[Linux-bruxelles] linux SuSE 7.2 infectées de fichiers .eml
gauthier-vdm at ibelgique.com
gauthier-vdm at ibelgique.com
Sam 24 Nov 15:43:05 CET 2001
Bonjour,
Le sam 24 nov, Vincent Geers m'a écrit:
> oui mais ici c'est la machine linux qui est infectée.
> La seule machine windows dans le réseau a son antivirus qui est up to date
> elle trouve biens les fichiers eml sur la machine linux quand je fais un
> scan du réseau
>
>
> > Hello,
> > cela s'appele un virus :)
> > Nimda je pense.
> > certains sites tournant IIS de microsoft se sont choppés cela et le
> > redistribuent via les machines avec Internet EXplorer.
> >
> > Ben
Pour les virus Nimda, je viens de tomber sur la page qui suit. S'il
s'agit d'un virus qui incorpore du javascript dans des pages html, cela
expliquerait-il qu'un navigateur sous linux crée de tels fichiers ?
http://www.freelabs.com/~whitis/security/javawarning.html
Java/Javascript Warning
NOTE: If this alert pops up when you visit another page on my web site,
it is because I am trying to warn you about a security risk in your
browser not because your browser is trying to warn you about a security
risk at this site.
On October 11, 2001, the one month anniversary of the September 11th
destruction of the world trade center, computer terrorists released a
virus called nimda onto the net. This virus distributes itself via a
number of different mechanisms. It attacks vulnerable web servers from
infected client machines and infects HTML files (not merely executable
programs) as well as infecting HTML files on the users hard disk and
file shares which may later be uploaded to web servers which are not
vulnerable to direct attack. It can infect HTML files by embedding
malicious javascript in those files. As a result, you are likely to
unknowingly visit malicious pages on legitimate sites.
This is not the first and certainly won't be the last java/javascript
vulnerability. Java and Javascript allow webmasters to non-consensually
and without notice run their computer software on your computer. This
gives them WAY TO MUCH POWER, including the power to invade your privacy
and crash, corrupt, or damage your computer system due to malice or
incompetance. Supposedly, these programs run in a protected environment
but there are flaws in those environments. Webmasters use java and
javascript to do things which should have been done with plain HTML
instead or to produce stupid gimicks you would be better off without.
And in so doing, they make websites which are inaccessible to the
handicapped.
Expect more computer terrorism.
Instructions for disabling java and javascript can be found below. Once
you disable it, this page will stop popping up.
Everything bad said about java and javascript on this page goes double
for Microsoft proprietary ActiveX/VBS.
Domino Effect
Computers suffer from the domino effect. Remember when you were a kid
and you lined up dominos (little rectangular game pieces) so that when
you knocked over the first it knocked over the second, the second
knocked over the third, and so on? Computer crackers use compromised
machines to compromise other machines while making it more difficult to
apprehend them. Even if you think your machine is not important, your
machine may be compromised and used to attack other machines - and you
can be held morally and legally liable.
The compromise of your insignicant home machine might ultimately lead to
the serious consequences at a bank or military installation. As an
example, your home machine can be used to compromise your office
machine. Your office machine can compromise other machines in your
office. Someone in your office accesses sites at another employer,
university lab, etc., which is then compromised. Someone at that lab has
access to a low security machine at a bank or military installation. The
low security machine is used to attack a high security machine at the
same organization or the low security machine turns out to be more
mission critical than originally thought.
Some of the examples which follow are a bit graphic. But if you haven't
had the sense to disable java and javascript by now, maybe you need to
have things spelled out in gory detail.
Bad things which can happen to you if your home or office computers are
compromised
Crackers can use your machine to attack other machines. You can
be held legally liable and your network access can be terminated.
