home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.35
< prev
next >
Wrap
Text File
|
1995-01-03
|
16KB
|
373 lines
VIRUS-L Digest Friday, 3 Feb 1989 Volume 2 : Issue 35
Today's Topics:
Hardware lock (PC)
Re: Anti-virus viruses
The Media and Viruses
Review of antenna program
Ethical issues.
Gatekeeper Report (Mac)
nVIR Assassin... (Mac)
VIRUS WARNING: Lehigh Virus version II (PC)
---------------------------------------------------------------------------
Date: Wed, 01 Feb 89 16:06:25 CST
From: James Ford <JFORD1@UA1VM.BITNET>
Subject: Hardware lock (PC)
On a computer with a hard drive, is there any way to (hardware) fix
drive "A" so that the computer will always boot from "C" and yet still
have the use of "A"? (boot from C always, read/write from A and C)
This may/may not be the correct list to post this to, but I would be
interested in your comments. (I guess you could stop SOME destructive
programs from spreading this way....)
James Ford
JFORD1@UA1VM.BITNET
------------------------------
Date: Wed, 1 Feb 89 17:50 EST
From: "Mark H. Anbinder" <THCY@VAX5.CCS.CORNELL.EDU>
Subject: Re: Anti-virus viruses
One of the ways viruses cause problems is the incidence of accidental
memory-related or incompatibility-caused crashes or similar
situations, simply when they propogate. Viruses don't need to
intentionally DO something to cause a disk crash or a system crash.
An anti-virus virus would probably cause the same types of problems as
it replicated itself trying to seek out nasties. It would be nearly
impossible to write such a program that guarded against MOST possible
incompatibilities or memory-management problems, much less against ALL
possible such problems.
Releasing an anti-virus virus upon the world would be similar to the
MacMag virus, which was (theoretically) intended to bring the possible
threat of viruses to the attention of the computing world. It would
also be similar to the motive some people claim for Robert Morris (one
fellow Cornellian of whom I am NOT proud), of warning people of what a
virus might do if someone MEAN had written it. It would be
irresponsible in the extreme, and would, most likely, cause more
problems than it would solve, even if no one tried to modify it to be
intentionally harmful.
Mark H. Anbinder
THCY@CRNLVAX5
THCY@VAX5.cit.cornell.edu
Department of Media Services
Cornell University
------------------------------
Date: Thu, 02 Feb 89 02:46:38 EST
From: Greg Brail <ST601396@BROWNVM.BITNET>
Subject: The Media and Viruses
There's been a lot of complaining recently about how "The Media" has
been misleading the public about viruses. As a semi-legitimate member
of The Media and as someone who considers himself knowledgeable about
computers, I think some clarification is in order.
Basically, reporters try to write stories that people are going to
want to read. If a story for a non-technical publication gets bogged
down in techno-speak, readers can just as easily read something else.
Writing an accurate article about a technical subject like computer
viruses that the average reader can understand can be difficult, to
say the least.
I know this because I just wrote an article about viruses for the
Brown Daily Herald, the student newspaper here. Perhaps I should
assume that Brown students would have an easier time with such an
article than an "average person." I didn't.
In my article, I referred to the Internet worm as a "virus." The day
the article ran, I read in this mailing list that the proper term for
the program was "worm," not "virus." Had I known that, I would have
corrected the terminology in the article.
But the truth is that it probably wouldn't have made much of a
difference. To the "average person," a virus is a nasty program that
spreads itself from one computer to another and can do bad things.
That's probably all anyone needs to know.
What computing professionals must understand is that they must be
careful when explaining viruses, or any computer-related issue for
that matter, to a reporter. Even if the reporter doesn't ask, "What's
a virus," you should probably explain it anyway. If a reporter asks
you about the "Internet virus," you should point out that that program
was a worm, not a virus. Reporters don't (usually) make things up. If
you don't give them the correct information, they will assume
something that looks like a virus is, in fact, a virus, whether
they're right or not.
I, too, objected to Newsweek's insinuation that the games spreading
through Germany are viruses, although a one-sentence clarification
near the top of the article would have been fine. I also wondered why
the New York Times and other publications didn't realize that when
people hear that "defense department computers were the victim of a
virus," the think that the computers that launch nuclear missiles were
infected. And the improper use of the term "hacker" really ticks me
off.
However, the truth is that many journalists are not stupid, ignorant,
or "J-school morons." The best rule for journalists writing about
technical issues is to pretend you don't know anything so your sources
will explain it for you. When talking to journalists, computing
professionals should use the same rule. Don't assume the reporter
knows everything about computers, unless you know that particular
reporter's work. Take the time to clarify what you're talking about.
