Bugtraq mailing list archives
[linux-security] Re: Linux virus
From: aleph1 () DFW NET (Aleph One)
Date: Thu, 6 Feb 1997 17:57:18 -0600
Aleph One seems to have said:
ugh :) Today I became infected with the bliss virus, any info on this would be appreciated! How do I scan for files infected and is it possible to remove it? I first noticed the infection when running a program (not as root) messages flashed on the screen about transversing directories and such. The program (gimp) had been working fine since I downloaded the binary for gimp from their main site. The gimp people told me they have not been receiving complaints their binaries are infected, so something else must be the source. Here are a few lines from the infected file:
Note from Chengi (Jimmy) Kuo of McAfee Associates: If they download the Linux scanner, and download the DAT file from http://beta.mcafee.com/public/datafiles And use the two together, they will be able to detect Bliss. It will be called: LINUX/HLLO.17892 (BLISS). Please forward this information to the mail group. Jimmy -- Jim Dennis, info () mail starshine org Proprietor, consulting () mail starshine org Starshine Technical Services http://www.starshine.org
Current thread:
- [linux-security] Linux virus Aleph One (Feb 04)
- Re: [linux-security] Linux virus Jim Dennis (Feb 05)
- Re: [linux-security] Re: Linux virus Alan Cox (Feb 05)
- Re: [linux-security] Re: Linux virus Leejay Wu (Feb 05)
- bliss version 0.4.0 nobody () INTERNIC NET (Feb 05)
- HPSBUX9702-052 Security Vulnerability in the rlogin executable Aleph One (Feb 05)
- [linux-security] Re: Linux virus Aleph One (Feb 06)
- setlocale() bug in all released versions of FreeBSD (SA-97:01) Aleph One (Feb 06)
- Wierd behavior of MS's NT4 DNS Jason T. Luttgens (Feb 07)
- New OFFICIAL patch for BSD/OS 2.1 (*SECURITY*) (fwd) Josh Gilliam (Feb 07)
- Bliss: The Facts Jared Mauch (Feb 08)
- view-source myst (Feb 08)
- IRIX: Bug in startmidi David Hedley (Feb 09)
- Re: IRIX: Bug in startmidi Nafees Bin Zafar (Feb 09)
- Security Advisory: A simple TCP spoofing attack Oliver Friedrichs (Feb 09)
- Re: Security Advisory: A simple TCP spoofing attack Wietse Venema (Feb 12)
- buffer overflow in configurable fingerd? M Shariful Anam (Feb 12)
(Thread continues...)
- Re: [linux-security] Linux virus Jim Dennis (Feb 05)