Crackers can use your machine to send spam. You can be held
legally liable and your network access can be terminated. Your
credit cards, checking account, online bill payment account,
checking account, paypal account, etc. can all be compromised and
misused Your personal information can be compromised and used by
or sold to telemarketers, spammers, blackmailers, stalkers,
pedophiles, ex-spouses (custody/alimony battles are often
extremely vicious), "prefered customer" accounts at your
supermarket/drugstore, and existing personal enemies. This
information can include your name, address, phone number, your
age, current and past employers, financial account numbers, tax
returns, sexual preference, fantasies, and fetishes, what
products you buy, what web sites you visit, who your friends are,
ant the name and age of your children and other personal
information about them. You might be embarased to have others
discover what drugs you use: over the counter (preparation-H),
prescription (viagra), and illegal (marijuana). An astonishing
amount of information about you can be discovered from your
computer. Even more information about you can be retreived from
bank, department store, credit card, supermarket, drugstore, and
other computers and by private investigators using this
information. Copies of your personal email, paper mail you
composed on your word processor, and your online chat logs (ICQ,
AIM, IRC, jabber, etc.) may contain things which are embarassing
to you or others. Vacation plans may be discovered. Very handy
if someone wants to rob your house or use it as a maildrop for
things they ordered on your or someone else's stolen credit card.
Stolen passwords Identity Theft. An illegal alien uses your
social security number when he gets a job and the shoot first,
ask questions later goons at the IRS come after you for the taxes
he didn't pay. Or, worse yet, he uses it to purchase a one way
airplane ticket to the sears tower. You can lose your job.
Employers can fire you if your negligence leads to a security
breach. Or they may fire you if someone vindictively sends
information about healthy and normal but stigmatized practices in
your personal life. One windows virus/worm, SirCam, distributes
itself by attaching itself to files it randomly selects from "My
Documents" and sends to everyone in your address book (and
apparently everyone who has posted messages to any of the mailing
lists you are subscribed to). This virus has sent me every file
in more than one persons "My Document" folder. Chances are there
are some files there that you don't want everyone you know to
see. All data on your hard disk can be erased or corrupted.
Your machine can be rendered unusable until you reinstall windows
and all your applications. A trapdoor, such as Back Orifice, can
be installed on your computer allowing other people to log in to
your computer at any time and spy on your activities.
Sample Invasion of Privacy and Consequences
Name John Q. Public Social Security Number 123-445-6789 Drivers
License VA 123-445-6789 Home Address 123 Main Street Anytown, USA
12345 Phone numbers: 987-6543 (unlisted) 876-5432 (cell phone)
800-765-4321 (pager) Date of Birth 1943.10.15 Place of birth
Peterborough New Hampshire Spouse Jane Q. Public Children Susie, age
7, attends Walker elementary School [pictures] Ted, Age 5, attends
Jackson pre-school [pictures] Sex: Male. Bi-sexual, cross-dresser,
likes humiliation. Subscribes to Penthouse. Purchases 14 tubes of KY
Jelly at annually at supermarket. Frequently visits sites like
asianporn.com and spankme.com. Can't get it up without viagra. Annual
Income: $43,250 Monthly mortgage payment: $1270 Doctor: John Q. Quack
Prescription Drugs: viagra, TV Shows Watches Friends, Will and Grace,
and ER. Bank Death Valley Savings and Loan, Checking account
#1234-5678, account balance $1326.47 Credit Cards Visa
1234-5678-9012-3456 01/02 Availible credit $4763 Mastercard
2345-6789-0123-4567 04/02 Availible credit: $2345 Mothers Maiden Name
Spencer Pets Cat's name is napolean Employer Wilson Concrete Car 95
Chevy Blazer, license plate ABC-123 93 Ford Escord, license plate
XYZ-789 Digital Camera Sony Mavica
Recent Purchases Adult DVD
Empire Debbie Does Dallas
Asian Sluts Backdoor Love
Muscle Men $47.23 CVS
Pharmacy Viagra 50mg #10,
erythromyacin 100mg #20
$176.20 Food Lion
Supermarket KY Jelly
Tinactin Eggs Milk
Preparation H Kellog's Fruit
Loops Trojan Condoms $12.34
Dr. Peter, Urologist Office
Visit $67.40 United Airlines
4 Tickets to Orlando, FL
$2315 Disneyworld 2 adult
tickets, 2 children $1473
Tony Keller, Veterinarian
Office Visit $37
Maybe the cracker will use your information to order a new computer or
stereo system charged to your credit card and shipped to your house
while you are on vacation. They retrieve their free merchandise from
your doorstep and your credit card is denied, and your vacation ruined,
when you try to pay for your dinner at epcot center. But it could have
been much worse...
