Gimmiv.A Worm - Ubuntu

This is a discussion on Gimmiv.A Worm - Ubuntu ; Is this any danger to Ubuntu? Thanks...

+ Reply to Thread
Results 1 to 17 of 17

Thread: Gimmiv.A Worm

  1. Gimmiv.A Worm

    Is this any danger to Ubuntu?
    Thanks

  2. Re: Gimmiv.A Worm

    > Is this any danger to Ubuntu?

    There's a reason you don't generally need to install a virus checker
    on a linux distrib - welcome to the world of (virtually) hack-proof
    computing :-)

    Be sure to worry about all your Windows enabled machines though :-p

  3. Re: Gimmiv.A Worm

    "Colin Wilson" wrote
    in message news:MPG.236efe22536908a5989a30@news.motzarella.or g...
    >> Is this any danger to Ubuntu?

    >
    > There's a reason you don't generally need to install a virus checker
    > on a linux distrib -


    Yeah---no one friggen uses it.
    Welcome to the world of Latin.
    Dead.
    Dead.
    Dead.
    Technology in stagnation is what linux stands for.
    Want an office programs that works...wait 10 years.
    Then say...where'd they go ?
    Absorbed by someone new?
    What do they specialize in ?
    Tee-shirts and coffee mugs ?
    Yuck!

    --
    Ens causa sui
    Fit caedes omnibus locis


  4. Re: Gimmiv.A Worm

    On Sun, 26 Oct 2008 14:50:50 -0600, Ray wrote:

    > Is this any danger to Ubuntu?
    > Thanks


    No danger at all. Gimmiv.A is a Windows-only trojan.
    http://www.sophos.com/security/analy...s-and-spyware/
    trojgimmiva.html

  5. Re: Gimmiv.A Worm

    Ray wrote:

    > Is this any danger to Ubuntu?


    No. It's Windows-specific, and this exploit is only possible because of
    stupid design decisions taken in the early days of the Windows NT kernel.
    This particular vulnerability was pointed out to MS back in 2002, but ignored
    until it was abused (for at least 2 years) "in the wild". It's more
    difficult to exploit in Vista, but the average user will just "click-through"
    the dialogue boxes that are generated by the bogus "security" features.

    > Thanks


    You're welcome. You'll discover that all the malware "out there" is entirely
    Windows-specific.

    C.

  6. Re: Gimmiv.A Worm

    Bill Baka wrote:

    > I do wonder if any of those sites could have a zero-day
    > virus and not know it. I have heard of the "Drive by" infections and
    > wonder if they could somehow kill FF when I am in there.


    Only in Windows. It's a bit like the old joke about the "Canadian Virus" that
    says "I'm a Canadian Virus. Will you /please/ delete a few random files for
    me?". In Linux, Unix or BSD, you have to have /administrative/ access to
    change things (apart from your /own/ files), so malware is simply not going
    to happen.

    C.


  7. Re: Gimmiv.A Worm

    Christopher Hunter wrote:
    > Bill Baka wrote:
    >
    >> I do wonder if any of those sites could have a zero-day
    >> virus and not know it. I have heard of the "Drive by" infections and
    >> wonder if they could somehow kill FF when I am in there.

    >
    > Only in Windows. It's a bit like the old joke about the "Canadian Virus" that
    > says "I'm a Canadian Virus. Will you /please/ delete a few random files for
    > me?". In Linux, Unix or BSD, you have to have /administrative/ access to
    > change things (apart from your /own/ files), so malware is simply not going
    > to happen.
    >
    > C.
    >

    I'm finding that to be very true in Ubuntu Hardy. Even though I log in
    with administrator by default since nobody else uses my computer Hardy
    still asks me for my password when I do anything to the system. Since it
    has that level of security I am feeling secure in Hardy and really want
    the release in 3 days of Intrepid.
    On a side note I found that FireFox comes up in about 4 seconds as
    compared to windows "Don't bother me now." 30 plus seconds.
    Bill Baka

  8. Re: Gimmiv.A Worm

    Christopher Hunter wrote:

    > Günther Schwarz wrote:
    >
    >> Christopher Hunter wrote:
    >>
    >>> You'll discover that all the malware "out there" is entirely
    >>> Windows-specific.

    >>
    >> I take it that you do not run a web server?

    >
    > Yes I do Many servers.
    >
    >> Otherwise you might know that the most threatening things out there
    >> are targeted towards Posix machines.

    >
    > Nonsense. *All* malware is targeted to /Windows/ machines. I never
    > "run" Windows, so it's not a problem.


    Good luck with that attitude. SQL injection and PHP exploits will work
    as nicely on your servers as on ones running a different OS. The final
    target might be the Windows system of visitors of your sites, but the
    distribution via compromised web sites is not bound to that specific
    OS.

    Günther

  9. Re: Gimmiv.A Worm

    >> Is this any danger to Ubuntu?
    >
    > There's a reason you don't generally need to install a virus checker on
    > a linux distrib - welcome to the world of (virtually) hack-proof
    > computing :-)
    >
    > Be sure to worry about all your Windows enabled machines though :-p


    Which raises a question. I use the Wubi install on a WinXP system. Do I
    need to boot to Windows every so often, update my virus protection, and
    scan my machine?

  10. Re: Gimmiv.A Worm

    Günther Schwarz wrote:

    > Good luck with that attitude. SQL injection and PHP exploits will work
    > as nicely on your servers as on ones running a different OS.


    It's simply /not/ an issue. I have yet to see a SQL injection exploit
    that /actually/ /works/ - there are plenty of scare stories from the
    anti-virus snake-oil salesmen, but no *real* ones "in the wild".

    > The final target might be the Windows system of visitors of your sites,
    > but the distribution via compromised web sites is not bound to that
    > specific OS.


    All the commercial sites we host have specific warnings and disclaimers to the
    effect that Windows users are at risk, and as such the use of Windows is
    discouraged. Some of the /web/ /applications/ we run refuse actively
    connections from Windows machines (some Windows idiots sometimes try to spoof
    their user agent strings, but they never succeed).

    The more we explain to clients that Windows is just a poor, proprietary client
    for a Unix world, the more Linux installations we do. Many major
    corporations are moving away from Windows, and enjoying the benefits of
    increased stability, security and reduced licencing costs.

    C.



  11. Re: Gimmiv.A Worm

    Gnther Schwarz wrote:

    > Good luck with that attitude. SQL injection and PHP exploits will work
    > as nicely on your servers as on ones running a different OS. The final
    > target might be the Windows system of visitors of your sites, but the
    > distribution via compromised web sites is not bound to that specific
    > OS.


    Are we now comparing apples and oranges? Is it reasonable to assume that
    the OP's question related to a desktop linux machine? If so why are we now
    discussing web servers? A desktop machine may or may not be running a web
    server, though not is more likely, and it is reasonably unlikely that it
    will be accessable from the internet if it does.

    I just feel that this thread can be read such that there is an implicit
    argument (probally not intended) that linux machines must be vulnerable to
    SQL injection (as webservers) compared to windows machines that are not
    vulnerable (as desktops). This of course is not a fair comparison for
    several reasons.

    Pete

    --
    http://www.petezilla.co.uk

  12. Re: Gimmiv.A Worm

    Christopher Hunter wrote:
    > Günther Schwarz wrote:
    >
    >> Good luck with that attitude. SQL injection and PHP exploits will work
    >> as nicely on your servers as on ones running a different OS.

    >
    > It's simply /not/ an issue. I have yet to see a SQL injection exploit
    > that /actually/ /works/ - there are plenty of scare stories from the
    > anti-virus snake-oil salesmen, but no *real* ones "in the wild".


    The issue is *not* whether there is or is not a real, current, actual
    threat, but the question is whether there exists the possibility of an
    exploit even on Linux and whether Linux users should be vigilant.
    And, IMHO the answer is "no, there is no real, current, actual threat
    and Linux is designed such that a serious infection is highly unlikely
    but Linux users should be vigilant nonetheless".

