Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!bloom-beacon!tut.cis.ohio-state.edu!husc6!rice!titan!phil From: phil@titan.rice.edu (William LeFebvre) Newsgroups: comp.sys.amiga Subject: Re: Internet UNIX virus Message-ID: <2126@kalliope.rice.edu> Date: 9 Nov 88 19:21:48 GMT References: <13232@oberon.USC.EDU> <2954@sugar.uu.net> <10984@cup.portal.com> Sender: usenet@rice.edu Reply-To: phil@Rice.edu (William LeFebvre) Organization: Rice University, Houston Lines: 25 In article <10984@cup.portal.com> dan-hankins@cup.portal.com (Daniel B Hankins) writes: >Second, [Peter]'s absolutely correct about it >taking advantage of a gaping hole in sendmail. This makes it an EEV (Error >Exploiting Virus) as opposed to FEV (Feature Exploiting Virus). Quite correct. That particular worm will not be successful at penetrating any host that has applied the appropriate bug fix. Is there any "fix" of any kind that can prevent the SCA virus from penetrating an Amiga? No, because there is no bug to fix. All you can do is run a program like VirusX, treat all new (formatted) disks with suspicion, and pray (well, the third step is optional). Most Unix breakins are achieved by exploiting security holes (and there are many of them) or by guessing someone's password. Why? Because that's the easiest way to get in. HOWEVER: there is a way of infecting a Unix machine with a real virus (not a worm). And it doesn't exploit any bugs. And it's not Ritchie's trojan horse, either. But I won't tell you what it is. The good thing is that it would be very hard to get it started because almost all free software distributed in the Unix world is done so in source form. William LeFebvre Department of Computer Science Rice University