First virus to infect Windows, Linux apps appears
A NEW FIRST-OF-ITS-KIND "proof of concept" virus capable of infecting applications on systems running either Linux or Microsoft's Windows features more bark than bite, security experts said on Wednesday, noting that the spreading-impaired virus is not a threat to users at this time.
However, the potential does exist for future damage or increased Linux virus discoveries as the Linux operating system gains in popularity.
Anti-virus software manufacturers are reporting the appearance of the first virus to infect applications on systems running either Linux or Microsoft's Windows -- although it presents little danger, they said.
The virus, known variously as W32.Winux, Linux.PEElf.2132, Linux.Winux, or W32/Lindose, is carried in Linux or Windows executable files, and when an application infected with it is run, it spreads to other executable files in the same or adjacent directories in the file system.
The virus originated in the Czech Republic, according to anti-virus software vendor Central Command, which said in a statement Tuesday that it has an update to its AVX software available that can identify the virus.
Unlike viruses such as Loveletter or Melissa, the Winux virus makes no attempt to spread itself by e-mail. Implementing such a function in a way that would run on both Linux and Windows systems represents a major challenge to virus writers, according to André Post, senior researcher at the Symantec anti-virus research center in the Netherlands. However, the virus can still be spread by users unwittingly sending infected applications such as animations as e-mail attachments.
The biggest risk is if the virus manages to infect a file in a shared directory on a server, Post said.
He described Winux as a "proof of concept," not a serious threat, but nevertheless Symantec also is working on an update for its virus scanning software that will detect the virus.
Because it is such a slow spreader, the chances of the Winux virus reaching a Linux server are remote, Post said, although it could possibly infect Linux applications on dual-boot systems with both Windows and Linux operating systems installed, even if the Linux operating system is not running at the time.
"As we see Linux gain marketshare and become very popular, we will see it become more popular among virus writers," said Steve Gottwals, director of product marketing for Hefinski, Finland-based F-Secure.
He added, "It really depends on the functionality that comes along with Linux. As soon as we add functionality to any system, we increase its likelihood to vulnerabilities. We've seen this in the Java world, we've seen it in the Windows world, and we're starting to see it in wireless as a more powerful OS makes its way onto handhelds."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
