home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.190
< prev
next >
Wrap
Text File
|
1995-01-03
|
7KB
|
195 lines
VIRUS-L Digest Tuesday, 12 Sep 1989 Volume 2 : Issue 190
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's
LEHIIBM1.BITNET for BITNET folks). Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- Ken van Wyk
Today's Topics:
Re: VM Virus Warning (IBM VM/CMS)
Re: Suggestion for "Ultimate Virus"
Need help (PC virus)
Origin of the name "Vienna" virus (PC)
ssyx is no longer
October 12th Virus (PC)
---------------------------------------------------------------------------
Date: 11 Sep 89 00:00:00 +0000
From: MBDMD@ROHVM1.BITNET
Subject: Re: VM Virus Warning (IBM VM/CMS)
Does anyone have any additional information on this?
[Ed. Text of recent VM/CMS virus warning deleted.]
Martin J. Doyle
VM Systems Programming Contractor
Rohm and Haas Company
Philadelphia, Pennsylvania
MBDMD@ROHVM1
(215) 752-2296
------------------------------
Date: Thu, 31 Aug 89 08:51:43 -0400
From: mcf!mibte!dptg!ccd700!root@sharkey.cc.umich.edu
Subject: Re: Suggestion for "Ultimate Virus"
> I've been thinking lately of how to write the ultimate virus, one
> that would be very hard to identify with pattern matching
I'm sure a lot of people have !!!
> I've never written a virus, and I do not intend to write one.
Ditto!
For completeness of thought please do not forget MERVs and
CLUSTER bombs. How about one of these self extracting archives
that goes and executes the extracted bugs until it's killed ??
Nightmares!
...mibte!ccd700!ron tribble
------------------------------
Date: 10 Sep 89 22:44:01 +0000
From: parnes@eniac.seas.upenn.edu (Gary Parnes)
Subject: Need help (PC virus)
What's an honest programmer to do?
At my office today, we discovered that we're the proud receivers of a
bloody virus. It causes an exe file to expand exactly 1808 bytes
every time the exe is run.
We're not familiar with the virus vaccines (if any) out for the IBM.
Can someone suggest anything?
Gary
/=============================================================================\
| "You're obviously misinformed... everything | Gary Parnes |
| EAST of the San Andreas Fault is going to | Computer Science Engineer |
| fall into the ATLANTIC Ocean." | University of Pennsylvania |
| *** parnes@eniac.seas.upenn.edu *** | *NOT* Penn State, Dammit! |
\=============================================================================/
------------------------------
Date: Mon, 11 Sep 89 16:55:43 +0200
From: Y. Radai <RADAI1%HBUNOS.BITNET@VMA.CC.CMU.EDU>
Subject: Origin of the name "Vienna" virus (PC)
Manfred Pfluegl asks:
>Where did the virus "VIENNA" get his name from?? Does anybody know
>the answer?
Well, the answer is just what one would expect: it was first re-
ported in Vienna! That was in Dec 1987 (or perhaps slightly earlier).
In April 88 the same virus (or a slight mutation of it) was reported
in Moscow, and in Aug 88 it appeared at a summer camp run by Unesco.
Someone who didn't know of its prior existence in Austria gave it the
name DOS-62, presumably because its method of indicating an already
infected file is to set the seconds field of the time entry of the
file to 62.
I'd like to add one point that was apparently not mentioned by
anyone who replied to Kim's question about the foulup which occurs on
switching diskettes between an "Abort, Retry ..." message and pressing
of the R(etry). This bug has apparently been removed in DOS 4 by the
inclusion of a Volume Serial Number which is written into the boot
sector (bytes 27h-2Ah) by FORMAT. (This is a random number based on
the date and time when FORMAT was performed.) Before allowing the
operation to be retried, the critical-error handler checks this number
on the diskette. If it does not match, you get the message "Invalid
disk change".
Y. Radai
Hebrew Univ. of Jerusalem
------------------------------
Date: Mon, 11 Sep 89 12:43:52 -0700
From: van-bc!mdavcr!rdr@uunet.UU.NET (Randolph Roesler)
Subject: ssyx is no longer
I think I seen a notice that ssyx archive-server is
no-more.
My mail there just bounced with "user unknown"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<imaginary logo here> Randy Roesler
MacDonald Dettwiler & Assc.
...!uunet!van-bc!mdavcr!rdr BC Canada 604-278-3411
[Ed. Could somebody please verify this?]
------------------------------
Date: Mon, 11 Sep 89 13:15:14 -0700
From: portal!cup.portal.com!Alan_J_Roberts@Sun.COM
Subject: October 12th Virus (PC)
Thought the following note posted to the HomeBase board from John McAfee
might be of interest:
9-11-89 10:38:15
From: John McAfee
Subj: October 12th Virus
The press has recently focused on the October 12th (DataCrime)
virus as the latest threat to our collective well-being. The mania
started, I believe, with Joe Hirst's warning in the advertising flyer
for the Virus Bulletin, and was recently fueled by John Dvorak's
August column in the San Francisco Chronicle. This virus, however, is
a virtual phantom. It does exist, but it is not a major statistical
threat to U.S. computers (at least not for the next few months).
There have been fewer than 50 reports of infection in Europe and only
seven reports here in the U.S. -- including the Tom Patterson Report
fron Centel - since the beginning of the year. This compares with
over 30 reports per day of the Jerusalem-B virus, and over ten reports
per day of the 1701/4 virus.
These statistics come from the VIRUSCAN reports. The program
distribution, through the FIDONET network, shareware distributors and
other channels has reached an estimated 3 million users. This is a
large enough statistical base to catch any widespread infection threat
- - and the DataCrime simply has not shown up as a major player. I
think we would be wiser warning users of the threats that are
statistically most likely. The current order of appearance is:
Jerusalem-B - 62%
1701/4 - 17%
Ping Pong - 9%
Stoned - 8%
All Others Combined - 4%
These figures are for the past 30 days. They do change
dramatically from month to month, but the top four are fairly
constant. The up and coming virus to watch, by the way, appears to be
the Vienna virus. We had no reports at all in the U.S. from January
till June 18th of this year. Then one report on the 19th of June, 4
reports through the end of July, 11 in the month of August and 15 in
the first ten days of September.
Hope this provides some perspective.
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253