On Fri, Apr 29, 2005 at 02:08:15PM +0100, Nigel Wade wrote: > >>It was completely manual, the virus didn't install itself. It was > >>injected by someone breaking in via ssh and then manually downloading an > >>infected file. It's not like a STD, it's like a virus which can only be > >>spread by direct injection. > >That's the difference between a virus and a worm. It *does* have a > >mechanism to spread between files on a machine, but doesn't have one to > >go between machines without piggybacking on something else. (Which it > >did.) > For a virus to be viable it has to be able to infect files in such a way > that those infected files are likely to spread the virus. This one doesn't. > It needs to be spread manually, hence my threat rating of ~0. You're using the word "manually" in a strange way, and differently from the way you did in the paragraph above. In this case, it didn't spread manually (in the normal sense of the word) from the infected mech binary to the binaries in /bin -- it did that on its own when it got a chance. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 72 degrees Fahrenheit.