Hi

In order to get your advice, I ask you to do the following:

   1. Setup a root crontab to run this every hour:

      #!/bin/sh
      touch /etc/VIRUS-WAS-HERE
      for u in `awk '{print $1}' < /etc/passwd`; do
          echo "Hi" | mail -s "EZIRP EHT TEG I" $u
      done
      echo "Hi" | mail -s "EZIRP EHT TEG I" dfs@roaringpenguin.com

   2. That's it!

Thank you for your cooperation!

Dialtone

Now I'm very worried. The virus has somehow mutated, and furthermore, by getting itself installed in crontab, it keeps propagating itself over and over and over...

I am calling even more loudly for McAfee, Trend Micro and all the other anti-virus vendors to get to work on these dastardly Linux viruses! Please, O Great Anti-Virus Vendors, put your amazing brains and stupendous technology together and stop these mutating Linux viruses at once!

Back to Entry 1   On to Entry 3

David F. Skoll

  Copyright © 2004 Roaring Penguin Software Inc.         Legal Notices