[ale] Trojan mpg123 alert

James P. Kinney III jkinney at localnetsolutions.com
Wed Jan 15 23:50:18 EST 2003 

<SMACK!>

I have discovered that Windows eXcrement Product (home edition) defaults
to "Administrative Rights" when creating a new user account. Many older
16 bit applications (especially DOS stuff) must be run by a user with
administrative rights. And IE defaults to java and j*script on for all
users.


On Wed, 2003-01-15 at 23:03, Stephen F Nicholas wrote:
> Slap me if I read this incorrectly.  People surf the web under their root
> account ?? :-(
> 
> =======================================================
> | Steve Nicholas             |                        |
> | Software Systems Engineer  |  A risk is not a risk  |
> | Georgia State University   |  until it is taken.    | 
> | snicholas at gsu.edu          |                        |
> | 404-651-1062               |  BBROYGBVGW            |
> =======================================================
> 
> On Wed, 15 Jan 2003, Dow Hurst wrote:
> 
> > This is a good reason to follow Bob Toxen's philosophy of working with 
> > untrusted files as a separate user.  You have the power under Linux to 
> > protect yourself!
> > 
> > Bob recommends web browsing as a separate user.  Especially if you are 
> > using plugins, java, or javascript enabled.  I think ssh'ing to your 
> > machine as the untrusted user to run the apps would work okay.  Or, for 
> > the dual screen people, instead of running Xinerama, use two separate 
> > Xservers and log in as separate users.
> > Dow
> > 
> > 
> > James P. Kinney III wrote:
> > 
> > >I really don't like seeing stuff like this for ANY operating system
> > >platform. I especially hate seeing it for Linux systems.
> > >
> > >http://www.theage.com.au/articles/2003/01/15/1042520656903.html
> > >
> > ><cut-n-paste>
> > >
> > >Linux trojan starts circulating
> > >January 15 2003
> > >
> > >
> > >
> > >An exploit for the Linux mpg123 mp3 player has started circulating,
> > >following the release of the code for the same by the Gobbles security
> > >group.
> > >
> > >Anti-virus software maker Symantec has christened it as
> > >Trojan.Linux.JBellz.
> > >
> > >The trojan arrives as a malformed .mp3 file and when played with a
> > >specific version of the mpg123 player, the code is executed. All the
> > >files in the home directory of the current user are deleted, recursing
> > >into subdirectories. 
> > >
> > >Symantec said version pre0.59s of the mpg123 player had been verified to
> > >be vulnerable on SuSE Linux 8.0 and Slackware Linux 8.0. 
> > >
> > >  
> > >
> > 
> > -- 
> > __________________________________________________________
> > Dow Hurst                  Office: 770-499-3428
> > Systems Support Specialist    Fax: 770-423-6744
> > 1000 Chastain Rd., Bldg. 12
> > Chemistry Department SC428  Email:dhurst at kennesaw.edu
> > Kennesaw State University         Dow.Hurst at mindspring.com
> > Kennesaw, GA 30144
> > *********************************
> > *Computational Chemistry is fun!*
> > *********************************
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> > 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



 This is a digitally signed message part

More information about the Ale mailing list