[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A malware? and GPL infrigment?

From: Samuel Thibault
Subject: A malware? and GPL infrigment?
Date: Fri, 1 Apr 2016 10:38:31 +0200
User-agent: Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30)


Here is some bad news (or good news, depends how you take it). You know
that malware nowadays often uses javascript (I guess most of you have
received some "billing PDF" mail which is actually a tarball containing
javascript), and thus GNU/Hurd is potentially affected by such malware
since javascript per se is portable. The javascript code however usually
downloads a binary payload to be run, and that one is OS-dependent, and
GNU/Hurd used to be safe in that regard.

I have however been approached by clamav maintainers, who told me
that one such malware got ported to GNU/Hurd! They apparently "just"
rebuilt the malware using a GNU/Hurd cross tolchain (why not running
the qemu image?! Beats me). They however had to patch the source a bit:
apparently in previous versions it was using the PATH_MAX constant,
whose 4096 magic number could be seen in the Linux binary. The authors
changed that into the classical dynamic allocation loop. Actually the
generated code looks very much like the "sample" loop linked from
https://www.gnu.org/software/hurd/hurd/porting/guidelines.html : 


Since this is covered by the LGPL licence, the malware should at the
very least provide the terms of licence, and offer to get the source of
the malware, otherwise it's a copyright infrigment... BTW, the malware
is called "something's fishy".


reply via email to

[Prev in Thread] Current Thread [Next in Thread]