home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.130
< prev
next >
Wrap
Text File
|
1995-01-03
|
9KB
|
213 lines
VIRUS-L Digest Wednesday, 7 Jun 1989 Volume 2 : Issue 130
Today's Topics:
Protection Software (PC)
Possible virus? (PC)
LapLink II (PC)
Re: IEEE Article on LapLink
SEARCH FOR A PERSON
Dirty dozen viruses
---------------------------------------------------------------------------
Date: Sun, 4 Jun 89 14:18:20 GMT
From: mcvax!rhi.hi.is!frisk@uunet.UU.NET (Fridrik Skulason)
Subject: Protection Software (PC)
Recently I wrote a message, asking for volunteers to test a new TSR
virus protection program. By now they probably have received the
source code and are testing the program. This program is a part of a
protection package, which will be sent to the anti-viral archives when
finished. (By the way, who are the managers of the various archives ?)
Now I have a question:
Does anyone out there know of a package for testing protection
software ? If not, would anybody be interested in creating such a
package ? It would consist of a number of programs, intended to
test various methods of attack. I have written two such programs,
one for attacking the boot sector (in 4 basically different ways),
and the other for attacking .EXE files (using a wide variety of
methods).
I also have a request:
Included in my package is an inoculation program. It is designed
to fight specific BSV, by writing a few bytes to the boot sector,
making the diskette look as if it has already been infected.
Currently the program inoculates against Brain, Ping-Pong and
Marijuana. I do not have the other known BSV (Yale, Den Zuk and
Nichols) in my collection, and I would be very grateful if
somebody could E-Mail me some information on how those viruses
check if the diskette is already infected.
Fridrik Skulason
University of Iceland Computing Services
frisk@rhi.hi.is
------------------------------
Date: Tue, 6 Jun 89 10:07 EDT
From: "L. ANNE COLE" <COLELA@SNYPLAVA.BITNET>
Subject: Possible virus? (PC)
Hello Everybody:
At the end of last semester I ran into a recurring "degradation"
in my students' software (dbase iii+) diskettes (maybe 5 of 40). Things
we so hectic (my first year here), that I just had them go get new copies
(boo). So I didn't get a copy of the problem disks. As I started to
recover after finals, I got to thinking... Here is what we saw. Whenever
they tried to get a print screen while in dbiii+, the printer went crazy,
started spewing out garbage, and had to be reset (powered down and back)
before the next job could be run. We were doing joins - might have some-
thing to do with that (but that wouldn't explain the other 35 or so).
Another wierdness (or maybe not). If you are (BY THE WAY, WE
ARE TALKING ABOUT IBM CLONES) booting up from a bootable diskette (not a
full DOS disk) with no config.sys file, does it get the files and buffers
limits from the dos disk that originally made the bootable disk? It
must, obviously. Where does it keep this stuff? (I'm digging into dos
and masm this summer, I hope this is not too stupid a question.) I think
this is unrelated to the above problem - maybe not.
Finally, I just heard a rumor, myth, . . . Supposedly,
someone read this somewhere. Is it possible that the software
packagers are spreading viruses to their competition (for obvious
reasons). "Hi, I'm a virus, are you a database? Are you my database?
CRUNCH." Sounds rather strange, but...
Thanks people,
L. Anne Cole
Asst.Prof. Computer Science Dept.
SUNY Plattsburgh
Plattsburgh, NY
------------------------------
Date: Tue, 6 Jun 89 16:10 EDT
From: WHMurray@DOCKMASTER.ARPA
Subject: LapLink II (PC)
>By requiring that the receiving machine be notified of the transfer,
>LapLinks' designers have reduced the chance of malice.
Nonsense. To use LapLink one must have control over both the Laptop
and the desktop machine. Indeed, what LapLink is designed to do is to
permit the transfer of data between COOPERATING PCs. It contains no
risk that a PC can transfer data to a non-cooperating PC.
