Staog

From Wikipedia, the free encyclopedia

This article does not cite any references or sources. (December 2007)
Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

Staog was the first computer virus written for the Linux operating system. It was discovered in the fall of 1996, and the vulnerabilities that it exploited were shored up soon after. It has not been detected in the wild since its initial outbreak.

Staog was able to infect Linux despite its security-oriented design which requires users and programs to login as root before any drastic operations can be taken. It worked by exploiting some kernel vulnerabilities to stay resident. Then, it would infect executed binaries.

Since it relied on fundamental bugs, software upgrades made systems immune to Staog. This, combined with its shot in the dark method of transmitting itself, ensured that it died off rather quickly.

Staog was written in assembly by the cracker group VLAD. It attempts to stay resident and infect binaries as they are executed by any user. Staog tries to subvert root access via three known vulnerabilities (mount buffer overflow, tip buffer overflow and one suidperl bug). VLAD is an Australian virus group, which also wrote the first Windows 95 virus, Boza.

Staog can be detected by searching all binaries for the following hex search string:

215B31C966B9FF0131C0884309884314B00FCD80^{[citation needed]}