Many reporters will not stop you if you go too fast, although they
should.
Of course, none of this can happen if the computing community cannot
decide upon and spread the word about the proper definition of "virus"
and other terms. Unfortunately, today's computer users have to know
how to protect themselves from viruses. If the computing community
takes the responsibility of spreading accurate information to
reporters, good reporters will take the responsibility of spreading it
to the public.
Greg Brail
ST601396@brownvm.brown.edu
ST601396@brownvm.BITNET
P.O. Box 1020
Brown University
Providence, RI 02912
------------------------------
Date: Thu, 2 Feb 89 10:32:18 GMT
From: David.J.Ferbrache <davidf@CS.HW.AC.UK>
Subject: Review of antenna program
[Ed. The following message was sent to the United Kingdom distribution
of VIRUS-L. Apologies to our UK readers who are reading this for the
second time.]
For anyone interested, there was an Antenna presentation on Computer
viruses on BBC2 last night. Here is a brief review of the material
covered. I guess anyone interested in obtaining a transcript of the
program should contact the BBC.
This program provided an overview of the topic of computer viruses,
the risk and the possible cures. The concept of a computer virus was
explained using the traditional biological analogy, by both Dr A
Solomon (IBMPCUG) and Ian MacKay a biologist from Glasgow University.
Parallels were drawn between the AIDS virus' ability to disguise
itself by changing surface characteristics and that of the computer
virus by changing host program. (This ability is extended in newer
viruses such as the 1701-Blackjack virus in which the majority of the
virus object code is encrypted when on secondary storage).
Examples were presented of infection of IBM PC compatibles (by the
Italian virus), the Apple Mac (by nVIR a) and the Amiga (by the SCA
virus). The program demonstrated the use of Turin university
anti-viral software and the use of Interferon and Vaccine. The
conclusion seemed to be that it is a continuous battle between the
vaccine developers and the hacker virus writers. In such a battle
vaccine writers are at an obvious disadvantage as they strive to
obtain information on, and develop countermeasures for new virus
strains.
Interviews were given with a number of computer "hackers", and
included footage of the Vaxbusters interest group of the Chaos
Computer Club; together with demonstrations of actual breakins to the
computer systems of Singapore Airlines and NASA. The integrity of a
number of commercial bank computer systems was also questioned,
including that of Chase Manhatten.
The program gave a frightening, and emotive portrayal of computer
viruses, trojan horses (including Larry the Lounge Lizard), and the
insecurity of mainframe systems. The program enumerated three possible
courses of action against computer viruses, namely: vaccine
development, change computer and legislation. The conclusion was that
vaccines will become impractical as the threat from, and diversity of
viruses grows. (Since the source of two viruses has now been
published, the threat seems certain to grow).
The inference that legislation is necessary with greater restrictions
on computer access seemed obvious.
Dave Ferbrache Personal mail to:
Dept of computer science Internet <davidf@cs.hw.ac.uk>
Heriot-Watt University Janet <davidf@uk.ac.hw.cs>
79 Grassmarket UUCP ..!mcvax!hwcs!davidf
Edinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553
------------------------------
Date: Thu, 02 Feb 89 09:23:01 EST
From: "John P. McNeely" <JMCNEELY@UTCVM.BITNET>
Subject: Ethical issues.
Currently there are a wide variety of viruses infecting various
machines across the world. We know the names of the virues and the
damage that they do. But, with the exception of a few viruses and
WORMS, we don't know who the culprits are behind this. What are the
ethics behind writing viruses and WORMS? The controversey still
surrounds Robert Morris jr. and his motives; the Pakistani brothers
wanted to teach people lessons about software piracy. What about the
others? We probably will never know who started what, but we can
ponder the questions as to why a person would want to write a computer
virus or WORM.
Any thoughts on this?
Respond to me either directly or to the list. Thank you.
John P. McNeely
BITNET Address: JMCNEELY@UTCVM.BITNET
------------------------------
Date: Thu, 02 Feb 89 20:22:22 PST
From: SPOCK@CALSTATE.BITNET (Commander Spock)
Subject: Gatekeeper Report (Mac)
Although I am *NOT* the author of the program, I would like to post a
notice to those who are currently or will be using Gatekeeper, this
notice may come in handy. Aside from the notices that the author has
published (from what I can count, currently: 2 posted), I find the
program quite useful in performing searches for various "virus
attacks". At any rate, I will let you folks (not to mention the
author) know of any problems that I've run acrossed when using
Gatekeeper. I hope that other users/developers/authors will
reciprocate with their findings.
