Have you ever been wondering why there aren't many viruses and remote administration trojans? (in fact there are less than 10 viruses, and you can protect yourself without the need for any anti-virus software. and I don't know about remote administration trojans, but as of this moment, Windows has over 1,000 remote administration trojans... check the chart at moosoft.com!) Here's a log from a spontaneous IRC lecture that I held at BSRF's IRC channel (see blacksun.box.sk/irc.html for more information. BSRF's homepage can be found at blacksun.box.sk). hey rav hi everyone! i'm in a good mood and i tried to nmap him hey raven Raven: nice :D therefore i'm gonna do a spontaneous irc lecture! <_quato_> salutations and respect to raven yeahh can i join ya? :D i have to wait for someone to show up first <_quato_> cool his name is protoss :)) he'll be here in a sec somebody log this please oh... protoss... :D <_quato_> whats the lecture about i'm loggin. --> blade (zruya@212.179.141.110) has joined #bsrf hey Raven: why don't you log it also? i'm getting openbsd ;) blade: good 4 you but i prefer freebsd <_quato_> me too --> Cypher (r_T_s@cloaked.rlz.netvision.net.il) has joined #bsrf kript0n i have a logging module for bitchx but so far, i tried to use it three times use sdtdin :D =)) it only worked in the first time the second time i mistyped the command to load the module and i thought it was running for the whole time and it wasnt :D hhehee the third time, i don't remember what happened that roks =) anyway i think it's jinxed <_quato_> cool hey soo Raven... it will be 'bout...? what lecture? the command is /load something.mod, i think it's bxlog04.mod, lemme check... --> ZhorTroX (~zhortrox@k1hi415.dial.kabelfoon.nl) has joined #bsrf now where did i put that module... ohh btw protoss won't be showing up ok who's logging? * kript0n looks under the table no mod here <-- Maveric has quit (Leaving) i am lol anybody else? :D lecture ? <_quato_> me me :D blade, a spontaneous one Raven: many backups :) i'm in a good mood :-) what is the lecture about? yeah, it was bxlog2.0.bx that was the name of the module ok start your loggers people!! i'm allways loggin0 i'm allways loggin'. -------------------------- start start Why are there so little viruses / remote administration trojans for Unix/Linux ============================================================================== :-) hello there and welcome to a new lecture by Raven :D * ZhorTroX smiles this is CNN :) yeah yeah thank you and SHUT UP!!!!!! :-) hehehehe so anyway heh before we start... i'd like to hold a little discussion * ZhorTroX sighs oh yeahhhhh Why do people create viruses? <_quato_> oh cool cause they are bored 1) dumbasses! 2) nothing to do <_quato_> im braindead they are bored nonono this isn't the attitude people 3) test knowledge Out of boreddom ;) REVENGE!! dumbasses that have nothing to do to hurt otherz nonono there's another reason nope.... <_quato_> ok the discussion!!! not to hurt... people create viruses mainly because they have a mental sickness that most people have some people take it out in real life to impress people! others create viruses ZhorTroX, no this sickness is called: hehe stress Popularity Delusions and the Madness of Crowds :D revenitus what about <_quato_> virus writing is not out of stress --> cika_mark (asddsa@i225.ppp-bg.sezampro.yu) has joined #bsrf i don't know about the original creator of melissa, for example, but today people create viruses that spread themselves in order to become famous they wish to be "recognized" <_quato_> its out of professional competition sounds interesting though sure there are a few people left that create this for fun or for the challenge <_quato_> excatly its like this... some just like to hurt others they just wanna make their names bounce into outlook :DDDDDD but most people want to create viruses in order to spread their name together with the virus and go to jail ;p yep. <_quato_> and out of the fact they are testing the limits of their knowledge ok thank you and SHUT UP!!!!!!!!! :-) :) again people are complaining about all the, uhm... background noise in every lecture yes... it's a hard time reading the logs like that lets stop it's fun, i think ok so speak up only if you have something important to say not. :| so anyway... one of the reasons that there are so little viruses and RATs (remote administration trojans) for unix/linux is... the lack of popularity not so many people use unix and unix-based systems, right? of