exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

tuxissa.txt

tuxissa.txt
Posted Aug 17, 1999

Attack of the Tuxissa Virus

tags | virus
systems | unix
SHA-256 | 2e3b550d8960978f7167c5d19e6e901e28cdbaba72b1d144fdc89a4a83fe01de

tuxissa.txt

Change Mirror Download
Attack of the Tuxissa Virus
March 29, 1999

What started out as a prank posting to
comp.os.linux.advocacy yesterday has turned into one of the
most significant viruses in computing history. The
creator of the virus, who goes by the moniker "Anonymous
Longhair", modified the well-known Melissa[1] virus to
download and install Linux on infected machines.

"It's a work of art," one Linux advocate told Humorix after
he looked through the Tuxissa virus source code. "This
virus goes well beyond the feeble troublemaking of
Melissa." The advocate enumerated some of the tasks the
virus performs in the background while the user is
blissfully playing Solitaire:

Once the virus is activated, it first works on propogating
itself. It has a built-in email harvesting module that
downloads all the pages referenced in the user's Internet
Explorer bookmarks and scans them for email addresses.
Using Outlook, the virus sends a copy of itself to every
email address it comes across.

After it has successfully reproduced, the virus begins the
tricky process of upgrading the system to Linux. First,
the virus modifies AUTOEXEC.BAT so that the virus will be
re-activated if the system crashes or is shut down while
the upgrade is in process. Second, the virus downloads a
stripped-down Slackware distribution, using a lengthy list
of mirror sites to prevent the virus from overloading any
one server.

Then the virus configures a UMSDOS filesystem to install
Linux on. Since this filesystem resides on a FAT
partition, there is no need to re-partition the hard drive,
one of the few actions that the Word macro langugage
doesn't allow.

Next, the virus uncompresses the downloaded files into the
new Linux filesystem. The virus then permanently deletes
all copies of the Windows Registry, virtually preventing
the user from booting into Windows without a re-install.
After modifying the boot sector, the virus terminates its
own life by rebooting the system. The computer boots into
the Slackware setup program, which automatically finishes
the installation of Linux. Finally, the dazed user is
presented with the Linux login prompt and the text,
"Welcome to Linux. You'll never want to use Windows again.
Type 'root' to begin..."

The whole process take about two hours, assuming the user
has a decent Internet connection. Since the virus runs
invisibly in the background, the user has no chance to stop
it until it's too late.

The email message that the virus is attached to has the
subject "Important Message About Windows Security". The
text of the body says, "I want to let you know about some
security problems I've uncovered in Windows 95/98/NT,
Office 95/97, and Outlook. It's critically important that
you protect your system against these attacks. Visit these
sites for more information..." The rest of the message
contains 42 links to sites about Linux and free software.

Slashdot is one of those links. "That could spell
trouble," one Slashdot expert told Humorix. "Slashdot
could fall victim to the new 'Macro Virus Effect' if this
virus continues to propogate at its present exponential
growth rate. Red Hat's portal site, another site present
on the virus' links list, seems to be quite sluggish right
now..."

Details on how the virus started are a bit sketchy. The
"Anonymous Longhair" who created it only posted it to
Usenet as an early April Fool's gag, a demonstration of how
easy it would be to mount a "Linux revolution". Some other
Usenet reader is responsible for actually spreading the
virus into the wild. One observer speculated, "I imagine
the virus was first sent to the addresses of several
well-known spammers. The virus probably latched on to the
spammer's email lists and began propagating at a fantastic
rate. With no boundary to its growth, this thing could
wind up infecting every single Net-connected Wintel box in
the world. Wouldn't that be a shame!"

Linus Torvalds, who just left for a two week vacation, was
unavailable for comment at press time. We have a strong
feeling that his vacation will be cut short very soon...


[1] http://linuxtoday.com/stories/4463.html

---

James S. Baughn
http://i-want-a-website.com/about-linux/

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close