Security Information / Security Advisories from late '97 and early '98 / Security Information -- bliss virus

Debian Security Advisory

bliss virus -- computer virus

Date Reported:

undated

Affected Packages:

any executable

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

The infection must be done as root. Of course root can do anything (including 'rm -rf /') so most people don't see this as a problem. This is why people should do as little as possible under root.

Bliss was described on USENET in the fall of 1996. In February of 1997, it was reported in Linux and Bugtraq mailing lists.

Check for Bliss by searching all binaries for the following pattern:
E8ABD8FFFFC200003634 65643134373130363532

Disinfect with the --bliss-uninfect-files-please argument to an infected program.

References:

• F-Secure - bliss description
• Viruses on Unix systems - by Rado Dejanovic
• InfoSec Year in Review -- 1997 (at Norwich.edu) (PDF)