Scene outside Walker Elementary School: "Hi, are you Susie, John and
Janes daughter? I thought so, I recognized you from the snapshots your
dad took using his sony mavica at teddy's birthday party. I am Chester
T. Molester, I work with John at Wilson Concrete and he sent me to pick
you up. Your dad took Napolean in the blazer to Dr. Keller's and your
mom couldn't get the escort to start so your dad called me from their
cell phone to come pick you up at school and give you a bath so you
won't be late catching your plane to disney world. Are you excited about
seeing Mickey?" Now, Susie knows not to accept rides from strangers, but
Mr. Molester must not really be a stranger because he knows all this
information that someone wouldn't know unless they were a friend of her
parents. He knows the names of Susie's mom, dad, brother, dog, where dad
works, what brand of camera he uses, what cars you drive. And Susie
doesn't want to miss the plane to disney world.
Or, maybe the DEA kicks down your door. You see, in some states people
who purchase insulin syringes at their local pharmacy don't need a
prescription but they do need to sign their name and social security
number in the control log. DEA agents got suspicious when someone signed
your name and social security number at every pharmacy in a neighboring
town and the survailance equipment on the DEA helicopter detected some
light from the grow lamp you use because your windowsill isn't large to
support your basil and parsley habits (people also use grow lamps to
grow marijuana).
To disable java(script):
With java/javascript disabled, you will find that some broken sites do
not work. Instead of following their directions to re-enable
java(script), send the incompetant webmaster a complaint and check out
the web site's competitors.
With javascript disabled, you won't have to put up with those annoying
popup advertisements including those full screen ones you stumble across
that take over your screen and wont let you use your computer until you
click through to one of their porn sites where the process repeats until
you have to reboot your machine and lose the documents you were creating
in other applications.
In netscape or mozilla, pull down the "Edit" menu and select
"preferences". Click on "Advanced" and deselect all options which
mention "java" or "javascript".
In arachne, lynx, blynx, brooks-talk, w3m, arena, or amaya,, no action
is required. These browsers do not support mis-feetures such as
javascript. Lynx is a text based browser. blynx is a varient of lynx
used by the blind and dyslexic. Arachne is a graphical web browser which
runs on old computers, network appliances, and kiosks.
Browsers for wireless handheld devices generally do not support
java(script).
Users of internet explorer: under "view -> options -> security", uncheck
"Active Scripting" or "Run ActivX scripts" Better yet, remove this
criminal monopoly backed bug ridden gaping security hole from your
computer entirely.
Opera: under "Preferences -> Multimedia", uncheck "Enable Scripting
Languages".
AOL: Members --> Prefernces --> WWW --> Security: uncheck Javascript or
Security --> Custom --> settings: check disable java.
iCab users: Edit --> Prefernces --> UnScript --> Identity Settings:
uncheck "Activate Inscript"
WebTV: does not support java. To disable javascript, you will need to
return the product to the store where you purchased it and ask for a
refund.
Other Security Tips
Disable Unnecessary Services
Disable services you are not using on all of your machines. Many systems
come with HTTP, FTP, DNS, file sharing, and many other services enabled
by default that you don't use on every machine.
The less Microsoft, the better
Microsoft software is an unjustified security risk.
Proprietary attachments
Don't send or accept attachments in proprietary formats. Never open
executable attachments.
Visit my other Security Pages.
This file is maintained by Mark Whitis (whitis at freelabs.com).
--
Gauthier Vandemoortele <gauthier-vdm at ibelgique.com>
Si tu veux briller à table, le mieux encore c'est d'être un couvert.
(Brèves de comptoir - J-M Gouria)
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
Plus d'informations sur la liste de diffusion Linux-bruxelles