From owner-freebsd-security  Mon Jun 10 10:14:44 2002
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id 1C74337B910
	for <freebsd-security@FreeBSD.ORG>; Mon, 10 Jun 2002 10:12:51 -0700 (PDT)
Received: from apollo.backplane.com (localhost [127.0.0.1])
	by apollo.backplane.com (8.12.3/8.12.3) with ESMTP id g5AHCoCV008969;
	Mon, 10 Jun 2002 10:12:50 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.12.3/8.12.3/Submit) id g5AHCoEP008968;
	Mon, 10 Jun 2002 10:12:50 -0700 (PDT)
	(envelope-from dillon)
Date: Mon, 10 Jun 2002 10:12:50 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200206101712.g5AHCoEP008968@apollo.backplane.com>
To: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Linux/Windows Virus
References:  <200206101629.g5AGTOGn003781@cwsys.cwsent.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

    Pah.  It looks pretty stupid to me.  I see lots of articles hyping the
    thing up and prognasticating the first 'multi platform' virus, but not
    a single solid report of an actual infection and not a single
    description of the transmission vector other then vague guesses
    that it might be remote-shell related (aka like an old ssh hole).
    It is highly unlikely that even an old, vulnerable sshd running on
    FreeBSD could be infected by this thing.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

:This should probably concern anyone using Linux emulation under 
:FreeBSD.  I suspect that it may also attempt to infect FreeBSD 
:binaries, rendering them useless.
:
:http://www.symantec.com/avcenter/venc/data/linux.simile.html
:
:Be careful what you run.
:
:
:--
:Cheers,                          Phone:  250-387-8437
:Cy Schubert                        Fax:  250-387-5766
:Team Leader, Sun/Alpha Team      Email:  Cy.Schubert@osg.gov.bc.ca
:Open Systems Group, CITS
:Ministry of Management Services
:Province of BC            
:                    FreeBSD UNIX:  cy@FreeBSD.org
:
:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message