(A Javascript-enabled browser is required to email me.)



The Linux virus "bliss"
From TBTF for 1997-02-11



This note appears to have been written by the author of the Unix virus, bliss. You might not again see so strong a user warning on a software package.

From: nobody@INTERNIC.NET
To: best-of-security@suburbia.net

A few months back, a very alpha version of bliss got posted. That shouldn't
have happened, but, it was pretty much ignored so I didn't worry about it.
But now it seems there's a bit of a fuss about this. I'll post the current
version, which I havn't really worked on in months.

The original binary is now properly run. I had forgotten to check the path.

This is a VIRUS. DO NOT RUN IT IF YOU DO NOT KNOW WHAT YOU ARE DOING. DO
NOT ASSUME YOU ARE SAFE JUST BECAUSE YOU ARE NOT RUNNING AS ROOT.

I have not tested this running free on a system. I tested it infecting a
single directory, and I tested it pretending that it was infecting the
whole filesystem. But I did not run these tests on the current version.  In
fact, I have run very few tests on the current version - there have been
enough changes since the last tests I ran and last good look at the code I
gave that I can not consider this anything more than an alpha version. I
felt it important to release a believed-to-be working version though, since
many people seem concerned about this program.

Let me reiterate. THIS IS A VIRUS. IF YOU RUN THIS PROGRAM, YOU STAND A
GOOD CHANCE OF FUCKING YOUR SYSTEM UP PRETTY BAD.

This virus does some trivial worm things. Be careful. Oh, they are only
slightly tested, and nowhere near complete (if you saw my todo list, it
would give you nightmares).

I have compiled this with debugging verbosity on.

There are certain command-line arguments that do certain things.

Bliss does nothing intentionally destructive. Bliss may well do
accidentally destructive things. I have tried to be careful about errors
and unlikely conditions causing problems, but this is a virus. And one that
undergone some changes since it was last given any real testing.

Bliss is not expected to survive in the wild. I have written this as proof
that a unix virus is possible, and because it is a fun program.

9ae9f7da327953f9aa838b8bfc4ca855

Appended is a gzipped i386-linux-elf binary that has had each pair of bits
swapped. Trivial to decode by anyone with programming knowledge, difficult
otherwise. I don't want people trying to hold me responsible because they
accidentally ran this. I would appreciate it if people not release the
unscrambled copy or code to unscramble it. I rot13'd the uuencode output
just to be cute.

I should mention that nothing makes bliss linux-specific. It does take
advantage of some linux features, but they are surrounded by #ifdef linux.
Bliss compiles clean (but was not run) on sunos, solaris, and openbsd.
I may release the source at some point.

If there are any bugs noticed in this version, I'll release fixes, and maybe
some minor new features, within a few days (after I run some proper tests).

[ TBTF for 1997-02-11 ]