Date: Mon, 10 Feb 1997 21:29:31 +0100 (MEZ) From: "Hr.Ladavac" <lada@ws2301.gud.siemens.co.at> To: langfod@dihelix.com (David Langford) Cc: questions@FreeBSD.ORG Subject: Re: "McAfee discovers a Linux virus" Possible for *BSD? Message-ID: <199702102029.AA272236571@ws2301.gud.siemens.co.at> In-Reply-To: <199702101951.JAA15126@caliban.dihelix.com> from "David Langford" at Feb 10, 97 09:51:09 am
next in thread | previous in thread | raw e-mail | index | archive | help
E-mail message from David Langford contained: > Just saw this on a local wire. Is this an ELF thing or could it > be more generic? > > >McAfee discovers a Linux virus > > > >McAfee just recently discovered a > >virus <http://www.mcafee.com/corp/press/020597.html>; > >(they're calling it Bliss) for Linux. Apparently refuting the > >assumption that Unix OS's aren't vulnerable to viruses. Bliss infects > >Linux executable files. Each time it is executed, it overwrites two > >more more executable files [possibly found by checking your PATH], > >overwriting the first 17,892 bytes of each affected file with its own > >code. McAfee quickly released a special update of its VirusScan for > >Linux. [Of course, a user must have write permission on an executable > >in order to modify it. In most circumstances, only the user's own > >executables would be modified. However, if other people use those > >executables, then their executables can be affected as well. And if > >"root" executes one of those, the virus can spread throughout > >the Linux system.] McAfee believes the reason this virus has begun to > >spread because more and more Linux users who are playing computer games > >over the Internet (such as DOOM) are playing those games as > >"root". [McAfee] Well, nothing is invulnerable to viruses. As long as you have writable executables, that is. Scripts are an especially easy target :) Running as root and executing any but strictly trusted code is brain dead, though. /Marino > > > Hmmmmmm. > > -David Langford > langfod@dihelix.com >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702102029.AA272236571>