Path: utzoo!attcan!uunet!husc6!rutgers!apple!bloom-beacon!oberon!pollux.usc.edu!papa From: papa@pollux.usc.edu (Marco Papa) Newsgroups: comp.sys.amiga Subject: Re: Internet UNIX (BSD) virus Keywords: UNIX, BSD. Virus, worm Message-ID: <13280@oberon.USC.EDU> Date: 6 Nov 88 21:07:30 GMT References: <13232@oberon.USC.EDU> <2954@sugar.uu.net> Sender: news@oberon.USC.EDU Reply-To: papa@pollux.usc.edu (Marco Papa) Organization: Felsina Software, Los Angeles, CA Lines: 63 In article <2954@sugar.uu.net> peter@sugar.uu.net (Peter da Silva) writes: >In article <13232@oberon.USC.EDU>, papa@pollux.usc.edu (Marco Papa) writes: >> This is dedicated to all the guys that claimed that "UNIX is much more >> secure than the Amiga" with regard to viruses. >> -- Marco Papa 'Doc' > >You claiming responsibility, Marco? (not serious here, folks) I am not claiming anything. A "dedication" is a dedication, that's it. >First of all, the channel of infection is a gaping hole in sendmail that >isn't typical of UNIX mail systems. It din't use just a hole in BSD sendmail, but also a hole in fingerd and included a very knowledgeable password guessing program, all put together. The password guessing program is general purpose, not BSD dependednt. If changed just a little bit, it could have been almost undetectable, and if it had ben changed just a little more, it could have been devastating. >Finally, the virus was way more complex than any PC or Amiga virus needs to be. >The typical PC or Amiga virus is a couple of hundred bytes long... and it's >got complete access to the whole system... on any PC. This virus had a couple >of hundred lines of prelude code, and was only able to infect a small fraction ^^^^^ >of the machines available to them... Tell that to the people at Stanford, with (over 2000 machines infected) or to the folks at CalTech, UCLA, USC, Berkeley, MIT, Lawrence Livermore, which have had similar numbers of machines infected. The latest count is that over 6000 UNIX BSD hosts have been infected. People have stayed up for 2 nights all over the US to "manually" eradicate all the instances of the virus and many are still at work on it right at this moment. Try to guess how much money was lost in man-hours (and this was fortunately a "sort of benign" virus). > and a simple reboot would clear it out. ^^^^^^^^^^^^^ Bullshit! Get your facts. Read ...43-bugs or whatever that usergroup is called for the details on how to kill the virus once and for all. >I'm not saying, and I've never said, that UNIX is uninfectable. Just that it's >a LOT harder to build a sucessful virus... that wouldn't be as sucessful as a >simpler virus on an unprotected single-use system. This one is everything >I've claimed a UNIX virus would be: highly complex, relatively limited in >scope, easily killed and guarded against. ^^^^^^^^^^^^^ "Easily" killed doesn't mean much. I can assure you that in $$$$$, this virus was much more costly that ANY of the Amiga viruses combined. And as you probably know, a student at Cornell did this one. Just wait until organized crime gets into this business. >I expect there will be more. I don't expect anything as virulent as the Byte ^^^^^^^^ >Bandit or Brain virus. You ain't seen nothing, yet. Good luck on your dreams. -- Marco Papa 'Doc' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= uucp:...!pollux!papa BIX:papa ARPAnet:pollux!papa@oberon.usc.edu "There's Alpha, Beta, Gamma and Diga!" -- Leo Schwab [quoting Rick Unland] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=