Re: [Offtopic] Linux Virus

From: Roger Barlow (roger@the-link.net)
Date: 02/12/97


They forgot to mention the following.... Funny how buisinesses do that to
make money and make themselves look good:



>It's 'uninfect-files-please' or 'disinfect-files-please'.
>BOTH of those strings will work.
>
>Other command-line options include 'dont-run-original' and
>'just-run-bliss'.
>
>Scott VanRavenswaay
>System Administrator
>DFW Internet Services, Inc.
>
>>On Tue, 4 Feb 1997, Flack Man wrote:
>>
>>         Of course, having the binary for the virus makes things much
>> easier.  Try bliss --uninfect-files-please (or something very close to
>>it, been many months since I've looked at it).  You'll find all your
>>binaries intact.  Realize this isn't a real virus (yet).
>>



On Wed, 12 Feb 1997, Mark McArthey wrote:

>    MCAFEE DISCOVERS FIRST LINUX VIRUS; SHIPS
>    NEW VERSION OF VIRUSSCAN TO DETECT AND
>    REMOVE BLISS VIRUS
> 
>    SANTA CLARA, CALIF. (February 5, 1996) -- McAfee (Nasdaq:
>    MCAF), the world's leading vendor of anti-virus software, today
>    announced that its virus researchers have discovered the first computer
>    virus capable of infecting the Linux operating system. The Linux
>    operating system is a publicly supported freeware variant of the Unix
>    operating system that runs on Intel-based personal computers. 
> 
>    The virus, which is called Bliss, is significant because many in the
>    Unix industry have previously believed that viruses were not a concern
>    to Unix operating system users. Unix operating systems are typically
>    difficult to infect with viruses since a virus writer must have
>    administrative privileges to infect a given Unix system.  McAfee
>    researchers believe that one reason this virus has begun to spread is
>    because Linux users who are playing computer games over the Internet,
>    such as DOOM, must play the game in the Linux's administrator mode,
>    which is called "root." 
> 
>    "Bliss is a destructive virus which overwrites Linux executables with
>    its own code," said Jimmy Kuo, McAfee's director of anti-virus
>    research. "Although several incidents of Bliss infection have already
>    been reported, the virus is not currently widespread. We encourage
>    concerned Linux users to download a free working evaluation copy of
>    our VirusScan for LINUX, which can be used to detect the virus." 
> 
>    The History of Bliss
> 
>    Very little is known about the history of the Bliss virus.  McAfee
>    discovered the Bliss virus two days ago, and posted a solution
>    Wednesday evening on its web site. The virus is believed to have been
>    created as a research project several months ago by an anonymous
>    programmer, and until recently was not an "in-the-wild" threat.
>    Recently, reports of the virus have begun to surface within Linux
>    Internet news groups. 
> 
>    How Bliss Works
> 
>    Bliss infects Linux executable files. Each time Bliss is executed, it
>    overwrites two or more additional files. Because the virus makes its
>    presence known by overwriting and destroying files each time it
>    executes, users are immediately alerted to its presence.  Bliss overwrites
>    the first 17,892 bytes of each affected file with its own code.
>    According to McAfee anti-virus researchers, all files infected by Bliss
>    are irrecoverable. Although the virus does not operate under traditional
>    operating systems such as DOS, Windows, Windows 95, Windows NT,
>    NetWare and the Macintosh, files created in these aforementioned
>    operating system formats and stored on Linux file servers are
>    vulnerable to corruption by Bliss. 
> 
>    McAfee Ships World's First Bliss Virus Scanner
> 
>    As a public service, McAfee has developed a special update of its
>    VirusScan for LINUX software which provides an antidote for the
>    virus. The free working evaluation version of the product can be
>    downloaded from McAfee's web site at www.mcafee.com..  McAfee
>    has also provided the virus sample to other anti-virus vendors, so that
>    they too can develop solutions to protect their customers. 
> 
> Full information available at:  http://www.mcafee.com
> 
> Mark McArthey          `  _ ,  '   
> mcarthey@execpc.com   -  (o)o)  -  
> -----------------------ooO'(_)--Ooo-
> 
> +-----------------------------------------------------------+
> | Ensure that you have read the CircleMUD Mailing List FAQ: |
> |   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
> |    Or send 'info circle' to majordomo@cspo.queensu.ca     |
> +-----------------------------------------------------------+
> 

+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
|    Or send 'info circle' to majordomo@cspo.queensu.ca     |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST