home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.32
< prev
next >
Wrap
Text File
|
1995-01-03
|
5KB
|
114 lines
VIRUS-L Digest Tuesday, 31 Jan 1989 Volume 2 : Issue 32
Today's Topics:
CP/M viruses?
Re: "FRG Nazi virus" / relevance to computer virus discussions
INIT 29 further information and corrections (Mac)
---------------------------------------------------------------------------
Date: Tue, 31 Jan 89 05:03-0500
From: David.Slonosky@QueensU.CA
Subject: CP/M viruses?
This may seem like a ridiculous question, but I just recently received
a CP/M based computer (for free), and am wondering if any CP/M viruses
were ever reported. Was there a "Dirty Dozen" of CP/M software?
(Yeah, ya can quit gigglin' any time now!) :-)
__________________________________
| |
David Slonosky/QueensU/CA,"",CA | Know thyself? |
SLONOSKY@QUCDN | If I knew myself, I'd run away. |
|__________________________________|
------------------------------
From: J.D. Abolins
Date: 31 Jan 89
Subject: Re: "FRG Nazi virus" / relevance to computer virus discussions
While I found the posting useful for an article I am writing about
misuses and abuses of computer technology, the posting had little
relevance to the VIRUS-L discussion list. A far better spot for it
would be RISKS DIGEST; in fact this subject was brought up in recent
issue of RISKS.
The programs mentioned are not, repeat, are not computer viruses.
(They are, so to say, the viruses of the soul, but not of computers.)
These obnoxious programs are "free standing" programs.
As for FRG laws restricting such materials, there are major reasons
for it. If you would like to discuss this subject further, you're
welcome to doit off-line by e-mail to me.
[Ed. True, the actual programs had nothing to do with viruses.
However, the article that was cited called them viruses, and I don't
believe that a mention of that here was out of line. It points out
the fact that the public is very confused over viruses, and that the
media is (apparently inadvertantly) only making matters worse.
Nonetheless, any discussions on FRG laws, etc., should be done
elsewhere, as Mr. Abolins suggests.
J.D., please include your network address on your From: line, if
possible. Thanks.]
------------------------------
Date: Tue, 31 Jan 89 08:46:42 -0500
From: Joel B Levin <levin@BBN.COM>
Subject: INIT 29 further information and corrections (Mac)
There have been a few misconceptions floating around about INIT29 and
how it works. It is quite virulent, spreading at the drop of a hat,
and I don't want to minimize it; but there is a slight bit of
overstatement in what I have read and I want to try to correct it a
bit.
1. If you have booted from a clean system (System file and INIT, cdev,
and RDEV type files are all clean), then you are running clean.
Nothing will happen if you put an infected disk in your drive, if you
look at an infected file with ResEdit or copy a file. The ONLY thing
which does damage while you are running clean is to run an infected
application. Doing so will infect your CURRENT System file. That's
all it will do (not that it isn't enough); you will still be running
clean afterward. Rebooting with an infected system file is necessary
before the serious damage starts.
2. Booting from an infected system disk (one or more of your System
file and the INIT, cdev, and RDEV type files IN YOUR SYSTEM FOLDER are
infected) will cause your system to run dirty, i.e. with OpenResFile
patched to infect anything it opens. Now you are in a state when
merely opening any file with a resource fork will infect it with
either an INIT 29 resource (if there is no CODE 0 resource) or with a
new CODE resource (if there is a CODE 0 resource). It is thus true
that merely inserting a floppy disk (under Finder, not necessarily in
applications, which might not cause the Desktop file to be opened) a
copy of INIT29 "infects" the Desktop file on that disk. And any
documents or other miscellaneous files which are opened for any reason
are likely to have an INIT29 written into them. However, the only
significant INIT29's are those written into the System file or into a
type INIT, cdev, or RDEV file in the system folder. In other files
the INIT29 resource is less like an infection than like a benign tumor
- -- it takes up space, is neither useful nor harmful, and sometimes
gets in the way of something and causes it to break. [This doesn't
mean that some future virus couldn't activate it somehow.]
3. The only sure way to deal with INIT29 at this moment is to have a
completely clean system on a hardware LOCKED diskette, complete with a
detection tool like VirusDetective. All copies of INIT29 may be
safely removed. All infected applications should be deleted and
restored from locked master disks (you did keep those around, of
course, and locked :-)). At this moment I know of no available
programs capable of properly removing the infection from an
application-like file (i.e. has a CODE 0 resource), including Virex;
but I guarantee you there will be one or more available before long.
/JBL
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253