    Josef
    --
    These are my personal views and not those of Fujitsu Siemens Computers!
    Josef Möllers (Pinguinpfleger bei FSC)
    If failure had no penalty success would not be a prize (T. Pratchett)
    Company Details: http://www.fujitsu-siemens.com/imprint.html

  13. Re: Gimmiv.A Worm



    "Jeffrey Needle" wrote in message
    news:1vNNk.3696$W06.1125@flpi148.ffdc.sbc.com...
    >>> Is this any danger to Ubuntu?

    >>
    >> There's a reason you don't generally need to install a virus checker on
    >> a linux distrib - welcome to the world of (virtually) hack-proof
    >> computing :-)
    >>
    >> Be sure to worry about all your Windows enabled machines though :-p

    >
    > Which raises a question. I use the Wubi install on a WinXP system. Do I
    > need to boot to Windows every so often, update my virus protection, and
    > scan my machine?


    Just make sure you don't mount your windows volumes RW and they can't be
    infected unless its a linux virus that knows how to remount the volumes.


  14. Re: Gimmiv.A Worm

    > > Be sure to worry about all your Windows enabled machines though :-p
    > Which raises a question. I use the Wubi install on a WinXP system. Do I
    > need to boot to Windows every so often, update my virus protection, and
    > scan my machine?


    Only for the windows files.

  15. Re: Gimmiv.A Worm

    > "Jeffrey Needle" wrote in message
    > news:1vNNk.3696$W06.1125@flpi148.ffdc.sbc.com...
    >>>> Is this any danger to Ubuntu?
    >>>
    >>> There's a reason you don't generally need to install a virus checker
    >>> on a linux distrib - welcome to the world of (virtually) hack-proof
    >>> computing :-)
    >>>
    >>> Be sure to worry about all your Windows enabled machines though :-p

    >>
    >> Which raises a question. I use the Wubi install on a WinXP system. Do
    >> I need to boot to Windows every so often, update my virus protection,
    >> and scan my machine?

    >
    > Just make sure you don't mount your windows volumes RW and they can't be
    > infected unless its a linux virus that knows how to remount the volumes.


    Shall do -- thanks!

  16. Re: Gimmiv.A Worm

    >> > Be sure to worry about all your Windows enabled machines though :-p
    >> Which raises a question. I use the Wubi install on a WinXP system. Do
    >> I need to boot to Windows every so often, update my virus protection,
    >> and scan my machine?

    >
    > Only for the windows files.


    Thanks.

  17. Re: Gimmiv.A Worm

    Peter Chant wrote:

    > Gnther Schwarz wrote:
    >
    >> Good luck with that attitude. SQL injection and PHP exploits will
    >> work as nicely on your servers as on ones running a different OS. The
    >> final target might be the Windows system of visitors of your sites,
    >> but the distribution via compromised web sites is not bound to that
    >> specific OS.

    >
    > Are we now comparing apples and oranges? Is it reasonable to assume
    > that
    > the OP's question related to a desktop linux machine? If so why are
    > we now
    > discussing web servers?


    Well, I replied to the strong statement that everything out there is
    only targeted on Windows installations. That is IMHO a dangerous and
    lightheaded statement. Linux, though it does not suffer from some basic
    design flaws and silly stuff like autorun.exe as Windows, is not secure
    by design. If one wants a secure OS it has to be redone from scratch.
    And then this will be very much different both in hardware in software
    to what is known today as the Personal Computer as a Universal Machine
    used for managing the bank account, connecting to the employers
    network, digging the spam folders, and watching porn at the very same
    time.

    > I just feel that this thread can be read such that there is an
    > implicit argument (probally not intended) that linux machines must be
    > vulnerable to SQL injection (as webservers) compared to windows
    > machines that are not
    > vulnerable (as desktops). This of course is not a fair comparison for
    > several reasons.


    Yes, of course. This thread is messed up anyways, so I will stop here.

    Gnther

+ Reply to Thread