[1421] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Linux virus

daemon@ATHENA.MIT.EDU (David Holland)
Tue Feb 4 16:35:15 1997

From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@redhat.com
Date: Mon, 3 Feb 1997 14:13:48 -0500 (EST)
In-Reply-To: <Pine.LNX.3.91.970131223429.24033C-100000@ne01.northeast.net> from "Peter" at Jan 31, 97 10:49:28 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

 > Today I became infected with the bliss virus, any info on this would be
 > appreciated!  How do I scan for files infected and is it possible to
 >  [...]
 > 
 > I am presently using this to scan for it in my home dir:
 > 
 > grep infected /home/peter/**/*(xD/)

Be advised that you should go to substantial pains to make sure your
grep (not to mention your shell) isn't infected before you do this.
Otherwise you may just infect everything. Also it's wise to assume it
knows how to hack root. Be safe and boot from a rescue disk.

Since its strings contain "disinfecting" it might well be a "stealth"
virus, in which case you can't reliably tell if a binary is infected
if you're using an infected binary to investigate.

Assuming of course that it's not a false alarm.

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino


home help back first fref pref prev next nref lref last post