EEVblog Electronics Community Forum

General => General Chat => Topic started by: MT on November 30, 2017, 03:50:18 pm

Title: Windows virus inside Linux iso distros?
Post by: MT on November 30, 2017, 03:50:18 pm
I know zero about Linux.

Is it possible to embed a virus in this case WIN32:vitro inside a Linux iso in this case Knoppix?
Because my antivirus flagged a file on the USB stick after using Rufus to make a USB stick Knoppix
bootable image under the isolinux map as being contaminated?

I thought Win virus didnt work on Linux (perhaps a displaced assumption).
Title: Re: Windows virus inside Linux iso distros?
Post by: technogeeky on November 30, 2017, 04:59:47 pm
I know zero about Linux.

Is it possible to embed a virus in this case WIN32:vitro inside a Linux iso in this case Knoppix?
Because my antivirus flagged a file on the USB stick after using Rufus to make a USB stick Knoppix
bootable image under the isolinux map as being contaminated?

I thought Win virus didnt work on Linux (perhaps a displaced assumption).

It is, of course, possible. When scanning, virus detection is done based on the contents of a file, not the behavior of a program in memory. A file is a file across any operating system or storage medium.

This thread (https://support.avg.com/answers?id=906b0000000TlkuAAC) (which is very recent) seems to suggest that the detection of this virus in a Knoppix ISO is a false detection. Even if the virus were really present in the ISO and you installed and used the operating system, it's not likely that it would damage the Knoppix OS installation.

Title: Re: Windows virus inside Linux iso distros?
Post by: CJay on November 30, 2017, 05:06:03 pm
I know zero about Linux.

Is it possible to embed a virus in this case WIN32:vitro inside a Linux iso in this case Knoppix?
Because my antivirus flagged a file on the USB stick after using Rufus to make a USB stick Knoppix
bootable image under the isolinux map as being contaminated?

I thought Win virus didnt work on Linux (perhaps a displaced assumption).

It is, of course, possible. When scanning, virus detection is done based on the contents of a file, not the behavior of a program in memory. A file is a file across any operating system or storage medium.

This thread (https://support.avg.com/answers?id=906b0000000TlkuAAC) (which is very recent) seems to suggest that the detection of this virus in a Knoppix ISO is a false detection. Even if the virus were really present in the ISO and you installed and used the operating system, it's not likely that it would damage the Knoppix OS installation.

I wonder if it would be possible to scrip the injection of malware from a bootable Linux USB stick when it's booted as a 'live disk' on a windows machine...

Doesn't seem like that'd take much effort.
Title: Re: Windows virus inside Linux iso distros?
Post by: rstofer on November 30, 2017, 06:13:19 pm
Sure, just find the hard drive and write whatever you want.  Heck, erase the thing.  Start with the MBR and wipe out the directory chains.  That ought to do it.
Title: Re: Windows virus inside Linux iso distros?
Post by: MT on December 01, 2017, 12:45:30 am
I know zero about Linux.

Is it possible to embed a virus in this case WIN32:vitro inside a Linux iso in this case Knoppix?
Because my antivirus flagged a file on the USB stick after using Rufus to make a USB stick Knoppix
bootable image under the isolinux map as being contaminated?

I thought Win virus didnt work on Linux (perhaps a displaced assumption).

It is, of course, possible. When scanning, virus detection is done based on the contents of a file, not the behavior of a program in memory. A file is a file across any operating system or storage medium.

This thread (https://support.avg.com/answers?id=906b0000000TlkuAAC) (which is very recent) seems to suggest that the detection of this virus in a Knoppix ISO is a false detection. Even if the virus were really present in the ISO and you installed and used the operating system, it's not likely that it would damage the Knoppix OS installation.

Ah i see! Yes AWG barked. Thanks for the link! I pointed the iso url for VT to test it , it goes green.
ftp://ftp.uni-kl.de/pub/linux/knoppix-dvd/KNOPPIX_V8.1-2017-09-05-EN.iso
Title: Re: Windows virus inside Linux iso distros?
Post by: retiredcaps on December 01, 2017, 12:59:57 am
Maybe I don't see it, but it is a bit disappointing that a distro as old as Knoppix isn't providing a sha256sum so you can verify its ISO image.  Nevermind, found it below.

Linux Mint was hacked Feb 2016 and now recommends you check your image using md5.

https://blog.linuxmint.com/?p=2994 (https://blog.linuxmint.com/?p=2994)

edit:

http://knoppix.net/wiki3/index.php?title=Downloading_FAQ#What_are_these_md5_files.3F (http://knoppix.net/wiki3/index.php?title=Downloading_FAQ#What_are_these_md5_files.3F)