home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.167
< prev
next >
Wrap
Text File
|
1995-01-03
|
7KB
|
176 lines
VIRUS-L Digest Thursday, 3 Aug 1989 Volume 2 : Issue 167
Today's Topics:
viruses that reprogram ANSI keys
Re: Computer Condom
Re: Shareware? Hmm... (Mac)
OS/2 and viruses...
Re: Axe by SEA - not an anti-viral
Re: os/2 question (PC)
---------------------------------------------------------------------------
Date: Wed, 02 Aug 89 07:56:19 -0400
From: <V2002A@TEMPLEVM.BITNET>
Subject: viruses that reprogram ANSI keys
Hi,
Just a quick note about viruses that reprogram keys to do
nasty things. Several good terminal emulation packages have a
feature that allows you to 'lock out' any host generated key
redefinitions. With Persofts Smarterm 220/240 series of programs
you can set the 'User Features Locked' and the program will ignore
all attempts to reprogram the keys with escape sequences.
Andy Wing V2002A@TEMPLEVM.BITNET
[Ed. Not bad, but does MS-DOS's ANSI.SYS allow to lock out these
sequences? I don't believe that it does. If not, escape codes
imbedded in documentation, for example, can do a lot...]
------------------------------
Date: Wed, 02 Aug 89 09:26:00 -0400
From: <MANAGER@JHUIGF.BITNET>
Subject: Re: Computer Condom
Barry D. Hassler <hassler@nap1.arpa> writes:
>Pardon me for my opinions (and lack of expertise in viral control), but I
>think these types of products are dangerous to the purchaser, while most
>likely being especially profitable for the seller. I just saw a copy of
>this floating around to some senior management-types after being forwarded
>several times, and dug up this copy to bounce my two cents off.
>First of all, I don't see any method which can be guaranteed to protect
>against all viruses (of course the "when programmed to your requirements"
>pretty well covers all bases, doesn't it?). Naturally, specific viruses or
>methods of attach can be covered with various types of watchdog
>software/hardware, but I don't think it is possible to cover all the
>avenues in any way.
Barry, I think it was supposed to be a joke. I mean, the company president's
name was Rick (or Dick) Cummings... Think about it. It's even better than that
thing by Mike RoChanle (Micro Channel). Remember that?
Damian Hammontree
System Programmer, Johns Hopkins School of Medicine, Baltimore
MANAGER @ JHUIGF
Disclaimer: I wouldn't be suprised if it was on the level and I'm wrong about
this, but I don't think so.... 8^)
------------------------------
Date: Wed, 02 Aug 89 08:31:05 -0500
From: Joe McMahon <XRJDM@scfvm.gsfc.nasa.gov>
Subject: Re: Shareware? Hmm... (Mac)
Here is Jeff Shulman's reply to my letter about VirusDetective.
----------------------------Original message----------------------------
Bob forwarded your letter to me. I *would* appreciate you sending a followup
letter to the virus list since I feel my reputation is at stake. I do
empathise with the possible hurt feelings a user may have when seeing a
bill for being honest. I have since been sending a letter of explanation
as to why the price increased. I am still sending users what they paid for
at the old price along with the bill (your friend *did* receive a disk if
you recall). I'm not out to punish my honest users but to inform them that
there has been a price increase and I would appreciate it if they paid the
difference (after all it isn't fair to the new users who *pay* the current
higher price for someone who paid the lower price, at the same time, to get
the same service).
Jeff
uucp: ...rutgers!yale!slb-sdr!shulman
CSNet: SHULMAN@SDR.SLB.COM
AppleLink: KILROY
Delphi: JEFFS
GEnie: KILROY
CIS: 76136,667
------------------------------
Date: Wed, 02 Aug 00 19:89:34 +0000
From: utoday!greenber@uunet.uu.net
Subject: OS/2 and viruses...
OS/2 makes some hardware calls for things such as formatting a disk.
It goes around the bios. As such, none of the monitoring type programs
are gonna stop an OS/2 FORMAT command to trigger.
Found that out the hard way! :-)
Ross
Ross M. Greenberg
UNIX TODAY! 594 Third Avenue New York New York 10016
Review Editor Voice:(212)-889-6431 BBS:(212)-889-6438
uunet!utoday!greenber BIX: greenber MCI: greenber CIS: 72461,3212
------------------------------
Date: Wed, 02 Aug 00 19:89:13 +0000
From: utoday!greenber@uunet.uu.net
Subject: Re: Axe by SEA - not an anti-viral
Programs such as Axe, which are stand alone decompressors, should not
be considered an effective defense by any means angainst virus attacks.
Consider a vanilla program, compressed and wrapped up in a decompress
shell. Fine. Now, stick a virus around the shell (shell-within-a-shell).
When you execute the program, the virus executes, then the decompressor
starts to work. The checksum doesn;t match, so the system hangs, or
aborts, or whatever.
However the virus has already run.... (viruses such as the TSR Israeli
Virus may not run, though, since the infected program is never really
run if it crashes....)
Ross
Author, FLU_SHOT+
------------------------------
Date: 03 Aug 89 04:39:10 +0000
From: kelly@uts.amdahl.com (Kelly Goen)
Subject: Re: os/2 question (PC)
none of the com infectors I think would presently pass and none of the exe infe
ctors at present for the strains that homebase has gotten samples of could....b
ut exe header info for dos , windows and os2 is in essence somewhat the same(i.
e. exe hdrs for windows and os2 contain extensions to the regular format...) if
the exe file from dos will run unchanged in the compatibility box then I think
you may indeed have a possibility of infection... however os-2 executable woul
d tend to have selective parts of their exe header mashed...ones that I would t
hink would represent a real possibility of infection would be the improved stra
ins of the jerusalem virus(the strains that infects exe hdrs correctly) and oth
er exe infectors that are reasonable well behaved...however the subject of tran
sport viruses has come up before in conversations between john and myself and I
think at least that it represents a real possibility...(also note that lacking
a os-2 system at this time I am essentia!
lly winging it...I did however tak
e a look at the various header formats and various exe infectors that homebase
folks have provided disassemblies of in answering in this fashion). If any of t
he os-2 folks have comments negative or positive out there e-mail me and I will
summarize to the net on this.I am also personally looking into this with respe
ct to 386, Interactives UNIX 5.3 and their DOS under UNIX Option!!
cheers
kelly
disclaimer: neither AMDAHL Corp. nor ONSITE Consulting take any responsibility
nor make any warranties for what I say... it is totally and completely the res
ponsibility of Cybernetic Systems Specialists Inc. and myself...
flames>>/dev/nul
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253