Current system setup is as follows:
- Macintosh Plus == 1MB RAM configuration
- RAM cache OFF
- 1 Jasmine 100MB hard drive
- 1 external 800K floppy drive
- various CDEV's including Gatekeeper
- Suitecase II Release 1.0.2
Finding:
1. Have recently upgraded System file to 6.0.3
2. Have recently upgraded Finder file to 6.1
3. Have recently upgraded Control Panel to 3.3.1
Observed Problems:
1. Gatekeeper *DOES NOT* register inside the Control Panel
2. Miscellaneous error dialogs keep popping up:
- ID = 02
- ID = 03
- ID = 22
- ID = 15
I realize that the 22 and 15 errors may (or may not) have been
directly or indirectly related to the execution of Gatekeeper within
the Control Panel, provided of course that the close option within the
box (the square) has *NOT* been initiated; otherwise, the resulting
error is an ID = 02.
Could I possibly be doing something wrong? Second, is there a chance
that I may be able to obtain a copy of the program (source not
necessary) to debug myself (to those who have Gatekeeper 1.0.1)?
Three, any further findings that I find unusual simply by having
Gatekeeper within my System Folder, I will let you folks know. I feel
that sharing information with those who may be directly or indriectly
affected by the proper executing and dependance of this file is a
must, not a necessity. I hope that others can feel the same about any
quirks that they may find with this file and others for the Macintosh
and/or IBM.
Should I stand to be corrected (and I have been known to make
mistakes...), please let me know what I might be doing wrong.
With best regards,
Robert S. Radvanovsky spock%calstate.bitnet@cunyvm.cuny.edu
California Polytechnic Univ. spock@calstate.bitnet
Pomona, California
P.S. I admit, I'M HUMAN! Kind of a bad position for me, wouldn't you
think?
------------------------------
Date: Thu, 02 Feb 89 20:43:22 PST
From: SPOCK@CALSTATE.BITNET (Commander Spock)
Subject: nVIR Assassin... (Mac)
Need some help here. I have "nVIR Assassin", version 1.0. I've used
it on various machines and removed copies of "nVIR", supposedly. What
happened was this: of the 6 applications that were checked, only 2
worked correctly. The programs checked were:
- Microsoft Excel 1.05
- Microsoft Works 2.0
- Reflex Plus
- Filemaker 4
- Font/DA Mover 3.6
- Hypercard 1.2.1
Of the programs that worked, only Font/DA Mover and and Filemaker 4
worked. All other programs simply exited to the Finder. Have I done
something wrong? I've performed all the necessary steps needed as
outlined by the author. What happened?
Robert S. Radvanovsky spock%calstate.bitnet@cunyvm.cuny.edu
California Polytechnic Univ. spock@calstate.bitnet
Pomona, California
------------------------------
Date: Fri, 3 Feb 89 07:58:56 EST
Sender: Virus Alert List <VALERT-L@IBM1.CC.Lehigh.Edu>
From: Ken van Wyk <luken@SPOT.CC.LEHIGH.EDU>
Subject: VIRUS WARNING: Lehigh Virus version II (PC)
A new version of the Lehigh Virus has appeared on our campus; it is
almost identical to the first one, but has a couple of notable
differences.
Yesterday, one of our microcomputer labs reported several students'
disks being destroyed. We were able to determine that a virus which
appeared identical (at first) to the Lehigh Virus had indeed infected
some of the disks in the public lab. Disassembly of the virus was
quick and painless because it beared so much resemblance to the
original Lehigh Virus.
The important differences are:
1) "Version II" waits until its generation counter hits 10 before
doing any destruction.
2) II does not store the generation counter on disk, as version I did
in the case of hard disk machines. That is, a system reboot starts
the generation counter back at 0.
Because of these seemingly minor differences, the virus has a greater
potential for spreading.
Both versions can be referred to as FEVs (Feature Exploiting Viruses)
since they use MS-DOS Interrupt 21H functions for propagating, and
a slightly lower level routine, Interrupt 26H (Absolute Disk Write) to
destroy the boot track of disks (floppy and fixed) once the generation
counter hits 10 (for version II, 4 for version I).
Any/all followups will be posted on VIRUS-L.
Ken van Wyk
Lehigh University Computing Center
[Ed. Editor's apologies for taking so long to get this VIRUS-L digest
together. The above message should explain why we've been a bit busy
around here... :-) With the help of a *very* talented and willing
crew, things seem to be pretty much under control. Thanks to all!]
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253