The Computer Virus Legion has just issued a Severity-One virus alert for a security vulnerability for myBase Databases on Linux and UNIX platforms. This virus effects myBase and may result in a complete loss of service. This virus may be serious and requires IMMEDIATE attention to neutralize the threat.
Problem: The virus exploits a vulnerability in a Windows myBase client, allowing an unauthorized myBase user to gain root privileges on the UNIX myBase database server. The virus then places a malicious Trojan executable on the server.
CVL References: 41-20374, 75-28365.
Platforms Impacted: Sun Solaris, Red Hat Linux, SuSE Linux, AIX and HP UNIX.
Vulnerability Assessment: The risk is HIGH. The virus software allows the myBase user to gain unauthorized root privileges and can cause serious loss of production service.
Virus Detection: This virus plants a Trojan UNIX shell executable (xxx.sh) on your myBase server and starts a daemon process on each myBase UNIX server.
Again, the threat level for this virus is HIGH, and we highly recommend that you get full details. This myBase virus creates a Trojan executable on your myBase server and starts a daemon process on each myBase UNIX server. If the following command returns "1" then your server may be infected:
ps -ef|grep `whoami`|grep -v grep|wc -l
The virus spreads between myBase servers using the UNIX e-mail gateway by exploiting the UNIX mailx daemon, sending malicious messages to all users defined in the /etc/passwd file. These messages can be detected by their distinctive subject lines 'GENERIC VIAGRA', and 'GROW YOUR THINGY'.
Hallmarks of the myBase virus include:
Increasing degradation in myBase performance, especially as user load and database size increases.
Sub-optimal SQL execution plans will appear in the myBase library cache.
The instance will switch to rule-based SQL optimization and send an e-mail to myBase Support, requesting an iTar for technical assistance.
The following message will appear in the myBase alert log:
MYB-0911411 - Cannot install MySQL
It will rewrite your myBase backup files, changing all active verbs to a passive voice and introducing undetectable misspellings into all text.
You may see a variation on the Oprah Winfrey virus where your SYSTEM tablespace suddenly shrinks to 20 Meg, and then slowly expands-out to over 500 Meg.
The daemon process will attack all PeopleSoft software on the server, in an attempt to take-over control of the application.
The virus may also manifest as a variation of the Monica Lewinsky virus, sucking all of the RAM out of your SGA and then sending e-mails all users, telling them about it.
It will de-magnetize the strips on all of your credit cards and re-program your ATM access code.
It will program your telephone to auto-dial 1-900 talk-dirty-to-me phone lines.
If you are running myBase on Windows, it will will re-calibrate your refrigerator's coolness settings so that all your ice cream melts.
If you are running the multi-threaded server, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub.
PLEASE FORWARD THIS MESSAGE TO EVERYONE YOU KNOW!