home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.15
< prev
next >
Wrap
Text File
|
1995-01-03
|
7KB
|
178 lines
VIRUS-L Digest Monday, 16 Jan 1989 Volume 2 : Issue 15
Today's Topics:
Checkup version 2.1 for IBM (PC)
Encrypted/Decrypted virii
Request for info on other MAC viri... (Mac)
CBUG: not a virus (PC)
Name this book -- for a box of cookies!
---------------------------------------------------------------------------
Date: FRI JAN 13, 1989 17.51.56 EST
From: "David A. Bader" <DAB3@LEHIGH>
Subject: Checkup version 2.1 for IBM (PC)
Just a note I saw on the IBMPC-L list:
CHECKUP v. 2.1 has been released and is available from SIMTEL20 at
<msdos.trojan-pro>CHKUP21.ARC and is 79k.
Checkup is a program that can be used to check files' CRCs and
footprints.
David Bader
DAB3@LEHIGH
[Ed. The anonymous FTP is from WSMR-SIMTEL20.ARMY.MIL. The directory
is on PD1:]
------------------------------
Date: Fri, 13 Jan 89 21:45 EST
From: <ACS045@GMUVAX.BITNET>
Subject: Encrypted/Decrypted virii
Homer W. Smith <CTM@CORNELLC.BITNET> writes:
[Magazine review/appraisal deleted]
> One of the things it said that might be done to protect programs
>from viruses is to make the operating system store all programs in a
>scrambled state (encryption). Then just before running them, decrypt
>them.
> When and if a virus attaches to an encrypted program, it will get
>scrambled when the program is decrypted and cause a crash.
> Seems like a very very good idea. How say you all?
It sounds good, but there is one problem here. The virus, in order to attach
itself to the file would most likely have to be in a decrypted format in order
to attach itself to the host program it is trying to infect.
Heres the possible problems:
1. The virus has to be in a decrypted state in order to infect the host program
which itself is encrypted. However, when the program executed, the OS will
perform the encrypt/decrypt algorithm on both the program and the virus that is
now attached to it. This is good for the program because it can now execute,
but the unencrypted virus code will become scrambled during this
process because what you're doing is decrypting a decrypted file which can
only hopelessly scramble the code.
2. Okay, so an obvious way around this is to have the virus encrypt itself
after infecting the targeted file, but which method to use??. With 6.02*10^23
encryption schemes out there, a virus would be too big and take too much effort
to try and check for even the most popular coding or encryption schemes.
The idea sounds good but thats about it....
- ---Steve
- --------------
Steve Okay ACS045@GMUVAX.BITNET/acs045@gmuvax2.gmu.edu/CSR032 on The Source
Disclaimer:The contents of this are less relevant than
say, the New York Times Op Ed. page, but more relevant than, say, Plywood.
---Bloom County "Loose Tails"
[Ed. Isn't that the whole _idea_ behind encrypting executable files on
disk (so that any virus infecting them would effectively neuter itself
since it would be written unencrypted to disk)? The next time the
newly infected executable file would be run, it would no doubt crash -
which, imho, is a far cry better than infecting another program(s).]
------------------------------
Date: Sat, 14 Jan 89 22:20:56 PST
From: SPOCK@CALSTATE.BITNET (Commander Spock)
Subject: Request for info on other MAC viri... (Mac)
I need some help here. I am currently doing a research project for an
informational resource management class, and fortunately, my project
is on security systems and protection, namely viruses. I am a
Macintosh user (currently two at the moment) and have heard some
shocking news regarding NEW strains of "nVIR" viruses. News is a
*BIT* slow around here, so I'm one of the last to hear things (kind of
sounds familiar here, don't it?). At any rate, what does this "Hpat"
virus do? Second, there is another virus out in the Macintosh world,
called "INIT 29". I definitely DO NOT know what type and nature this
fellow is. What does this one do?
In your reply, please be specific about type, species, and any
references as to where in memory it attacks, what applications are hit
most often... often (please excuse, bad terminal line...), etc. I
will be using the material that you send me in my report about viri.
Thanks in advance.
Spock INTERNET: cbds080@ccs.csuscc.calstate.edu
cbds080@c730.csupom.calstate.edu
BITNET: cbds080@calstate.BITNET
"I think it has something to do with those ears..." -- Capta Kirk
------------------------------
Date: 15 Jan 89 23:00:00 EST
From: Michael Brown <BROWN@CMR001.BITNET>
Subject: CBUG: not a virus (PC)
After considerable help from the netland folk, and an extensive
investigation, it has been determined that CBUG is probably not a
virus, and more likely, a prank program.
I would like to thank everyone for their assistance, especially, Ken
and the two individuals who offered to look at the code for me. Not
only did their efforts make my life *considerably* easier, but with
their help, I was able to work on the problem efficiently, and with
confidence.
I say again, CBUG.COM is not a virus.
Thanx again,
CP6-Mail: Michael Brown @CMR
NET-Mail: <brownm@cmr001.bitnet>
Michael Brown Snail-Mail: Service Informatique CMR, St-Jean, Que. J0J 1R0
------------------------------
Date: Tue, 10 Jan 89 02:10:18 PST
From: cliff@LBL.Gov (Cliff Stoll)
Subject: Name this book -- for a box of cookies!
[Ed. This is forwarded from RISKS, with this editor's recommendation
to anyone who hasn't read "Stalking the Wily Hacker" to run to their
library and read it *now*!]
Fellow Riskees:
I'm writing a book, and I need a title.
It's about computer risks: counter-espionage, networks, computer security,
and a hacker/cracker that broke into military computers. It's a true
story about how we caught a spy secretly prowling through the Milnet.
Although it explains technical stuff, the book is aimed at the lay reader.
In addition to describing how this person stole military information,
it tells of the challenges of nailing this guy, and gives a slice of
life from Berkeley, California.
You can read a technical description of this incident in the
Communications of the ACM, May, 1988; or Risks Vol 6, Num 68.
Better yet, read what my editor calls "A riveting, true-life adventure
of electronic espionage" ... available in September from Doubleday,
publishers of the finest in computer counter-espionage nonfiction
books.
So what?
Well, I'm stuck on a title. Here's your chance to name a book.
Suggest a title (or sub-title). If my editor chooses your title,
I'll give you a free copy of the book, credit you in the acknowledgements,
and send you a box of homemade chocolate chip cookies.
Send your suggestions to CPStoll@lbl.gov or CPStoll@lbl (bitnet)
Many thanx! Cliff Stoll
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253