| Index | Directory | Calendar | Contact ASU | Campuses: Main West East Extended |  |
|---|
 Unix Network Users Group |
|
|
|
23. Virus, worms and the Trojan HorseA virus is a piece of code or program that typically attaches itself to some known or trusted program on your system and is executed when the trusted program runs. If that trusted program is run with setuid as root, you’re in for trouble. On Mac’s and PC’s viruses are more common because a virus can spread itself more easily on those platforms. But, Unix is not immune to them. Always be cautious when executing any program as root. Make sure you know what it will do and don’t just trust the person who gave it to you blindly. Insist on the source code whenever possible and compile it yourself. If you suspect that some piece of software has a virus or worm – don’t run it on a system that is connected to the Ethernet. Isolate a test system to do testing and be very careful what you put out on the network. It may try to attack other systems on your Ethernet. A worm is a program or piece of code attached to a trusted program that tries to copy itself over the network and imbed itself into other unsuspecting user’s systems. The famous Morris worm back in 1988 used a Sendmail bug to copy itself all over the Internet. To protect yourself against worms, don’t open ports on the net unless you have to and know what they are (see Item #1 above). Also, keep abreast of the latest news from CERT about new virus or worms that have been discovered. Keep up with the security patches from your vendors and most of your problems with worms and viruses can be kept to a minimum. A Trojan horse is a program that allows a hacker a back way in and has usually been planted in an innocuous place that may be hard to find. Many times a hacker may want to get back into a site once is has been compromised once already. One way to do that is to place a Trojan horse program somewhere on the system that allows them to get access again if the main way is blocked or if other changes have been made that prevent them from breaking in the same way they came in before. To guard against these, check all of the setuid programs on your system to be sure that the are supplied by the vendor and that the are bit-for-bit identical to the vendor’s version (e.g. use the ‘sum’ command or ‘diff’). If a digital signature is available for a distributed piece of software, verify that the signature is legitimate. Sometimes software (especially security software) is digitally signed by the person or organization that wrote it. For example, the Secure Shell has a signature file distributed with it that is signed the by the author of the program. PGP is then used to verify the distribution. |
| ||||
