From owner-freebsd-questions  Mon Feb 10 11:47:29 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id LAA20804
          for questions-outgoing; Mon, 10 Feb 1997 11:47:29 -0800 (PST)
Received: from caliban.dihelix.com (caliban.mrtc.org [199.4.33.251])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA20790
          for <questions@freebsd.org>; Mon, 10 Feb 1997 11:47:23 -0800 (PST)
Received: (from langfod@localhost) by caliban.dihelix.com (8.8.4/8.8.3) id JAA15126 for questions@freebsd.org; Mon, 10 Feb 1997 09:51:09 -1000 (HST)
Message-Id: <199702101951.JAA15126@caliban.dihelix.com>
Subject: "McAfee discovers a Linux virus" Possible for *BSD?
To: questions@freebsd.org
Date: Mon, 10 Feb 1997 09:51:09 -1000 (HST)
From: "David Langford" <langfod@dihelix.com>
X-blank-line: This space intentionaly left blank.
X-Mailer: ELM [version 2.4ME+ PL30 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Just saw this on a local wire.  Is this an ELF thing or could it
be more generic?

>McAfee discovers a Linux virus
>
>McAfee just recently discovered a
>virus <http://www.mcafee.com/corp/press/020597.html>
>(they're calling it Bliss) for Linux.  Apparently refuting the
>assumption that Unix OS's aren't vulnerable to viruses.  Bliss infects
>Linux executable files.  Each time it is executed, it overwrites two
>more more executable files [possibly found by checking your PATH],
>overwriting the first 17,892 bytes of each affected file with its own
>code.  McAfee quickly released a special update of its VirusScan for
>Linux.  [Of course, a user must have write permission on an executable
>in order to modify it.  In most circumstances, only the user's own
>executables would be modified.  However, if other people use those
>executables, then their executables can be affected as well.  And if
>"root" executes one of those, the virus can spread throughout
>the Linux system.]  McAfee believes the reason this virus has begun to
>spread because more and more Linux users who are playing computer games
>over the Internet (such as DOOM) are playing those games as
>"root".  [McAfee]


Hmmmmmm.

-David Langford
 langfod@dihelix.com