Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-04-07 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cross platform virus PoC

Published: 2006-04-07
Last Updated: 2006-04-07 22:44:30 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
Viruslist is reporting on a cross platform Proof of Concept (PoC) virus that works on both Linux and Windows machines. It is claimed to be capable of infecting both the linux ELF binaries and .exe's from windows.

The impact of the PoC at this point is very low in itself, but it is a sign the cross platform aspects are becoming important. As the developers of viruses continue to research this, we will see (more) cross platform malware come about in the future.

Even today websites sending exploits to their visitors tend to detect what browser/platform the visitor is using and send a matching exploit to install some malware and earn their quarter for each confirmed installation.

Planning ahead and also protecting the Linux, UNIX and Mac OS X, machines with anti-virus measures is a good thing to start on now if you haven't done so already.

For those thinking their "pet" computer is invulnerable to the virus threat: it's not. The vulnerability exploited by a virus is the ability of software to add or change other programs. All general purpose operating systems have that vulnerability to some degree.

Getting infrastructure that is fed signatures in an automated manner in place allows you to shorten the time needed to respond, even if the specific platform isn't targeted today. Since anti-virus measures are mostly reactive in nature, anything that makes your reactions faster is good.

Updates, clarifications:
  • We know about the sadmin worm. It was cross platform between Solaris and Windows. Although there is a technical difference between a worm and a virus.
  • Not running about as "root" or "Administrator" surely helps to protect your computer, but it does not and will not remove the ability of viruses to propagate to what you have access to. Only if you limit the user to have any change rights to all possible programs (including scripts and the like), will you be technically safe from viruses. Such a setup isn't likely to be usable on a general purpose computer anymore ... But if you can you might have a winner for protection against pure viruses.
    There are no patches against viruses.

--
Swa Frantzen - Section 66
Keywords:
0 comment(s)

phpBB 2.0.20 upgrade time

Published: 2006-04-07
Last Updated: 2006-04-07 22:29:23 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
phpBB, a popular forum has released version 2.0.20 on this Friday.

There are a number of security issues fixed and due to the past interest of the bad guys, upgrading is highly recommended.

Upgrading consists of a number of phases:
  • copy your content to safeguard it;
  • carefully patch your files:
    • Take care with added or changed templates (only subSilver gets patched automatically);
    • Take care with any mods you might have on your board.
  • copy the contrib and install directories;
  • run the upgrade php script to upgrade the database through the browser;
  • remove the contrib and install files;
  • test.
I'd suggest to look at turning on the CAPTCHA test, I had problems with it before, but it now seems to be finally working properly.

Another thing you might want to do is to remove the memberlist.php references in the templates and chmod 0 that file. All those subscribers that don't post anything but have links in their profile to adult content get a bit less encouragement that way. It might trigger them to post spam so you can ban them.

--
Swa Frantzen - Section 66
Keywords:
0 comment(s)
Diary Archives