Discovered: January 14, 2003
Updated: February 13, 2007 11:45:55 AM
Type: Trojan Horse
Systems Affected: Linux
The Trojan.Linux.JBellz Trojan horse arrives as a malformed .mp3 file. When the .mp3 file is played with a specific version of the mpg123 player under Linux, the code of the Trojan horse is executed; thereby, deleting all the files in the home directory of the current user.
Symantec antivirus products detect the tool used to create the malformed .mp3 files, which contain Trojan.Linux.JBellz, as Trojan.Linux.JBellz.dr.
Additional information about the vulnerability described in this writeup can be found in the message that was posted to the SecurityFocus Bugtraq forum, at:
http://online.securityfocus.com/archive/1/306476.
Protection
-
Initial Rapid Release version January 15, 2003
-
Latest Rapid Release version July 12, 2008 revision 018
-
Initial Daily Certified version January 15, 2003
-
Latest Daily Certified version July 12, 2008 revision 019
-
Initial Weekly Certified release date January 15, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
Writeup By: Frederic Perriot
