Next Previous Contents

18. Viruses and Worms

Let us call "worm" a program that multiplies without human interaction, probably using some vulnerability that can be triggered remotely. Let us call "virus" a program that spreads in executables or via email.

18.1 Aggie

Aggie Email Virus

You have just received the Aggie Virus! Because we don't know
how to program computers, this virus works on the honor system.
Please delete all the files from your hard drive and manually
forward this virus to everyone on your mailing list.
Thanks for your cooperation. 

18.2 Linux viruses

(Yes, in English the plural is viruses. In Latin there is no plural. This is a popular topic of discussion.)

Roughly speaking, Linux viruses do not exist. In Oct. 2003 The Register quoted There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory.

This lack of success is mainly caused by the difficulty of getting a virus to spread. Executing binaries found in the mail is not a normal thing to do in a Linux environment.

Also, wise users do not do their ordinary day-to-day tasks while logged in as root. Consequently, they cannot corrupt system files.

But one can try to create a file-infecting virus.

Desktop viruses

While the operating system itself seems relatively safe, the various desktops are much less safe. Several people have pointed out that .desktop files, or even files without extension that have the .desktop format will launch arbitrary code when double-clicked (under GNOME or KDE), even when their mode does not have any 'x' bit set. This means that in order to take over a user's machine it will often suffice to send him some file by email. (In case the protection is strengthened by requiring the file to be executable, as it is in some distributions, that is easily circumvented by mailing an archive. Unpacking that will also set the file modes. Moreover, this would also defeat a conceivable defense that restricted the directories from which desktop files can be executed.)

18.3 Mydoom

For the source of Mydoom.a, reportedly the largest virus ever, see

18.4 Stuxnet

Stuxnet was a virus presumably launched in order to damage Iran's uranium enrichment facilities. A very detailed writeup by Symantec. The binary is available on the net.

Next Previous Contents