./configure; make all; su root; make install... untar backups...
The major point that seems to have been missed (or possibly not known about)
is that virus' are popular on Window9x and DOS because there is so little else
that can be done with those OSes. With a Unix box, far more is possible, because there
is just more power to be used. Of far greater importance than deleting someone's files
is getting root shell access. Of course everyone is familiar with using an exploit
to gain remote access to a box, blah blah blah, but not everyone is aware of
another approach, "application based social engineering" (newly coined term, perhaps a better one exists?).
People seem to trust implicitly everything that they have to "./configure".
Were I an evil hacker with intentions of gaining a large number of shell accounts, I would
use Freshmeat. It has a large ammount of traffic and I am likely to get a huge cross section of
Unix users (including coveted Cable modem and DSL users :), so that would clearly be the prefered
route of infection.
I write "vi-rus", a neato app that does something innocous (maybe draw ascii pr0n).
I can expect most people to install it as root (all I need to do is put that in the README),
I have it email me `uname -a; ifconfig -a; ifconfig; netstat -a`, append a new line into
/etc/passwd (and possibly /etc/shadow), and next thing you know, a ton of shell accounts.
Very simple to perform, possibly a couple days of coding (I still need a real app for "cover")
It might be days before it is noticed that this isn't a legit app. The people at Frshmeat
would remove it, everyone would pat themselves on the back for their quick reaction time,
and I would keep my root shells :) Everyone is happy (well, almost everyone ;).
But, there are other attack methods with Linux that require less coding (i.e. "shorter time to market").
My tarball could contain a symlink to /etc/passwd, and then overwrite that file during the untaring proccess (see
Mixter's site for a proof of concept). I could just have the Makefile "rm -rf $HOME 2>1& >/dev/null ",
I could put that in the configure script, I could have my perl script application do that on the first run.
All these attacks require someone to trust that the package isn't malicious. As they say in the military: "its a target rich environment". These attacks don't even start to explore the .rpm or .deb
package formats (mostly because I don't know about them).
Finally, there do exist several Unix viruses,
Silvio Cesare is the world's leading expert (I would assume :). Indeed numerous means of infecting
ELF binaries exist (PLT redirection, DATA pad byte over writeing, etc.) it is foolish to think
that Linux will save you from viruses.
There are now way too many home users running Linux who think they are secure from viruses, but
have no idea what other horrors await them :)
Think twice before you su root and type "make install".
The iOpener (or what ever that hardware linux box was called ;)
Hasn't it been proven in the past that attempts to use proprietary hardware can be hacked?