[4013] in bugtraq
[linux-security] Re: Linux virus
daemon@ATHENA.MIT.EDU (Aleph One)
Thu Feb 6 19:57:57 1997
X-Resent-From: linux-security@redhat.com
Date: Thu, 6 Feb 1997 17:57:18 -0600
Reply-To: linux-security@redhat.com
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@netspace.org
In-Reply-To: <Pine.SUN.3.94.970204120242.26570B@dfw.dfw.net> from "Aleph One"
at Feb 4, 97 12:02:42 pm
Aleph One seems to have said:
>
> ugh :)
>
> Today I became infected with the bliss virus, any info on this would be
> appreciated! How do I scan for files infected and is it possible to
> remove it? I first noticed the infection when running a program (not as
> root) messages flashed on the screen about transversing directories and
> such. The program (gimp) had been working fine since I downloaded the
> binary for gimp from their main site. The gimp people told me they have
> not been receiving complaints their binaries are infected, so something
> else must be the source.
>
> Here are a few lines from the infected file:
>
Note from Chengi (Jimmy) Kuo of McAfee Associates:
If they download the Linux scanner, and download the DAT file from
http://beta.mcafee.com/public/datafiles
And use the two together, they will be able to detect Bliss. It
will be called: LINUX/HLLO.17892 (BLISS).
Please forward this information to the mail group.
Jimmy
--
Jim Dennis, info@mail.starshine.org
Proprietor, consulting@mail.starshine.org
Starshine Technical Services http://www.starshine.org
