On Wed, Apr 27, 2005 at 05:21:45PM +0100, Nigel Wade wrote:
Looks like it spread to root from a user account in this case. Threat is obviously somewhat greater than 0. Caution and good practices are still required.
There's no evidence that the virus escalated its own privilege. More likely that a root process executed an infected binary.
I agree -- and that's exactly why this shouldn't be dismissed as "0 threat".
I didn't say 0, I said ~0. You also shouldn't overstate the threat and create FUD where none is justified.
For a virus to be viable it has to be communicable. In this instance the virus required manual "injection". Hence the 0-49 infections in 3 years, and the virutally zero threat.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555