- Staog
Staog was the first
computer virus written for theLinux operating system . It was discovered in the fall of1996 , and the vulnerabilities that it exploited were shored up soon after. It has not been detected in the wild since its initial outbreak.Staog was able to infect Linux despite its security-oriented design which requires users and programs to login as root before any drastic operations can be taken. It worked by exploiting some kernel vulnerabilities to stay resident. Then, it would infect executed binaries.
Since it relied on fundamental bugs,
software upgrades made systems immune to Staog. This, combined with its shot in the dark method of transmitting itself, ensured that it died off rather quickly.Staog was written in assembly by the cracker group
VLAD . It attempts to stay resident and infect binaries as they are executed by any user. Staog tries to subvert root access via three known vulnerabilities (mount buffer overflow, tip buffer overflow and one suidperl bug). VLAD is an Australian virus group, which also wrote the first Windows 95 virus, Boza.Staog can be detected by searching all binaries for the following hex search string:
:"215B31C966B9FF0131C0884309884314B00FCD80"Fact|date=December 2007
ee also
*
Linux malware External links
* [http://www.f-secure.com/v-descs/staog.shtml Staog information on F-Secures Website]
* [http://www.ussg.iu.edu/hypermail/linux/kernel/9702.1/0066.html Staog Virus: Linux-Kernel Archive]
Wikimedia Foundation. 2010.
