Re: [Offtopic] Linux Virus

From: Roger Barlow (
Date: 02/12/97

They forgot to mention the following.... Funny how buisinesses do that to
make money and make themselves look good:

>It's 'uninfect-files-please' or 'disinfect-files-please'.
>BOTH of those strings will work.
>Other command-line options include 'dont-run-original' and
>Scott VanRavenswaay
>System Administrator
>DFW Internet Services, Inc.
>>On Tue, 4 Feb 1997, Flack Man wrote:
>>         Of course, having the binary for the virus makes things much
>> easier.  Try bliss --uninfect-files-please (or something very close to
>>it, been many months since I've looked at it).  You'll find all your
>>binaries intact.  Realize this isn't a real virus (yet).

On Wed, 12 Feb 1997, Mark McArthey wrote:

>    SANTA CLARA, CALIF. (February 5, 1996) -- McAfee (Nasdaq:
>    MCAF), the world's leading vendor of anti-virus software, today
>    announced that its virus researchers have discovered the first computer
>    virus capable of infecting the Linux operating system. The Linux
>    operating system is a publicly supported freeware variant of the Unix
>    operating system that runs on Intel-based personal computers. 
>    The virus, which is called Bliss, is significant because many in the
>    Unix industry have previously believed that viruses were not a concern
>    to Unix operating system users. Unix operating systems are typically
>    difficult to infect with viruses since a virus writer must have
>    administrative privileges to infect a given Unix system.  McAfee
>    researchers believe that one reason this virus has begun to spread is
>    because Linux users who are playing computer games over the Internet,
>    such as DOOM, must play the game in the Linux's administrator mode,
>    which is called "root." 
>    "Bliss is a destructive virus which overwrites Linux executables with
>    its own code," said Jimmy Kuo, McAfee's director of anti-virus
>    research. "Although several incidents of Bliss infection have already
>    been reported, the virus is not currently widespread. We encourage
>    concerned Linux users to download a free working evaluation copy of
>    our VirusScan for LINUX, which can be used to detect the virus." 
>    The History of Bliss
>    Very little is known about the history of the Bliss virus.  McAfee
>    discovered the Bliss virus two days ago, and posted a solution
>    Wednesday evening on its web site. The virus is believed to have been
>    created as a research project several months ago by an anonymous
>    programmer, and until recently was not an "in-the-wild" threat.
>    Recently, reports of the virus have begun to surface within Linux
>    Internet news groups. 
>    How Bliss Works
>    Bliss infects Linux executable files. Each time Bliss is executed, it
>    overwrites two or more additional files. Because the virus makes its
>    presence known by overwriting and destroying files each time it
>    executes, users are immediately alerted to its presence.  Bliss overwrites
>    the first 17,892 bytes of each affected file with its own code.
>    According to McAfee anti-virus researchers, all files infected by Bliss
>    are irrecoverable. Although the virus does not operate under traditional
>    operating systems such as DOS, Windows, Windows 95, Windows NT,
>    NetWare and the Macintosh, files created in these aforementioned
>    operating system formats and stored on Linux file servers are
>    vulnerable to corruption by Bliss. 
>    McAfee Ships World's First Bliss Virus Scanner
>    As a public service, McAfee has developed a special update of its
>    VirusScan for LINUX software which provides an antidote for the
>    virus. The free working evaluation version of the product can be
>    downloaded from McAfee's web site at  McAfee
>    has also provided the virus sample to other anti-virus vendors, so that
>    they too can develop solutions to protect their customers. 
> Full information available at:
> Mark McArthey          `  _ ,  '   
>   -  (o)o)  -  
> -----------------------ooO'(_)--Ooo-
> +-----------------------------------------------------------+
> | Ensure that you have read the CircleMUD Mailing List FAQ: |
> |   |
> |    Or send 'info circle' to     |
> +-----------------------------------------------------------+

| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   |
|    Or send 'info circle' to     |

This archive was generated by hypermail 2b30 : 12/18/00 PST