Re: [TCLUG:683] ...And now for my next trick...

To: TCLUG <tclug-list@listserv.real-time.com>
Subject: Re: [TCLUG:683] ...And now for my next trick...
From: Benjamin Kochie <ben@intexp.com>
Date: Thu, 16 Jul 1998 16:28:17 -0500 (CDT)
In-Reply-To: <35AEA215.3054A0AE@tc.umn.edu>

wow... virii for unix tend to be less common.. mostly because of the
memory security model... sounds like a large system, from what i can
tell.. it may have been a previous sysadmin's legacy.. unless someone root
exploited the computer.. it's doubtfull a user could insert something like
that into the system.. it sounds more more like a trojan than a real
virus, processes started on boot up.. it'd be worth it to shutdown into
single usermode, and start checking all the system files for addons.. :)

On Fri, 17 Jul 1998, Michael Hicks wrote:

> Well, considering the fact that a Linux box I set up would have no one
> to administrate it, I'll just let the company buy the MS Exchange
> servers...  It's their money, not mine, and I don't have an alternative
> that would be simple enough for them to try..
> 
> Now, for my next question--Does anyone know about viruses and Unix? 
> Apparently, there is a virus running rampant on an SGI DM Series box
> running an ancient version of IRIX (4.x, I think..) where I work...
> 
> The person there who (sorta) admins that system has knowledge restricted
> to basically running 'top,' 'osview,' and some other relatively simple
> utilities..
> 
> Anyway, the system traditionally gets system loads of 11-14, with a load
> of 23 this morning (type 'ls,' wait ten seconds, get the list) when the
> admin was running about 10 'find' processes in a script that would
> delete some of the files that this virus was laying all over the
> place...
> 
> CPU power isn't a problem, as it has 4.  3 of them could be turned off,
> and the 4th turned to half power, and the system would still run at the
> same speed..  It is apparently maxing out the Ultra-SCSI controller that
> is connected to a RAID bank.  (the DM has 3 or 4 fiber-optic FDDI
> connections to the network, plus at least one Ethernet connection..)
> 
> Sorry I'm giving all the specs, but it's strangely hilarious, IMHO.. :)
> 
> Anyway, back to the virus--it leaves files named DZLDB or something like
> that laying all over the place, plus it creates start-up scripts, so it
> will get initiated when the system reboots (apparently..)
> 
> If you happen to know the correct way to fight this virus, I'd
> appreciate it..  Also, if you have a good (hopefully inexpensive,
> relatively speaking) way of getting this system to have better
> performance, I'd like to hear about it..
> 
> Thanks,
> 
> Mike Hicks
> -- 
> Linux: Because a PC is a terrible thing to waste
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com
>

References:
- ...And now for my next trick...
  - From: Michael Hicks <hick0088@tc.umn.edu>

Prev by Date: Late Install of LILO
Next by Date: Re: [TCLUG:684] Alpha Linux 5.1
Prev by thread: ...And now for my next trick...
Next by thread: Alpha Linux 5.1
Index(es):
- Date
- Thread