home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.14
< prev
next >
Wrap
Text File
|
1995-01-03
|
9KB
|
212 lines
VIRUS-L Digest Friday, 13 Jan 1989 Volume 2 : Issue 14
Today's Topics:
Two-Day Computer Virus Seminar
AMIGA virus warning (Amiga)
Interferon virus detection program for Macintosh
Re: Interferon virus detection program for Macintosh
ISS OFF! Virus? (PC)
Request for *confirmation* on Friday the 13th *rumor*
---------------------------------------------------------------------------
Date: Fri, 13 Jan 89 08:04 CST
From: Ken De Cruyenaere <KDC@UOFMCC.BITNET> 204-474-8340
Subject: Two-Day Computer Virus Seminar
(from the Computer Security Newsletter:)
Computer Viruses, Trojan Horses, Logic Bombs -- Strategies for Protection
Instructor John O'Leary describes and demonstrates examples,
discusses how they operate, how to detect their presence, and how
to guard against viral infection. The seminar examines why we"re
seeing this epidemic now, the people who create viruses, and the
effects that computer viruses are having on software distribution
methids. Administrative and technical controls, including demos
of commercially available "vaccination" software, will be offered.
The course is being offered in several cities:
January 12-13 in New Orleans
January 18-19 in Dallas
February 2-3 in San Diego
March 6 - 7 in Boston
June 15 - 16 in Detroit
For complete details: Call Vanessa at 508-393-2600
cost is $595.00
- ---------------------------------------------------------------------
Ken De Cruyenaere - Computer Security Coordinator
Computer Services - University of Manitoba - Winnipeg, Manitoba, Canada
Bitnet: KDC@CCM.UManitoba.CA (204)474-8340
------------------------------
Date: Fri, 13 Jan 89 08:50 EST
From: "Joseph M. Beckman" <Beckman@DOCKMASTER.ARPA>
Subject: AMIGA virus warning (Amiga)
>From one of my colleagues.
I am enclosing a posting from a local Bulletin Board (Alfheim)
which I know to be reputable, and the individuals named in the posting
are reputable and well known developers in the Amiga Community. I
have not had much luck in sending things to Virus-l, if you wish to
forward this, feel free to do so. if not, then it is just for your
own info -- I know you follow virus issues.
- ---------------------------
Msg:10663 Sec: 4 - Amiga Computer Room
31-Dec-88 12:42 AM
Subj: virus alert!
From: Dj James
To: all
Today Steve Tibbett (VirusX author) gave me a copy of a new Amiga
virus. This one does not attach itself to the boot sector of a disk
as the older viruses did. Instead, this one opens the
Startup-sequence file and looks for the first executable file in the
S-S file. It then opens this file and copies itself inside it.
By doing this, it hopes to remain invisable from the standard boot
block virus checkers and yet always get executed early on in the boot
sequence. The virus is pretty clever in the way it looks at the S-S
file and also how it rebuilds the executable file to include itself.
In operation, it intercepts the OldOpenLibrary vector and inserts
it's own code there. The OOL call doesn't require a version parameter
to be passed - so I'd expect that the OS itself uses that call to open
the ROM libraries (I'm guessing here).
The virus will change the title bar of CLI windows to "AmigaDOS
presents: a new virus by the IRQ-Team V41.0" other than that, and the
fact that it writes itself to your boot disk, it seems harmless. This
info comes from a disassembly - I'm not unleashing this thing in my
machine! Steve claims that it won't work under DOS 1.3 - let's hope
that this is true so the number of infections will go down.
If infected, turn off the machine, boot with a VIRGIN WB disk and
delete the first executable file in the infected disks
Startup-sequence, then copy a new version of that file to your WB
disk. Let's hope that this relatively harmless virus doesn't suddenly
become a killer! Djj
- ------------------------------------------
Thanks,
------------------------------
Date: Fri, 13 Jan 89 12:13 EST
From: RESEARCH CLUSTER SUPERVISOR JMH 320 X2164
<GARTH@FORDMURH.BITNET>
Subject: Interferon virus detection program for Macintosh
Hi everyone:
A couple of months ago occasionally my desktop accessories didn't
work. I ran a program called Interferon (version 1.1b) and the
response was that I had viruses in my system folder and several
software packages (hypercard) and so on. By the way, this DA problem
happened AFTER I had down-loaded PD stuff from MACSERVE@PUCC but that
*may* not be the source of the problem.
I reformatted my Hard Disk just to make sure and then
re-installed everything. Interferon when run again said "No viruses
detected". I vowed not to put any more PD software on my HD. I
haven't installed any other software since I reformatted the Hard Disk
and checked Interferon.
This is the killer... I ran Interferon again today and I'm full
of reported viruses again.
Has anybody had similar problems with this?? Is Interferon
reliable? Does anybody know of absolutely reliable virus detection
programs?
I am running System 6.0.2 and Finder 6.1 .
Thank you
/paul
------------------------------
Date: Fri, 13 Jan 89 13:08:03 EST
From: Joe McMahon <XRJDM@SCFVM.GSFC.NASA.GOV>
Subject: Re: Interferon virus detection program for Macintosh
"RESEARCH CLUSTER SUPERVISOR JMH 320 X2164 <GARTH@FORDMURH.BITNET>" writes:
> ... I ran a program called Interferon (version 1.1b) ...
> ... This is the killer... I ran Interferon again today and I'm full
>of reported viruses again.
> Has anybody had similar problems with this?? Is Interferon
>reliable? Does anybody know of absolutely reliable virus detection
>programs?
> I am running System 6.0.2 and Finder 6.1 ...
Okay, a couple of things.
Problem 1: You have a very, very old version of Interferon. The current
version is 3.1.
Problem 2: The LaserWriter and LaserPrep files in System 6.0 and up will be
labelled as infected by older versions of Interferon, even
though they are clean.
TELL LISTSERV AT SCFVM GET INTERFER SITHQX to get the newest version
in BinHex format.
You may also want to get Apple's newest version of Virus RX, which can
now detect nVIR (hurrah!). Get that with TELL LISTSERV AT SCFVM GET
VIRUSRX SITXHQX.
Once you have those, drop me a private note and we'll go over your
disinfection technique to see if there might have been a problem
there.
- --- Joe M.
[Ed. Thanks again for your help, Joe! It's greatly appreciated.]
------------------------------
Date: Fri, 13 Jan 89 11:15:23 -0800
From: Steve Clancy <SLCLANCY@UCI.BITNET>
Subject: ISS OFF! Virus? (PC)
Has anyone encountered a virus or other badware which leaves a message
similar to a happy face followed by "ISS OFF!" ? A local company
called me today and said that one of their AST 286's, running MS-DOS
3.2 has been having a problem with files being chopped in half, and
growing numbers of bad sectors on the hard disk.
This seems so far to be happening when a file is saved using Lotus.
The message arose when a user was using PC-Tools from a floppy. He
tried to save a batch file using a PC-Tools editor, and got the
message "unable to read sector" from PC-tools. When he exited to DOS,
he saw the ISS OFF! message at the A: prompt.
I don't have all of the information yet, but I'm wondering if anyone
else has encountered this? This is a credit company, and they are
really worried about information they have on their other disks!
- -- Thanks!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
| Steve Clancy | WELLSPRING RBBS |
| Biomedical Library | 714-856-7996 24 HRS |
| P.O. Box 19556 | 300-9600 N,8,1 |
| University of California, Irvine | 714-856-5087 nites/wkends |
| Irvine, CA 92713 | 300-1200 N,8,1 |
| SLCLANCY@UCI | "Are we having fun yet?" |
| SLCLANCY@ORION.CF.UCI.EDU | |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
Date: Fri, 13 Jan 89 14:39:03 est
From: ubu!luken@lehi3b15.csee.lehigh.edu
Subject: Request for *confirmation* on Friday the 13th *rumor*
I just heard an UNFOUNDED RUMOR about a Friday the 13th virus doing a
bit of damage in the United Kingdom. Can any of our UK readers
confirm (or preferably deny) this? If there's any truth to it, could
someone please send in some additional info?
Ken
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253