For everyone to peruse.
----- Forwarded message from Alan Cox -----
From: alan_at_lxorguk.ukuu.org.uk (Alan Cox)
Subject: Bliss: The Facts
Date: Sat, 8 Feb 1997 01:24:30 +0000 (GMT)
1. Bliss is a real program
2. Its really a trojan rather than a virus, but has a few simple worm
like properties.
It works like this
When it runs it attempts to replace some system binaries with itself
and move the system binaries into /tmp/.bliss. Having done this
it runs /tmp/.bliss/programname
In order for it to succeed it means someone has pulled binary only
code from a third party and run it at some point as root or a
suitably priviledged user. People should NEVER be doing that anyway
The technique used is totally portable, it will work under any OS,
regardless of security because it does not circumvent the security
of the system, it relies on people with priviledge to do something
dumb
The second attack it makes which is fairly crude is to try and rsh
to other machines and stage attacks on those. Thus given a set of
machines which totally trust each other it can spread.
Bliss is (fortunately) a mere toy and a demonstration of these techniques.
With any OS you must be careful what you install. With a protected mode
OS like Linux a user cannot do untold damage to others but root can. The
recent demonstrations of things like an activeX object that looks for
credit details in windows95 money and access databases is hopefully a
reminder to all
o Use a distribution that lets you verify packages are ok and
preferably uses digital signatures
o Install using sources from reputable sites. Check digital
signatures on what you are installing
Whatever the OS, whatever the security.....
Alan
----- End of forwarded message from Alan Cox -----
Received on Feb 08 1997
Intro
