Viruses for Linux -- Was [techtalk] Question for the group
Janus
janus at magma.ca
Thu Oct 14 18:50:18 EST 1999
At 06:08 PM 10/14/1999 -0400, you wrote:
>>
>>I have never heard of a unix system having a virus problem... EVER! I have
>>never known of a virus checker for unix. I don't believe these systems are
>>immune to viruses, however. I think that it's just a matter of the system
>>not being widely popular, and the fact that the hardware platforms in which
>>it runs are so diverse. A virus created on an HP won't run on a Digital or
>>an intel box, so dissemination becomes harder.
>>
There are AV programs for Linux (Because there are a few viruses for
UNIX/Linux, and Linux can pass on viruses when used on a server, in ftp
files, etc.)-- one is F-Secure from Datafellows.
Just for information, here is a description of a recent Linux virus.
Another one I have heard of is called Staog.
Virus: Linux/Bliss
Also Called: Bliss, Linux virus, Unix virus, HLLO.17892
This virus spreads only under Linux, infecting Elf-style executables.
Bliss overwrites binaries with write access and with its own code. When an
infected file is executed, the original program does not gain control at
all. However, it is still possible to clean infected files. Bliss also
has some basic worm-like features, looking for new hosts to infect via the
/etc/hosts.equiv file. It does contain potentionally harmful code, but it
is unclear if this is executed or not.
Bliss can be detected by searching all binaries for the hex search string:
E8ABD8FFFFC20000363465643134373130363532
Bliss will self-disinfect if an infected binary is executed with the
--bliss-disinfect-files-please switch.
I imagine as Linux grows in popularity, so will the base of viruses written
to target it.
Janus
************
techtalk at linuxchix.org http://www.linuxchix.org
More information about the Techtalk
mailing list