[6288] in SIPB bug reports
Linux Bliss virus
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Feb 5 10:35:32 1997
Date: Wed, 5 Feb 1997 10:35:15 -0500 (EST)
From: Sam Hartman <hartmans@MIT.EDU>
To: bug-sipb@MIT.EDU, bug-outland@MIT.EDU
Someone has finally gotten around to implementing a virus for
Linux and we probably don't want to install it. There is fairly heavy
discussion on some of the security lists including best-of-security
(thanks to jweiss, now archived in discuss). I haven't really found a
nice concise message about the virus so I won't forward it here now.
However, I will summarize what the virus tends to do:
* Looks at random binaries on the path and appends itself to them.
* Tries to rsh to hosts in hosts.equiv and spread itself.
It would be very bad if someone with gsipbbin accidentally ran
the virus. It does keep a log of what binaries have been infected in
/tmp/.bliss. At least one post said that binaries lost original
functionality so it may not be too hard to notice that your system is
infected.
For more info see the best-of-security archive or discuss
meeting. Unfortunately, I can't quite figure out what abreviation
jweiss used so I can't give a discuss path.
--Sam
been infected.