LapLink does contain the capapbility to be bootstrapped from, for
example, a laptop with 3.5" drives, to a desktop with only 5.25"
drives. This capability permits the laptop owner to use a 5.25"-only
machine in a distant city even if he forgets to carry a copy of
LapLink on 5.25" with him. However, he must be physically connected
by cable to the target machine. If yours is the target machine and
the source machine is not connected with your permission, then this
capability is the least of your worries.
This bootstrap capability is more analogous to a LOAD than to a virus
or worm.
The comparison of this capability to a virus originated with an
overzealous reporter. It was not news when he wrote it; it is not
news now. The analogy has destroyed any hope that the authors of the
program might ever have had for their press release. It has
interfered with their legitimate right to publicize their capability.
William Hugh Murray, Fellow, Information System Security, Ernst & Whinney
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
------------------------------
Date: Wed, 7 Jun 89 00:04:31 +0300
From: makela@jyu.fi (Otto J. Makela)
Subject: Re: IEEE Article on LapLink
Oh no! Not another case of a "virus" invented by the media! It was bad
enogh when they decided to call the November Worm a virus...
This prog sounds just like a worm to me. At least from the description.
But this is nothing new. The PCU (PC to Unix) software sold by Unisys for
quite a time now has a feature where it automatically sends the C code for
a simple file transfer program to the receiving Unix system, and then
compiles it... nothing new here...
(what was the hooha about doing MODE ? Didn't make very much sense...)
Otto J. Makela (with poetic license to kill), University of Jyvaskyla
InterNet: makela@tukki.jyu.fi, BitNet: MAKELA_OTTO_@FINJYU.BITNET
BBS: +358 41 211 562 (V.22bis/V.22/V.21, 24h/d), Phone: +358 41 613 847
Mail: Kauppakatu 1 B 18, SF-40100 Jyvaskyla, Finland, EUROPE
------------------------------
Date: Wed, 07 Jun 89 11:47:29 MEZ
From: Ghost <UZR50F@DBNRHRZ1.BITNET>
Subject: SEARCH FOR A PERSON
Woe to me, HELP HELP!!
Hi there, i have got a problem. last month i got the corewars package
from anyone out there, but i forgot his address. if he hear my scream for help
may i ask him for sending me his address. if anyone else out there know
his location and computer-address, please send it to me. above is my
nickname only. my real name is thomas friedrich.
the carewars packege is written by Maz Spork, the DaneBrain from danemarc.
thanks to all, who understand my interest,
Thomas Friedrich, UZR50F at DBNRHRZ1
' Ghost PCSERV-L@RPICICGE 6/07/89 Search for a Person
------------------------------
From: David.J.Ferbrache <davidf@CS.HW.AC.UK>
Date: Wed, 7 Jun 89 13:07:28 BST
Subject: Dirty dozen viruses
Jim Wright sent me a copy of version 9B of the Dirty Dozen list
(thanks Jim), in this list of IBM PC Trojans there are two entries
flagged as viruses, these are:
ARC533.EXE This is a new virus program designed to emulate Sea's ARC
program. It infects the Command.com.
PK35B35.ARC This was supposed to be an update to PKARC file compress
utility which when used eats you FATS and is or at least
Rumored to infect other files so it can spread - possible
VIRUS?
Question- has anyone suceeded in verifying that these two Trojan
horses do in fact contain (and initiate) viral code, and if so can
someone arrange to isolate the contained viruses and provide an
analysis for the group.
On a side note version 9B is now available from Heriot-Watt
info-server to sites in Europe (not uucp domain), send a message of
the form
request: virus
topic: ibmpc.dirty
the file is 51K long.
[Ed. Jim sent me a copy of the same file - I'll have it available here
shortly.]
- -------------------------------------------------------------------------
Dave Ferbrache Internet <davidf@cs.hw.ac.uk>
Dept of computer science Janet <davidf@uk.ac.hw.cs>
Heriot-Watt University UUCP ..!mcvax!hwcs!davidf
79 Grassmarket Telephone +44 31-225-6465 ext 553
Edinburgh, United Kingdom Facsimile +44 31-220-4277
EH1 2HJ BIX/CIX dferbrache
- -------------------------------------------------------------------------
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253