March 29, 2001, 4:08 PM — A NEW FIRST-OF-ITS-KIND "proof of concept" virus capable of infecting applications on systems running either Linux or Microsoft's Windows features more bark than bite, security experts said on Wednesday, noting that the spreading-impaired virus is not a threat to users at this time.
However, the potential does exist for future damage or increased Linux virus discoveries as the Linux operating system gains in popularity.
Anti-virus software manufacturers are reporting the appearance of the first virus to infect applications on systems running either Linux or Microsoft's Windows -- although it presents little danger, they said.
The virus, known variously as W32.Winux, Linux.PEElf.2132, Linux.Winux, or W32/Lindose, is carried in Linux or Windows executable files, and when an application infected with it is run, it spreads to other executable files in the same or adjacent directories in the file system.
The virus originated in the Czech Republic, according to anti-virus software vendor Central Command, which said in a statement Tuesday that it has an update to its AVX software available that can identify the virus.
Unlike viruses such as Loveletter or Melissa, the Winux virus makes no attempt to spread itself by e-mail. Implementing such a function in a way that would run on both Linux and Windows systems represents a major challenge to virus writers, according to André Post, senior researcher at the Symantec anti-virus research center in the Netherlands. However, the virus can still be spread by users unwittingly sending infected applications such as animations as e-mail attachments.
The biggest risk is if the virus manages to infect a file in a shared directory on a server, Post said.
He described Winux as a "proof of concept," not a serious threat, but nevertheless Symantec also is working on an update for its virus scanning software that will detect the virus.
Because it is such a slow spreader, the chances of the Winux virus reaching a Linux server are remote, Post said, although it could possibly infect Linux applications on dual-boot systems with both Windows and Linux operating systems installed, even if the Linux operating system is not running at the time.
"As we see Linux gain marketshare and become very popular, we will see it become more popular among virus writers," said Steve Gottwals, director of product marketing for Hefinski, Finland-based F-Secure.
He added, "It really depends on the functionality that comes along with Linux. As soon as we add functionality to any system, we increase its likelihood to vulnerabilities. We've seen this in the Java world, we've seen it in the Windows world, and we're starting to see it in wireless as a more powerful OS makes its way onto handhelds."
Gottwals said virus writers may be tempted to build on Lindose using malicious code tools and technique and target Linux more easily now that the OS has proved to be vulnerable. "It's certainly a pattern we've seen in the past. We've seen a new virus originate on Windows platform, then we've seen loads of variants on that virus. People do tend to use it as stepping stones, and that's unfortunate," he said.
An analyst also said he expects more Linux viruses.
"I think as the growth rate or the adoption of Linux increases, you'll see more and more viruses written for the Linux platform," said Brian Burke, research analyst for Internet Security at Framingham, Mass.-based IDC. Sincce the virus did not necessarily have a destructive nature, Burke said he believed the virus may have been created not for the intention of spreading but rather as proof that such a virus could be built and delivered across multiple OSes.
"This proves that the concept is there. [Lindose] crosses multiple platforms which is something [Linux users] didn't think can be done," Burke said.
