McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• ELF/Winux (CAI)

• Lindose

• Linux.Peelf.2132 (NAV)

• Linux/Lindose

• W32.Peelf.2132 (NAV)

• W32/Winux (CAI)

• Win32.PEELF.2132 (AVX)

• Winux

Characteristics

This virus is not in the wild and is only a proof of concept virus type.

The virus comes in a 32 bit "pe" file type (.exe), so for the initial launch to be successfull it needs a windows based system.This is done to add the likelyhood of initial ability to run.

This virus will infect 32 bit files on a Windows based system. This virus is not memory resident and does not run as a task.

If a Linux file type is found on the same system, this file will also become infected. This may be encountered on dual operating systems but it is not common.

When it finds ELF file type files, in the current directory, it immediately infects them, direct action method. Infected ELF files are capable of infecting further on a native linux system, but some files will no longer run properly. This may result in severe crashes and/or may render the system inaccessable. A lot of linux viruses crash - not many run troublefree. However, the number of linux viruses is slowly growing and with time we will probably see them improving on stability and complexity.

Comments within the virus body include:

[Win32/Linux.Winux] multi-platform virus by (virus author) This GNU program is covered by GPL.

Symptoms

Infected files will contain the string "Win32/Linux.Winux". Files will also have a date modification change after infection. No size increase is expected due to the infection method.

Method of Infection

The dropper file for this virus is in native Win32 format. When executed, it will seek PE files and Linux based files and infect them.

In PE files, the .reloc section of the file is overwritten.

In Linux files, inserts its code and moves the code at insertion point to the end of the file. Repair for this infection type is trivial.

Removal

All Users:
Use current engine and DAT files for detection. Replace files not cleaned with backup copies.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• ELF/Winux (CAI)

• Lindose

• Linux.Peelf.2132 (NAV)

• Linux/Lindose

• W32.Peelf.2132 (NAV)

• W32/Winux (CAI)

• Win32.PEELF.2132 (AVX)

• Winux

Characteristics

Characteristics -

This virus is not in the wild and is only a proof of concept virus type.

The virus comes in a 32 bit "pe" file type (.exe), so for the initial launch to be successfull it needs a windows based system.This is done to add the likelyhood of initial ability to run.

This virus will infect 32 bit files on a Windows based system. This virus is not memory resident and does not run as a task.

If a Linux file type is found on the same system, this file will also become infected. This may be encountered on dual operating systems but it is not common.

When it finds ELF file type files, in the current directory, it immediately infects them, direct action method. Infected ELF files are capable of infecting further on a native linux system, but some files will no longer run properly. This may result in severe crashes and/or may render the system inaccessable. A lot of linux viruses crash - not many run troublefree. However, the number of linux viruses is slowly growing and with time we will probably see them improving on stability and complexity.

Comments within the virus body include:

[Win32/Linux.Winux] multi-platform virus by (virus author) This GNU program is covered by GPL.

Symptoms

Symptoms -

Infected files will contain the string "Win32/Linux.Winux". Files will also have a date modification change after infection. No size increase is expected due to the infection method.

Method of Infection

Method of Infection -

The dropper file for this virus is in native Win32 format. When executed, it will seek PE files and Linux based files and infect them.

In PE files, the .reloc section of the file is overwritten.

In Linux files, inserts its code and moves the code at insertion point to the end of the file. Repair for this infection type is trivial.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Replace files not cleaned with backup copies.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A