[1426] in linux-security and linux-alert archive
[linux-security] Re: Linux virus
daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Feb 5 02:08:16 1997
From: Alan Cox <alan@cymru.net>
To: linux-security@redhat.com
Date: Mon, 3 Feb 1997 17:11:48 +0000 (GMT)
In-Reply-To: <Pine.LNX.3.91.970131223429.24033C-100000@ne01.northeast.net> from "Peter" at Jan 31, 97 10:49:28 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
> Today I became infected with the bliss virus, any info on this would be
> appreciated! How do I scan for files infected and is it possible to
News to me.
> Here are a few lines from the infected file:
> infected by bliss %.8x: %.8x
> ^@a^@%d %.8x %s/%s
> ^@%s.bliss-tmp.%d^@%s already infected (%.8x)
> ^@skipping, infected with same vers or different type
Provide the actual binary itself with a warning to cert@cert.org. That way
people can inspect it to see if you aren't just a hoax. In theory you
can write a virus for any OS if the owner is dumb enough to install
unchecked binaries as root.
You'll notice good distributions use signatures on their packages and
have verify facilities so you can check binaries are valid.
Alan