First virus infects Linux

You might think that Jimmy Kuo would be out popping a bottle of bubbly. After all, as director of antivirus research at McAfee, he helped find the world's first Linux virus.

Yet Kuo, who identified the virus after it was forwarded to him from an email list, is anything but thrilled. Finding the first virus on the Linux operating system makes him feel more like the a scientist discovering that Ebola had made its way to the United States. It opens the door for a lot of damage, work, and headaches.

Right now, the virus dubbed Bliss is more of a novelty than anything. Bliss itself isn't likely to spread very far, but Kuo isn't thinking about now. He's thinking about six months down the road. Bliss will be seen as the watershed marker--the day virus writers realized that spreading their nasty tricks would be possible on a whole new operating system.

They'll start getting to work, and "six months down the line, people will have to start worrying about it," said Kuo, a well-respected researcher in his field. "It opens the door for more work."

People have always known that, theoretically, such viruses could exist. But they really weren't worried about them spreading: Unix operating systems are typically difficult to infect because a virus writer must have administrative privileges to get into a system.

But Linux users are particularly vulnerable because many do things like play games over the Internet, Kuo said. And, when they do, they often get careless and play in Linux's administrative mode, called "root."

Kuo added that Linux, a free operating system, the most popular version of which runs on Intel-based computers, (it also runs on other platforms) is now popular enough to become a real target. "This virus, in being a first, now proves that it is do-able and will attract more virus writers," he said.

Addressing today's problem, McAfee has created a scanner and posted a free solution on the Net for Bliss, which infects executable files. Each time it is executed, it overwrites two or more files, making it fairly easy to detect.

The virus isn't likely to spread very far because it is easy to detect. In fact, the person who claims to have authored the virus said he wrote it simply to prove it could be done. But Kuo isn't worried about this particular virus. He's more concerned that it proves the vulnerability of another system and will encourage others to write viruses for it.

In other words, he's worried about tomorrow.