course. it's much more fun watching the whole world crash when CIH was unleashed here's another reason: <_quato_> virus writing is an art form * ZhorTroX nods in unix-based systems, there are different users on the system with root having maximum privileges now here comes my part every program runs with your privileges nope a program can't access a file unless you have permission to access it, etc' depends. let me say something kript0n suppose it's not a magical h4x0r program :-) unless the security is breached, ok? kript0n u wanna say something? the biggest reason why security is breached is due to: suid! kript0n right, but that doesn't do anything in our case i'll explain but, i'll talk bout this in the 8 :D it has to do Raven... so suppose you get a suspicious file... from icq from irc from email from a website etc' you wouldn't run it as root, right?? from your mamma you would create a less privileged user 'course why not and run it from that user so if it's a malicious program like a trojan or a virus it won't be able to do much ahuh paranoid people will also run debuggers to see exactly what the program does so here's why there are less viruses and RATs for unix/linux! less people would get infected wheew end of the lecture! thus people are less motivated to create viruses and RATs for unix =) ZhorTroX that's not all ------------------------------------------------- end :D hehe NOT :D here's another reason: <-- Cypher (r_T_s@cloaked.rlz.netvision.net.il) has left #bsrf (gtg) * ZhorTroX smiles today, over 80% of all infected boxes get infected via email mostly because of vb trojans and such that hurt outlook users i.e. the love virus, for example and it's deadly sibling... that will COMPLETELY erase your hard drive!! <_quato_> those arent true viruses now, the last time i checked, unix systems aren't vulnerable to outlook bugs... ;-) get to the point hehe and fuck the mbr (the hardcore ones) well actually there's a version of outlook for SunOS d'oh! Raven: calm down... there are vulnerable systems! <_quato_> somehow the eseentail concept of a virus seems to have been misconstrued over the years to those stupid bugs... kript0n :-) _quato_ right there are... linux systems included kript0n would you mind explaining yourself? ok. its like this as you guys may know, <_quato_> a virus a program that ca replicate any way possible any its sole purpose is to survive, <_quato_> not to destroy the visual basic technology, has been out there for some time now, ahuh and thus has been letting eggs around many progs... what would hapen if i run virus under unix with less privleged user and next day i login as root.....wounld virus spread to all my system or its just to less user files and permitions....i think u undestand me :) cika_mark: nope. but let me continue ok cika_mark you have to run an infected file as root for the infection to be system-wide but hey, if u fail to create that less-privileged user Raven: in fact, sendmail was updated due to some bugs that (and you may find this hard to believe) made the vb code act... not in that winbug way and accidentally give it write access to some impotant files but it fucked up some stupid guys like for example /bin/ls, the ls program that lists the contents of a directory and then root uses it... then the system is infected but that less-privileged user should only have execute privileges for ls yes but is viurs active only when is less privileged user login or when anyone is logedin anyway just make sure that when you create that safe user (this method is called a sandbox, btw. you run a program in an underprivileged environment) and make sure you don't leave any breaches in fact.. i use a different puter as a sandbox. ohh btw there are a few viruses for linux less than 10, as far as i know windows has over 10,000 Raven: hehehe... you have it kinda wrong :D and over 1,000 remote administration trojans there are MANY viruses :D over millions they just don't spread because, ZhorTroX nah raven :mm hehe kript0n ok, there are about 15,000 known viruses i think 1) it gathers some knowledge to mess with linux and unix that was in mcafee's website a little while ago you're talking about *known* a few months ago, maybe i'm outdated 2) ppl aren't dumbasses to not understand what they souldn't run kript0n right, people who use even the simplest of all linux distributions would know not to accept any untrusted files of course. that is a basic of security ok, that's all for today the lecture ends here