From owner-freebsd-questions Mon Feb 10 12:33:32 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA23285 for questions-outgoing; Mon, 10 Feb 1997 12:33:32 -0800 (PST) Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA23276 for ; Mon, 10 Feb 1997 12:33:24 -0800 (PST) Received: from sol1.gud.siemens.co.at (root@[10.1.143.100]) by zwei.siemens.at (8.7.5/8.7.3) with SMTP id VAA13732 for ; Mon, 10 Feb 1997 21:34:34 +0100 (MET) Received: from ws2301.gud.siemens.co.at by sol1.gud.siemens.co.at with smtp (Smail3.1.28.1 #7 for ) id m0vu2PB-00021WC; Mon, 10 Feb 97 21:32 MET Received: by ws2301.gud.siemens.co.at (1.37.109.16/1.37) id AA272236571; Mon, 10 Feb 1997 21:29:31 +0100 From: "Hr.Ladavac" Message-Id: <199702102029.AA272236571@ws2301.gud.siemens.co.at> Subject: Re: "McAfee discovers a Linux virus" Possible for *BSD? To: langfod@dihelix.com (David Langford) Date: Mon, 10 Feb 1997 21:29:31 +0100 (MEZ) Cc: questions@FreeBSD.ORG In-Reply-To: <199702101951.JAA15126@caliban.dihelix.com> from "David Langford" at Feb 10, 97 09:51:09 am X-Mailer: ELM [version 2.4 PL24 ME8a] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk E-mail message from David Langford contained: > Just saw this on a local wire. Is this an ELF thing or could it > be more generic? > > >McAfee discovers a Linux virus > > > >McAfee just recently discovered a > >virus > >(they're calling it Bliss) for Linux. Apparently refuting the > >assumption that Unix OS's aren't vulnerable to viruses. Bliss infects > >Linux executable files. Each time it is executed, it overwrites two > >more more executable files [possibly found by checking your PATH], > >overwriting the first 17,892 bytes of each affected file with its own > >code. McAfee quickly released a special update of its VirusScan for > >Linux. [Of course, a user must have write permission on an executable > >in order to modify it. In most circumstances, only the user's own > >executables would be modified. However, if other people use those > >executables, then their executables can be affected as well. And if > >"root" executes one of those, the virus can spread throughout > >the Linux system.] McAfee believes the reason this virus has begun to > >spread because more and more Linux users who are playing computer games > >over the Internet (such as DOOM) are playing those games as > >"root". [McAfee] Well, nothing is invulnerable to viruses. As long as you have writable executables, that is. Scripts are an especially easy target :) Running as root and executing any but strictly trusted code is brain dead, though. /Marino > > > Hmmmmmm. > > -David Langford > langfod@dihelix.com >