Re: [LINUX:267] Re: Bliss Virusu!...

Turkay Palanci (palanci@finland.ispro.net.tr)
Tue, 18 Aug 1998 15:33:08 +0300 (EEST)

Bliss virusu ile ilgili en detayli bilgi bu olsa gerek :

NAME:Linux/Bliss
ALIAS:Bliss, Linux virus, Unix virus,HLLO.17892

SIZE:17892

This virus spreads only under Linux operating system,
infecting Elf-style executables. Found in the wild in
February 1997, Bliss is the second known Linux virus
(first being Staog).

Bliss locates binaries with write access and
overwrites them with it's own code. When an infected file is
executed, the replacing ourselves with newer version

infect() returning success
successfully (i hope) disinfected
rsh%s%s %s 'cat>%s;chmod 777
%s;%s;rm -f %s'
doing do_worm_stuff()
/etc/hosts.equiv
Compiled on Sep 28 1996 at 22:24:03
Written by electric eel.
help? hah! read the source!
bliss was run %d sex ago, rep_wait=%d
/usr/spool/news
GCC: (GNU) 2.7.2.l.2

Bliss does contain potentionally harmful code,
but it is unclear if this is executed or not.

Bliss can be detected by searching all
binaries for the following hex search string:

E8ABD8FFFFC20000363465643134373130363532

Bliss will disinfect itself if an
infected binary is executed with the

--bliss-disinfect-files-please switch.

original
program does not gain control at all. However,
it is still possible to
clean infected files.

Bliss does not try to subvert any additional
user rights, but it does
have some basic worm-like features, looking for
new hosts to infect
via the /etc/hosts.equiv file.

Bliss contains several text strings, including:

replacing older version
dedicated to rkd pe
infected by bliss
skipping, infected with same vers or
different type

Anlasildigi gibi infecte bir bin dosya calistirildigi zaman yanina

--bliss-disinfect-files-please yazildiginda bulastigi tum
dosyalari temizliyor ancak systemden cikmak yada baska bir komut yazmak
istediginizde tekrar bu dosyalari infekte ediyor. 0 a 0 durumlari...
tabi bu parametre daha onceki versiyonlari icin olabilir....

Ozetle bu virusu ben denemedim(?) ve 5(!) makinaya bulastirmadim ama
kendi makinami update
etmenin zamani gelmis anlasilan...
ilgilenen herkese tesekkurler

On Tue, 18 Aug 1998, Evren Ergin wrote:

> nasimi kurtulucan
> kurtulamiycan
> ben de bir zamanlar denemistim nasi biseydir bu diye
> ve sonucunda bulastirdigim 5 tane makineyi yeniden yukledim
> seninde yapabilecegin sey bu
> hhhhhheeeeeee
> ben den sana bir tavsiye daha antivirusu olmayan virusleri deneme
> byeeeeeee
> ;>
>
>
> -------------------------------------------------------------------------------
> Adreslerim : evren@kartopu.felab.itu.tr
> aster_x@hotmail.com
> *-----------------*
> | Evren Ergin'den |
> | Sevgilerle |
> *-----------------*
>
> On Tue, 18 Aug 1998, Turkay Palanci wrote:
>
> >
> > Linux un ilk ve tek virusu oldugunu ogrendigim Bliss(Buyuk
> > Mutluluk) virusu makinama bulasmis durumda...Bu virusten nasil
> > kurtulacagim konusunda tecrubeli arkadaslardan destek bekliyorum...
> > Tesekkurler, iyi calismalar...
> >
> >
> >
>