From owner-freebsd-security Thu Feb 6 12:17:02 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA01807 for security-outgoing; Thu, 6 Feb 1997 12:17:02 -0800 (PST) Received: from blackfire.com (hill153.uwyo.edu [129.72.150.153]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id MAA01801 for ; Thu, 6 Feb 1997 12:16:58 -0800 (PST) Received: (qmail 8912 invoked from network); 6 Feb 1997 20:17:15 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 6 Feb 1997 20:17:15 -0000 Date: Thu, 6 Feb 1997 13:17:15 -0700 (MST) From: Joel Maslak X-Sender: jmaslak@babel.blackfire.com Reply-To: Joel Maslak To: security@freefall.freebsd.org Subject: BLISS Virus Message-ID: Organization: Not Likely! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I just completed some tests on the Bliss virus (available first for Linux). I tested it on FreeBSD, with Linux emulation. With emulation, the binary can infect EVEN FREEBSD FILES. Apparently we got something right with our emulation. (Note that the infected files will, from that point onward, need Linux emulation to run) If you try this, and manage to infect yourself (tisk, tisk), then the following bliss command will remove infection: bliss --bliss-disinfect-files-please I will not mention where to get bliss, nor will I respond to mail asking. Currently, it is relatively safe, as it displays hundreds of messages on your screen when you get it, but I would hate to see that modified. Joel Maslak Caution: When copying and pasting text, work with only a few lines at a time. If you copy too many lines, you may trigger a bug in the system, and your window will become unstable. Pg. 129, "A Practical Guide to the Unix System"