Maybe still remotely interesting for this list - the output of strings
run on the posted bliss executable contains some fragments that look
as if the virus tries to modify the kernel sources such that a call
to umask(2) with the appropriate parameter will set uid/gid/euid/egid
to root. I didn't verify that bliss acctually does this but just the
thought ...
Ralf