[1426] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Linux virus

daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Feb 5 02:08:16 1997

From: Alan Cox <alan@cymru.net>
To: linux-security@redhat.com
Date: Mon, 3 Feb 1997 17:11:48 +0000 (GMT)
In-Reply-To: <Pine.LNX.3.91.970131223429.24033C-100000@ne01.northeast.net> from "Peter" at Jan 31, 97 10:49:28 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

> Today I became infected with the bliss virus, any info on this would be
> appreciated!  How do I scan for files infected and is it possible to

News to me.

> Here are a few lines from the infected file:
> infected by bliss %.8x: %.8x
> ^@a^@%d %.8x %s/%s
> ^@%s.bliss-tmp.%d^@%s already infected (%.8x)
> ^@skipping, infected with same vers or different type

Provide the actual binary itself with a warning to cert@cert.org. That way
people can inspect it to see if you aren't just a hoax. In theory you
can write a virus for any OS if the owner is dumb enough to install 
unchecked binaries as root.

You'll notice good distributions use signatures on their packages and
have verify facilities so you can check binaries are valid.

Alan


home help back first fref pref prev next nref lref last post