Re: Bliss Virus (fwd)

Jared Mauch (jared@wolverine.hq.cic.net)
Sat, 8 Feb 1997 12:12:49 -0500 (EST)


Can this discussion leave the linux-kernel list?

That's what linux-security and other security related lists are
for.

Thanks.

shendrix@escape.widomaker.com graced my mailbox with this long sought knowledge:
>
> In message <Pine.OSF.3.91.970207130624.23457A-100000@cscu.csc.edu>, Seth Edward
> s writes on very interesting note:
>
> > The Bliss virus is currently a Linux binary-infecting virus.
> > Unfortunately, please do not feel your safe.
>
> OK, I won't feel my safe... :)
>
> > The author has stated that his code runs "fine" on Sun Solaris and SunOS,
> > as he used little Linux specific code. I don't know if the source code
> > for this is available, although I do know that it is being dis-assembled
> > as we speak.
> >
> > I might also add that I tested it on FreeBSD, running an infected Linux
> > binary via Linux emulation. This test proved that even the Linux strain
> > can infect FreeBSD machines with emulation.
>
> Sure, if through some miracle the system let it run in a ring 0
> environment.
>
> > packages). Also, consider using switching hubs and/or smart hubs in
> > "secure" mode. (there is usually a mode to scramble all packets not going
> > to the remote MAC address). I also recommend firewalls, and routine
>
> This won't help you since any leg with a machine on it cannot be
> scrambled. If it were, the machine(s) would not be able to see it...
>
> > backups/compares (WITH WRITE PROTECTED TAPES!). While you are at it, make
> > sure you are running new sendmail.
>
> Oh I see, this is a conspiracy! :)
>