I assume that I am correct in thinking that it is not possible for someone to somehow "send" the Klez worm to a personal web-site? :confused:

The Web Severs that are hosting a site are as vulnerable as any others to virus attacks (those running IIS and Apache seem the least resistent/most exploited), but the most likely effect on personal sites hosted distantly will be that they will go down.

If the password used to access your site was hacked or broken then a malicious user could also upload "things" to your site's webfolders.

A virus on an infected host server could presumably get into mail and ftp servers and cause other sorts of havoc. At the end of the day it is the downloading and running of the payload file that is important, whether by network share (?P2P), eMail, direct download or the use of infected media.

I don't know if a download could be made from the website surreptitiously - I imagine you would have to OK it - but these darn things are getting so sneaky. This is an interesting area that would be worth all our whiles for peeps to elaborate on.

Thanks Paul. :)

As usual with one of your replies, much food for thought and I too hope that we'll get a lot more input.

Come on Jaba, you've spent enough time on that Poll. Let's hear your views!!! :D :D

Originally posted by Paul Komski
The Web Severs that are hosting a site are as vulnerable as any others to virus attacks (those running IIS and Apache seem the least resistent/most exploited)...

You shouldn't speak of IIS and Apache (on Linux) in the same breath WRT virus vulnerabilities!

Well, Paul, this discussion has really got going?

I think I'd better go and examine my BIOS, create a new partition or perhaps re-format.....or even boot into DOS :D :eek:

Sorry sleddog; :( didn't mention or intend to compare Linux and Windows. M$'s haste to create "integrated" applications such as Office and IE/OE without proper security is one of the main reasons for the prevalence of many of the worms from LoveBug to Klez (especially via their HTML mail clients with their inherent susceptibility to the running of scripts); as well as having had the additional effect of creating much more W3C non-compliance.

Main point was that a web-server is just a computer after all. ;) Once it was floppies, nowadays its eMails that perpetuate most viruses. M$'s ActiveX controls are yet another source of vulnerability. I think that what a lot of us want to learn is how to protect ourselves from visiting malicious websites and to do that means learning how these attacks are made. I'm not even half way there. :(

It could be irresponsible to help promote "any myth that Linux is immune to viruses" (http://www.claymania.com/unix-viruses.html) - even though they are very rare - particularly as it becomes more widely used.

So definitely two breaths then :D One huge one; and one tiny one! :p