[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: virus

Subject: Re: virus
From: Harvinder Sawhney <hsawhney@xxxxxxxxxxx>
Date: Sat, 26 Jun 1999 14:10:07 +0530 (IST)

Bliss was the fist virus (kind of ) released for linux
checkout http://math-www.uni-paderborn.de/~axel/bliss/

ALAN COX's Analysis 
cut---
1.      Bliss is a real program

2.      Its really a trojan rather than a virus, but has a few simple worm
        like properties.

It works like this

        When it runs it attempts to replace some system binaries with itself
        and move the system binaries into /tmp/.bliss. Having done this
        it runs /tmp/.bliss/programname

        In order for it to succeed it means someone has pulled binary only
        code from a third party and run it at some point as root or a
        suitably priviledged user. People should NEVER be doing that anyway

        The technique used is totally portable, it will work under any OS,
        regardless of security because it does not circumvent the security
        of the system, it relies on people with priviledge to do something
        dumb

        The second attack it makes which is fairly crude is to try and rsh
        to other machines and stage attacks on those. Thus given a set of
        machines which totally trust each other it can spread.

Bliss is (fortunately) a mere toy and a demonstration of these techniques.
With any OS you must be careful what you install. With a protected mode
OS like Linux a user cannot do untold damage to others but root can. The
recent demonstrations of things like an activeX object that looks for
credit details in windows95 money and access databases is hopefully a
reminder to all


o       Use a distribution that lets you verify packages are ok and
        preferably uses digital signatures

o       Install using sources from reputable sites. Check digital
        signatures on what you are installing

Whatever the OS, whatever the security.....


Alan
cut---------


following was the mail send by Alan Cox (Main Contributor for LINUX Kernel
development)
cut-----
In theory you
can write a virus for any OS if the owner is dumb enough to install 
unchecked binaries as root.

You'll notice good distributions use signatures on their packages and
have verify facilities so you can check binaries are valid.

Alan
cut-----



- --
Harvinder Sawhney <hsawhney@xxxxxxxxxxx>/<hsawhney@xxxxxxxxxxx>
http://members.xoom.com/hsawhney
"The only secure computer is one that's unplugged, locked in a
safe, and buried 20 feet under the ground in a secret location...
and i'm not even too sure about that one"--Dennis Huges, FBI


On Sat, 26 Jun 1999, Sunil Sarat wrote:

> Hi,
> 
> Are there any viruses which can attack LINUX? If so, any anti virus
> available?
> 
> 
> Sunil Sarat
> 
> 
> --------------------------------------------------------------------
> For more information on Linux in India visit http://www.linux-india.org/
> 


- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/

------------------------------

Prev by Subject: Re: VideoCD Player for Linux
Next by Subject: virus
Previous by thread: DHCP on 2 interfaces
Next by thread: virus
Index(es):
- Subject
- Thread