Friday, April 01, 2011

Important virus alert

The Computer Virus Legion has just issued a Severity-One virus alert for a security vulnerability for myBase Databases on Linux and UNIX platforms. This virus effects myBase and may result in a complete loss of service. This virus may be serious and requires IMMEDIATE attention to neutralize the threat.

Problem: The virus exploits a vulnerability in a Windows myBase client, allowing an unauthorized myBase user to gain root privileges on the UNIX myBase database server. The virus then places a malicious Trojan executable on the server.

CVL References: 41-20374, 75-28365.

Platforms Impacted: Sun Solaris, Red Hat Linux, SuSE Linux, AIX and HP UNIX.

Vulnerability Assessment: The risk is HIGH. The virus software allows the myBase user to gain unauthorized root privileges and can cause serious loss of production service.

Virus Detection: This virus plants a Trojan UNIX shell executable ( on your myBase server and starts a daemon process on each myBase UNIX server.

Again, the threat level for this virus is HIGH, and we highly recommend that you get full details. This myBase virus creates a Trojan executable on your myBase server and starts a daemon process on each myBase UNIX server. If the following command returns "1" then your server may be infected:

ps -ef|grep `whoami`|grep -v grep|wc -l

The virus spreads between myBase servers using the UNIX e-mail gateway by exploiting the UNIX mailx daemon, sending malicious messages to all users defined in the /etc/passwd file. These messages can be detected by their distinctive subject lines 'GENERIC VIAGRA', and 'GROW YOUR THINGY'.

Hallmarks of the myBase virus include:

Increasing degradation in myBase performance, especially as user load and database size increases.

Sub-optimal SQL execution plans will appear in the myBase library cache.

The instance will switch to rule-based SQL optimization and send an e-mail to myBase Support, requesting an iTar for technical assistance.

The following message will appear in the myBase alert log:
MYB-0911411 - Cannot install MySQL

It will rewrite your myBase backup files, changing all active verbs to a passive voice and introducing undetectable misspellings into all text.

You may see a variation on the Oprah Winfrey virus where your SYSTEM tablespace suddenly shrinks to 20 Meg, and then slowly expands-out to over 500 Meg.

The daemon process will attack all PeopleSoft software on the server, in an attempt to take-over control of the application.

The virus may also manifest as a variation of the Monica Lewinsky virus, sucking all of the RAM out of your SGA and then sending e-mails all users, telling them about it.

It will de-magnetize the strips on all of your credit cards and re-program your ATM access code.

It will program your telephone to auto-dial 1-900 talk-dirty-to-me phone lines.

If you are running myBase on Windows, it will will re-calibrate your refrigerator's coolness settings so that all your ice cream melts.

If you are running the multi-threaded server, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub.