Weblog:   Linux Users: Welcome to the World of Malware
Subject:   This article is stupid
Date:   2004-11-01 11:12:56
From:   Jimmy_King
Perhaps if it had gone into detail about the nature of the "attack", it would have been interesting, but as it stands, big deal. Linux users get phishing scams on a daily basis, too. The people that send those don't research what OS you use and only send them to Windows users. As others have said, it's just that the majority of Linux users know how to recognize that stuff and so aren't fooled by it.

This "new" thing is no different, as far as I can tell from the little bit of detail here. Someone sends an e-mail with a link to a file claiming to be from Redhat, hoping people are stupid enough to download and run it. So? It's a file to run as opposed to a website to enter your credit card information, who care? The concept is the same and nothing new.

Let me know when they start distributing something that could run without me having to download something without looking at a URL, especially if it manages to do some damage without me logging in as root and then running it. Now don't get me wrong, I'm not saying it's impossible... the likelihood of executing automatically is not high, but if it happens, it could execute some sort of buffer overflow against something that runs as root, so it's possible, it's just unlikely unless someone makes a linux web browser which will allow a script on a website to download a file without my knowing, chmod it to be executeable, and then run it. At that point, it's still making the assumption that I have that program running, which I may or may not, and even if I do, my specific distro may or may not be susceptible to it.