Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Obfuskated Meta-Virus Discovered

  1. #1
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    30

    Default Obfuskated Meta-Virus Discovered

    Dear Developers,

    There appears to be a virus on the Linux Open SUSE 11.0 version. The virus is common on Novell Networks and has found itsself into the kernel scsi modules. Here is an excerpt of an anti virus scan from commercial off the shelf virus scanning software AVG 7.5.51 virus database 270.3.0/1505. The Linux version I am running is a commercial beta SUSE 11.0 version of SUSE 11.0 on HP NX6325 security platform. My configuration is a -minimal- installation with only the operating system necessary to run- and install applications.

    The focus of the installation is, click- and install the operating system with no interference or alternative configurations. Then configure the machine until it works without any problems. When that is completed, use the Control Panels to uninstall almost all software unless it is basic software for communication like Netscape, Mail, or other default software like Media Players or Configuration Software.

    The order install>update>configure>create is very important because the live CD does not allow configuration before update. When all that is done, a commercial off the shelf virus scanner discovers the following viruses.

    1> scsi_mod.ko Virus found Downloader.Obfuskated
    2> scsi_transport_fc.ko Virus found Downloader.Obfuskated

    If you need more information please don't hesitate to reply to this thread, the list from the virus scanner is very long. I have found no search results yet on information how to delete or quarantine the Obfuskated virus. The AVG company does not supply the tools to remove the virus trojan downloader.

  2. #2
    ab@novell.com NNTP User

    Default Re: Obfuskated Meta-Virus Discovered

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    While I haven't tested this myself, all the reports of a virus with this
    name online specify it is a W32 virus. If that is the case, I think AVG
    is a bit psychotic. I suppose the code for the virus could be embedded
    in a SCSI driver (in theory) but it probably wouldn't work since we're
    not in windows.

    Good luck.





    herbievantetering wrote:
    | Dear Developers,
    |
    | There appears to be a virus on the Linux Open SUSE 11.0 version. The
    | virus is common on Novell Networks and has found itsself into the
    | kernel scsi modules. Here is an excerpt of an anti virus scan from
    | commercial off the shelf virus scanning software AVG 7.5.51 virus
    | database 270.3.0/1505. The Linux version I am running is a commercial
    | beta SUSE 11.0 version of SUSE 11.0 on HP NX6325 security platform. My
    | configuration is a -minimal- installation with only the operating
    | system necessary to run- and install applications.
    |
    | The focus of the installation is, click- and install the operating
    | system with no interference or alternative configurations. Then
    | configure the machine until it works without any problems. When that is
    | completed, use the Control Panels to uninstall almost all software
    | unless it is basic software for communication like Netscape, Mail, or
    | other default software like Media Players or Configuration Software.
    |
    | The order install>update>configure>create is very important because the
    | live CD does not allow configuration before update. When all that is
    | done, a commercial off the shelf virus scanner discovers the following
    | viruses.
    |
    | 1> scsi_mod.ko Virus found Downloader.Obfuskated
    | 2> scsi_transport_fc.ko Virus found Downloader.Obfuskated
    |
    | If you need more information please don't hesitate to reply to this
    | thread, the list from the virus scanner is very long. I have found no
    | search results yet on information how to delete or quarantine the
    | Obfuskated virus. The AVG company does not supply the tools to remove
    | the virus trojan downloader.
    |
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIVoDL3s42bA80+9kRAq0aAJ4jwsv6sq9KEjdkLiY828YO8fakoQCdHLHX
    XRMwTzcduJuezLQg6qHw7i0=
    =KDUB
    -----END PGP SIGNATURE-----

  3. #3

    Default Re: Obfuskated Meta-Virus Discovered

    I found this I agree it seems to be an avg thing [Haskell-cafe] Object Files Become Downloader.Obfuskated

    Someone else would need to comment whether haskell is where it is claimed to be found though.
    Man first, have a try at Info, have a look at Wiki, if all that fails Scroogle!!!!!
    If I've helped click on the Rep button I don't know what it does but it sounds cool.

  4. #4
    Join Date
    Jun 2008
    Location
    Finland, European Union
    Posts
    1,879

    Default Re: Obfuskated Meta-Virus Discovered

    False positive.

  5. #5
    Join Date
    Jun 2008
    Location
    /dev/belgium
    Posts
    1,946

    Default Re: Obfuskated Meta-Virus Discovered

    lol, this is funny. Don't you think that the SCSI subsystem kernel maintainers won't discover/know if there was a virus in their subsystem? And if there really is one, don't you think that the maintainers will remove it before inclusion into Linus' main kernel tree? Even if the virus infiltrated the code after inclusion into the main tree, there should be at least a single report on LKML that there's something wrong with these SCSI modules. The kernel people do code revisions all the time and will discover it pretty fast, if there's something wrong that is.

  6. #6

    Default Re: Obfuskated Meta-Virus Discovered

    so nothing to worry about right?
    openSUSE 11.0 Kde 3.5.9 Linux kernel 2.6.26.1

    My Blog: http://snake1990.wordpress.com

  7. #7

    Default Re: Obfuskated Meta-Virus Discovered

    Quote Originally Posted by snakeeyes View Post
    so nothing to worry about right?
    Yup
    (...ten character limit...)
    "If it ain't broke, find something wrong with it"

  8. #8

    Default Re: Obfuskated Meta-Virus Discovered

    thanks (10 character limit)
    openSUSE 11.0 Kde 3.5.9 Linux kernel 2.6.26.1

    My Blog: http://snake1990.wordpress.com

  9. #9

    Default Re: Obfuskated Meta-Virus Discovered

    I found this topic to be funny for a few reasons, and while the topic poster did nothing wrong, You should have more faith in the Linux Development community, Just because we don't get viruses doesn't mean we don't know what they look like. False, BTW send the report AVG so they can fix it.

  10. #10
    Join Date
    Jun 2008
    Location
    Talcahuano,Chile
    Posts
    58

    Talking Re: Obfuskated Meta-Virus Discovered

    ..and in the extremely unlikely case it is a real virus, it wont run anyway

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •