[aclug-L] Attack of the Tuxissa Virus

[John Goerzen <jgoerzen@xxxxxxxxxxxx>]

I found this bit of parody (yes, this is FAKE) on www.aclug.org/news/
in the Humorix area:
http://i-want-a-website.com/about-linux/mar99.shtml#Tuxissa


  Attack of the Tuxissa Virus 
  Written by James Baughn on March 29, 1999
  from the more-powerful-than-y2k dept.

  What started out as a prank posting to comp.os.linux.advocacy
  yesterday has turned into one of the most significant viruses in
  computing history. The creator of the virus, who goes by the
  moniker "Anonymous Longhair", modified the Melissa virus to
  download and install Linux on infected machines. 

  "It's a work of art," one Linux advocate told Humorix after he
  looked through the Tuxissa virus source code. "This virus goes
  well beyond the feeble troublemaking of Melissa." The advocate
  enumerated some of the tasks the virus performs in the
  background while the user is blissfully playing Solitaire: 

  Once the virus is activated, it first works on propogating itself. It
  has a built-in email harvesting module that downloads all the
  pages referenced in the user's Internet Explorer bookmarks and
  scans them for email addresses. Using Outlook, the virus sends
  a copy of itself to every email address it comes across. 

  After it has successfully reproduced, the virus begins the tricky
  process of upgrading the system to Linux. First, the virus
  modifies AUTOEXEC.BAT so that the virus will be re-activated
  if the system crashes or is shut down while the upgrade is in
  process. Second, the virus downloads a stripped-down
  Slackware distribution, using a lengthy list of mirror sites to
  prevent the virus from overloading any one server. 

  Then the virus configures a UMSDOS filesystem to install Linux
  on. Since this filesystem resides on a FAT partition, there is no
  need to re-partition the hard drive, one of the few actions that
  the Word macro langugage doesn't allow. 

  Next, the virus uncompresses the downloaded files into the new
  Linux filesystem. The virus then permanently deletes all copies
  of the Windows Registry, virtually preventing the user from
  booting into Windows without a re-install. After modifying the
  boot sector, the virus terminates its own life by rebooting the
  system. The computer boots into the Slackware setup program,
  which automatically finishes the installation of Linux. Finally, the
  dazed user is presented with the Linux login prompt and the text,
  "Welcome to Linux. You'll never want to use Windows again.
  Type 'root' to begin..." 

  The whole process take about two hours, assuming the user has
  a decent Internet connection. Since the virus runs invisibly in the
  background, the user has no chance to stop it until it's too late. 

  The email message that the virus is attached to has the subject
  "Important Message About Windows Security". The text of the
  body says, "I want to let you know about some security problems
  I've uncovered in Windows 95/98/NT, Office 95/97, and Outlook.
  It's critically important that you protect your system against
  these attacks. Visit these sites for more information..." The rest
  of the message contains 42 links to sites about Linux and free
  software. 

  Slashdot is one of those links. "That could spell trouble," one
  Slashdot expert told Humorix. "Slashdot could fall victim to the
  new 'Macro Virus Effect' if this virus continues to propogate at
  its present exponential growth rate. Red Hat's portal site,
  another site present on the virus' links list, seems to be quite
  sluggish right now..." 

  Details on how the virus started are a bit sketchy. The
  "Anonymous Longhair" who created it only posted it to Usenet
  as an early April Fool's gag, a demonstration of how easy it
  would be to mount a "Linux revolution". Some other Usenet
  reader is responsible for actually spreading the virus into the
  wild. One observer speculated, "I imagine the virus was first
  sent to the addresses of several well-known spammers. The
  virus probably latched on to the spammer's email lists and began
  propagating at a fantastic rate. With no boundary to its growth,
  this thing could wind up infecting every single Net-connected
  Wintel box in the world. Wouldn't that be a shame!" 

  Linus Torvalds, who just left for a two week vacation, was
  unavailable for comment at press time. We have a strong feeling
  that his vacation will be cut short very soon...