MCAFEE DISCOVERS FIRST LINUX VIRUS; SHIPS NEW VERSION OF VIRUSSCAN TO DETECT AND REMOVE BLISS VIRUS SANTA CLARA, CALIF. (February 5, 1996) -- McAfee (Nasdaq: MCAF), the world's leading vendor of anti-virus software, today announced that its virus researchers have discovered the first computer virus capable of infecting the Linux operating system. The Linux operating system is a publicly supported freeware variant of the Unix operating system that runs on Intel-based personal computers. The virus, which is called Bliss, is significant because many in the Unix industry have previously believed that viruses were not a concern to Unix operating system users. Unix operating systems are typically difficult to infect with viruses since a virus writer must have administrative privileges to infect a given Unix system. McAfee researchers believe that one reason this virus has begun to spread is because Linux users who are playing computer games over the Internet, such as DOOM, must play the game in the Linux's administrator mode, which is called "root." "Bliss is a destructive virus which overwrites Linux executables with its own code," said Jimmy Kuo, McAfee's director of anti-virus research. "Although several incidents of Bliss infection have already been reported, the virus is not currently widespread. We encourage concerned Linux users to download a free working evaluation copy of our VirusScan for LINUX, which can be used to detect the virus." The History of Bliss Very little is known about the history of the Bliss virus. McAfee discovered the Bliss virus two days ago, and posted a solution Wednesday evening on its web site. The virus is believed to have been created as a research project several months ago by an anonymous programmer, and until recently was not an "in-the-wild" threat. Recently, reports of the virus have begun to surface within Linux Internet news groups. How Bliss Works Bliss infects Linux executable files. Each time Bliss is executed, it overwrites two or more additional files. Because the virus makes its presence known by overwriting and destroying files each time it executes, users are immediately alerted to its presence. Bliss overwrites the first 17,892 bytes of each affected file with its own code. According to McAfee anti-virus researchers, all files infected by Bliss are irrecoverable. Although the virus does not operate under traditional operating systems such as DOS, Windows, Windows 95, Windows NT, NetWare and the Macintosh, files created in these aforementioned operating system formats and stored on Linux file servers are vulnerable to corruption by Bliss. McAfee Ships World's First Bliss Virus Scanner As a public service, McAfee has developed a special update of its VirusScan for LINUX software which provides an antidote for the virus. The free working evaluation version of the product can be downloaded from McAfee's web site at www.mcafee.com.. McAfee has also provided the virus sample to other anti-virus vendors, so that they too can develop solutions to protect their customers. Full information available at: http://www.mcafee.com Mark McArthey ` _ , ' mcarthey@execpc.com - (o)o) - -----------------------ooO'(_)--Ooo- +-----------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://cspo.queensu.ca/~fletcher/Circle/list_faq.html | | Or send 'info circle' to majordomo@cspo.queensu.ca | +-----------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/18/00 PST