EXPLAIN: What’s Up With this Linux Virus in the News Today?
ZDnet is reporting a Linux virus this morning. Since there are so few Linux virii out there in the wild, I immediately get suspicious when I hear of one. I investigated this virus and here are my thoughts on it:
First off, while everyone is indeed calling this a Linux virus, I must disagree.
The vulnerabilities that this virus attacks actually belong to three scripts, not the OS itself. Therefore, I really wouldn’t call this a Linux virus. That’s like calling a vulnerability in MS Word or Windows Skype a Windows virus. That’s just not correct.
This worm spreads by exploiting web servers hosting vulnerable PHP/CGI scripts.
It’s the scripts, not the OS.
I think people are calling it a Linux virus because these three scripts primarily run on Linux machines, however I’m pretty sure the AW stats plugin is a Wordpress plugin will therefore run on IIS if the Wordpress installation it is plugged into is running on IIS. That’s just speculation on my part, though.
edit: as James points out in the comments section below, AW stats is not a WP plugin. Thanks, James!
There are many things inherent in GNU/Linux that make it very difficult for a virus to function which is the main reason why there’s virtually no GNU/Linux viruses out there. However, as the OS gains popularity, more people are going to start focussing on it and I expect we’ll see more viruses pop up. They won’t be nearly as destructive as Windows virii though.
This incident did remind me to create an entry on exactly why it’s so hard to infect a GNU/Linux machine with a virus. I’m on it….
Edit: I did a show with Mark Rais from Really Linux on GNU/Linux virii and security. If you’re interested, you can get it here.
Related Stories
POSTED IN: Explanation
3 opinions for EXPLAIN: What’s Up With this Linux Virus in the News Today?
James Maskell
Nov 13, 2005 at 7:21 am
AWStats isnt a WordPress plugin, it’s a website statistics package that generates it’s stats by reading the raw Apache log.
Jon
Nov 13, 2005 at 9:06 am
Hi James,
Yeah…crap! Someone clarified this for me on another mailing list that I’m on. I meant to come back here and fix up this entry, but I just plain old forgot.
Me fix now.
Thanks for reminding me!
J
Free Software Blog » Blog Archive » New worm targets Linux systems or does it
Jan 4, 2006 at 6:15 am
[…] ZDNet reports a new worm for linux systems. Since I was busy yesterday, I saw about this only today. The vulnerabilities that this virus attacks actually belong to three scripts, not the OS itself. Therefore, I really wouldn’t call this a Linux virus. That’s like calling a vulnerability in MS Word or Windows Skype a Windows virus. […]
Have an opinion? Leave a comment: