Bugtraq mailing list archives
Bliss: The Facts
From: jared () WOLVERINE HQ CIC NET (Jared Mauch)
Date: Sat, 8 Feb 1997 12:11:45 -0500
For everyone to peruse. ----- Forwarded message from Alan Cox ----- From: alan () lxorguk ukuu org uk (Alan Cox) Subject: Bliss: The Facts Date: Sat, 8 Feb 1997 01:24:30 +0000 (GMT) 1. Bliss is a real program 2. Its really a trojan rather than a virus, but has a few simple worm like properties. It works like this When it runs it attempts to replace some system binaries with itself and move the system binaries into /tmp/.bliss. Having done this it runs /tmp/.bliss/programname In order for it to succeed it means someone has pulled binary only code from a third party and run it at some point as root or a suitably priviledged user. People should NEVER be doing that anyway The technique used is totally portable, it will work under any OS, regardless of security because it does not circumvent the security of the system, it relies on people with priviledge to do something dumb The second attack it makes which is fairly crude is to try and rsh to other machines and stage attacks on those. Thus given a set of machines which totally trust each other it can spread. Bliss is (fortunately) a mere toy and a demonstration of these techniques. With any OS you must be careful what you install. With a protected mode OS like Linux a user cannot do untold damage to others but root can. The recent demonstrations of things like an activeX object that looks for credit details in windows95 money and access databases is hopefully a reminder to all o Use a distribution that lets you verify packages are ok and preferably uses digital signatures o Install using sources from reputable sites. Check digital signatures on what you are installing Whatever the OS, whatever the security..... Alan ----- End of forwarded message from Alan Cox -----
Current thread:
- [linux-security] Linux virus Aleph One (Feb 04)
- Re: [linux-security] Linux virus Jim Dennis (Feb 05)
- Re: [linux-security] Re: Linux virus Alan Cox (Feb 05)
- Re: [linux-security] Re: Linux virus Leejay Wu (Feb 05)
- bliss version 0.4.0 nobody () INTERNIC NET (Feb 05)
- HPSBUX9702-052 Security Vulnerability in the rlogin executable Aleph One (Feb 05)
- [linux-security] Re: Linux virus Aleph One (Feb 06)
- setlocale() bug in all released versions of FreeBSD (SA-97:01) Aleph One (Feb 06)
- Wierd behavior of MS's NT4 DNS Jason T. Luttgens (Feb 07)
- New OFFICIAL patch for BSD/OS 2.1 (*SECURITY*) (fwd) Josh Gilliam (Feb 07)
- Bliss: The Facts Jared Mauch (Feb 08)
- view-source myst (Feb 08)
- IRIX: Bug in startmidi David Hedley (Feb 09)
- Re: IRIX: Bug in startmidi Nafees Bin Zafar (Feb 09)
- Security Advisory: A simple TCP spoofing attack Oliver Friedrichs (Feb 09)
- Re: Security Advisory: A simple TCP spoofing attack Wietse Venema (Feb 12)
- buffer overflow in configurable fingerd? M Shariful Anam (Feb 12)
- Re: buffer overflow in configurable fingerd? Ken Hollis (Feb 12)
- Security Bulletins Digest Aleph One (Feb 13)
- Linux NLSPATH buffer overflow solar () IDEAL RU (Feb 13)
- Re: Linux NLSPATH buffer overflow Alan Cox (Feb 14)
- Re: [linux-security] Linux virus Jim Dennis (Feb 05)