Complete.Org: Mailing Lists: Archives: discussion: April 2000:
[aclug-L] Re: Repeat of virus warning 		Home

[aclug-L] Re: Repeat of virus warning

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Cc: "'aclug-L@xxxxxxxxxxxx'" <aclug-L@xxxxxxxxxxxx>
Subject: [aclug-L] Re: Repeat of virus warning
From: John Goerzen <jgoerzen@xxxxxxxxxxxx>
Date: 07 Apr 2000 23:04:57 -0500
Reply-to: discussion@xxxxxxxxx 
OK I think we have just about exhausted the standard options.  What
remain are:

 * a hardware failure (CPU overheating, memory problem, etc)
 * a bug in KDE
 * a bug in Linux
 * user error

I am inclined to think that it is not the third option and probably
not the second.  From your description, I also think it is not the
4th.  That leaves us with the first.  While this is an
unlikely event, in the words of A. C. Doyle, "When all other options
have been excluded, that which remains, however improbable, must be
the truth."  I can think of no other explanation.  If you were not
running your mail program as root, your mail program can not damage
your partition table.  Period.  (Barring some serious and totally
unknown root compromise, which I think is extremely unlikely.)
Further, if it were an attack, it would not be displaying "fdisk /mbr"
as this is not valid for Linux.

As far as KDE goes, the bug would have to be in a setuid program,
which I do not believe the mailer would be, so that pretty well
eliminates that option.

Therefore we are left with the hardware failure theory.  I have seen
hardware that has caused strange things to happen a few times a
month.  For instance, files that are present not showing on ls, or
processes randomly dying, or data corruption randomly occuring.  When
CPU, RAM, bus, or disk gives an incorrect result -- even just once --
all bets are off and the strangest of things can happen.

-- John

"Michael A. Holmes" <maholmes@xxxxxxxxxx> writes:

> last monnt, I downloaded varicad and put it in the root directory
> Tonight I get an email from them.  When I opened it, a terminal window came 
> up and the follownig was in it.:
> 
> >su
> >my secret password was typed in and then accepted
> root@/home/mike> fdisk /mbr
> root@/home/mike>
> 
> at this point, my hard drive went nuts.  I pressed the power button.
> whent I rebooted, it went into linux, but could not find /hda9 or 10 my 
> /home and /stchuff drives.  Pine was the only email client I could pull up. 
>  I tried to send this email.  But I see it never made it.  Now windows is 
> the only thing left on the computer.  I cannot even get linux to come up.
> 
> How the (&&*%^ can this happen. I though linux was bullet proof.  When I 
> put it in the root directory, did i give it root authority for some 
> hiddenscript??
> 
> I am so pissed it is unreal.  I finally had sound and everything running.
> 
> Mike
> 
> 
> -- This is the discussion@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
> 

-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@xxxxxxxxxxxx |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
The 913,642nd digit of pi is 2.

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
[Prev in Thread] Current Thread [Next in Thread]