Pro Linux virus rears its head

Low, medium or high risk depending on who you ask

Out breaks of the newly discovered Linux plugging ProLin virus have been reported in Poland and the American mid-west.

Developed by an unknown hacker calling him or herself 'The Penguin', it arrives attached to an e-mail with the subject: "A great Shockwave Flash movie." Once the program is run, the virus emails itself to everyone in the users Outlook address book.

As yet there is no consensus in the anti-virus industry about how dangerous the virus is. At the time of writing, Network Associates has it ranked as low risk, while Trend Micro ranks it a high risk. Symantec and Kaspersky Labs both go with a medium.

Once run, the program copies itself to the disk C: root directory and to the Windows start up folder. Then it sends a notification email to an anonymous yahoo.com email address, presumably the author of the virus, with the message: "Got yet another idiot."

Kaspersky Lab said it ranked it as medium since in most cases it does no irreparable damage, but warns that in some cases the worm is able to destroy damaged files.

Next it searches a local hard drive for files with .ZIP, .MP3 and .JPG extensions, and moves them to the C: directory. It adds "change at least now to LINUX" to the file names.

The virus is probably one of the better mannered out there at the moment. It points out to the victim that it could have been worse, and that at least it didn't wipe the hard drive, as well as leaving a file that gives users directions on how to clean their systems of the worm.

"The virus writer is either a Linux freak, or he is trying to show people about exploits and show software companies that their security has holes," Vincent Gullotto, senior director of Network Associates' McAfee Avert Labs told reporters. "But your guess is as good as mine." ®

Related Stories

Virus prevents you asking for help
Viruses prey on porn lovers

Sponsored: Driving business with continuous operational intelligence