Linux Virus

From: Mark McArthey (mcarthey@mfa.com)
Date: 02/12/97


   MCAFEE DISCOVERS FIRST LINUX VIRUS; SHIPS
   NEW VERSION OF VIRUSSCAN TO DETECT AND
   REMOVE BLISS VIRUS

   SANTA CLARA, CALIF. (February 5, 1996) -- McAfee (Nasdaq:
   MCAF), the world's leading vendor of anti-virus software, today
   announced that its virus researchers have discovered the first computer
   virus capable of infecting the Linux operating system. The Linux
   operating system is a publicly supported freeware variant of the Unix
   operating system that runs on Intel-based personal computers. 

   The virus, which is called Bliss, is significant because many in the
   Unix industry have previously believed that viruses were not a concern
   to Unix operating system users. Unix operating systems are typically
   difficult to infect with viruses since a virus writer must have
   administrative privileges to infect a given Unix system.  McAfee
   researchers believe that one reason this virus has begun to spread is
   because Linux users who are playing computer games over the Internet,
   such as DOOM, must play the game in the Linux's administrator mode,
   which is called "root." 

   "Bliss is a destructive virus which overwrites Linux executables with
   its own code," said Jimmy Kuo, McAfee's director of anti-virus
   research. "Although several incidents of Bliss infection have already
   been reported, the virus is not currently widespread. We encourage
   concerned Linux users to download a free working evaluation copy of
   our VirusScan for LINUX, which can be used to detect the virus." 

   The History of Bliss

   Very little is known about the history of the Bliss virus.  McAfee
   discovered the Bliss virus two days ago, and posted a solution
   Wednesday evening on its web site. The virus is believed to have been
   created as a research project several months ago by an anonymous
   programmer, and until recently was not an "in-the-wild" threat.
   Recently, reports of the virus have begun to surface within Linux
   Internet news groups. 

   How Bliss Works

   Bliss infects Linux executable files. Each time Bliss is executed, it
   overwrites two or more additional files. Because the virus makes its
   presence known by overwriting and destroying files each time it
   executes, users are immediately alerted to its presence.  Bliss overwrites
   the first 17,892 bytes of each affected file with its own code.
   According to McAfee anti-virus researchers, all files infected by Bliss
   are irrecoverable. Although the virus does not operate under traditional
   operating systems such as DOS, Windows, Windows 95, Windows NT,
   NetWare and the Macintosh, files created in these aforementioned
   operating system formats and stored on Linux file servers are
   vulnerable to corruption by Bliss. 

   McAfee Ships World's First Bliss Virus Scanner

   As a public service, McAfee has developed a special update of its
   VirusScan for LINUX software which provides an antidote for the
   virus. The free working evaluation version of the product can be
   downloaded from McAfee's web site at www.mcafee.com..  McAfee
   has also provided the virus sample to other anti-virus vendors, so that
   they too can develop solutions to protect their customers. 

Full information available at:  http://www.mcafee.com

Mark McArthey          `  _ ,  '   
mcarthey@execpc.com   -  (o)o)  -  
-----------------------ooO'(_)--Ooo-

+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
|    Or send 'info circle' to majordomo@cspo.queensu.ca     |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST