Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) Newsgroups: comp.virus Subject: Unix viruses (UNIX) Message-ID: <0015.9104111306.AA01727@ubu.cert.sei.cmu.edu> Date: 10 Apr 91 20:59:37 GMT Sender: Virus Discussion List Lines: 38 Approved: krvw@sei.cmu.edu >From: spaf@cs.purdue.edu (Gene Spafford) > >First of all, Unix viruses are definitely possible, and they aren't >all that difficult to write. Entirely true, though it is more difficult to get one to spread in a properly implimented (managerial problem NOT technical) unix environment than in DOS. Given access, unix will take care of the structure of a file header, etc. provided the unix virus uses properly implimented high level calls. The low level stuff (under the OS) found in many DOS viruses is rather difficult to impliment. The unix access controls are adequate against this type of attack are adequate (viruses are possible but worms or spoofs are easier). Essence of next comment also From: ethan@thinc.COM (Ethan.Lish@THINC.COM) >So, the answer to the question of, is it possible to write a Unix >virus, is a definite "yes." It can easily be done as a shell script, >which makes it portable to any form of Unix... This is a possibility but the infection process would have to be a bit convoluted - a spoof would be simpler. You would have to invoke a "cut and paste" operation to infect other scripts and write or root access would be required. The main difficulty would be that script files are readable, kind of like patching AUTOEXEC.BAT in DOS & easy to detect (if anyone looks). Would also be limited to legal commands (annoying but not likely to be permanently destructive). In the VAX world, use of version numbers in file calls (does anyone else ?) would make such script spoofs more difficult. Key here is that "good" multi-user systems (e.g. unix) already have good defense mechanisms built in but rarely used. Warmly, Padgett