home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.42
< prev
next >
Wrap
Text File
|
1995-01-03
|
10KB
|
229 lines
VIRUS-L Digest Thursday, 9 Feb 1989 Volume 2 : Issue 42
Today's Topics:
Re: How to book
On virus education
Finding ANTI (Mac)
Interferon Question (Mac)
The BOOK
Information Request
RE: Request for info... Interferon 3.0 (Mac)
Protecting Public IBM PC's
---------------------------------------------------------------------------
Date: Thu, 9 Feb 89 08:17:06 est
From: preedy@nswc-wo.arpa.ARPA
Subject: Re: How to book
I think the book Konrad Neuwirth was talking about is Computer
Viruses: A High-Tech Disease by R. Burger. It was translated from
German (and is in English) and published by Abacus. The address for
Abacus is: 5370 52nd Street, SE / Grand Rapids, Mi 49508.
In the book, there are small programs for the PC that are written
in assembly language, basic, and Pascal that are examples to show how
different viruses work. There are examples of batch viruses and in
the case of the network virus - Christmas.exec, the Christmas virus.
He tries to explain in some cases how these work and even suggests the
shell if this is for demonstration purposes. There is also a
statement in the front of the book that states that the programs are
for testing and demonstration programs only. Also there is a
demonstration program on how the virus works.
Hopefully this message is just descriptive. I didn't mean to
have any public opinions on this book. I was just trying to give you
an idea of what is in it, not the quality.
Pat Reedy
PREEDY@NSWC-WO.ARPA
------------------------------
Date: Wed, 8 Feb 89 20:15 EST
From: <RER1@SCRANTON.BITNET>
Subject: On virus education
Although I have no idea of when the first "virus" ever came on the
scene, I have noticed that the rage of epidemics has increased
steadily with the growing spirit of "sharing," at least in the PC
community. I remember the days of logging onto bulletin boards and
not really having to worry about trying someone's new, improved,
handy-dandy program that prided doing everything but walking the dog.
It's really a shame that just when we're at the brink of a great trend
like this that people (like Mr. Morris) have to take advantage it.
My my outburst is partly a comment on Art Weisenseel's message on the
"Anarchist's Cookbook" for computers (n2v37), and partly a comment on
Robert Radvanovsky's message on corporate intentional viruses.
However, might I suggest something similar to what our Surgeon General
has said about AIDS: Educate the people!!! If we can get it across to
students in the colleges (high schools?) and to some people in the
workplace that these "Malicious Pieces of Code" destroy an open
atmosphere for software development on all levels and also waste of
alot of precious time and money (I've seen the setup at Lehigh and
everyone there works tremendously hard to prevent/control virus
outbreaks) then maybe, just maybe, we could all get our work done
without having to have twelve backups, two of which are locked away in
a safety-deposit box somewhere.
"There's a dark side to every powerful technology..."
Michael Hawley, Programmers at work.
Bob Rudis
BITNET: RER1@SCRANTON
------------------------------
Date: Thu, 09 Feb 89 10:10:32 EST
From: Joe McMahon <XRJDM@SCFVM.GSFC.NASA.GOV>
Subject: Finding ANTI (Mac)
The new ANTI virus works much like a PC virus, causing CODE segment 1
of applications to grow by a certain amount.
If you've been using a checksumming program, you should be able to
detect ANTI by running a checksumming sweep (the VCheck program will
do this).
Also, GoFer (sp?) can check the resource forks of files for the string
"ANTI" (which is where the virus's name comes from). FEdit can also be
used for this.
Jeff Shulman (the author of VirusDetective (tm)) is planning on adding
code to it to be able to scan for arbitrary hex sequences in a file.
Also, it has been sent on to Bob Woodhead, who will be working on
adding it to Virex.
More as it develops...
--- Joe M.
------------------------------
Date: Thu, 09 Feb 89 10:15:37 EST
From: Joe McMahon <XRJDM@SCFVM.BITNET>
Subject: Interferon Question (Mac)
The message you are getting reads, I think, "This is not an _HFS_
disk." The disk you are trying to check is an old 400K MFS-formatted
disk, which uses the OLD Mac file system from before System 3.0.
Interferon cannot check these disks. I don't use 400K disks now. Have
you tried Virus Rx against those? Also, you might want to copy those
to an 800K disk and then check them.
--- Joe M.
------------------------------
Date: Thu, 9 Feb 89 10:44 EST
From: <ROGO@ALBNY1VX.BITNET>
Subject: The BOOK
I talked to Bill Machrone, PC MAG columnist, a few days ago.
He confirmed for me that the book he alluded to was indeed "Computer Viruses-
A High Tech Disease", by Ralf Burger, American (English language) publisher,
Abacus, 5370 52nd Street SE, Grand Rapids, MI 49508, ISBN #1-55755-043-3,
Copyright 1988. Originally published in German by Data Becker, GmbH,
Merowingerstrase 30, 4000 Dusseldorf, West Germany. The phone number for
Abacus is 1-800-451-4319.
The book is good. The viruses, worms, etc do work. We have tried
them. What do you think of the ethics of asking our librarian to remove
it from general circulation?
Steve Rogowski
Computing Center
SUNY-Albany
518-442-3767
------------------------------
Date: Thu, 9 Feb 89 13:06:58 EST
From: ca126 <ca126@CITY.AC.UK>
Subject: Information Request
I am a second year computer science student at the City
University, London, England. As part of my degree course I am writing
a project on UNIX security with three fellow students. I have received
a report on the internet worm, written by Bob Page, and wondered if
you could send me more information on viruses/worms found on various
networks, their (apparent) purpose and the methods used to prevent
their spread.
I would be grateful if you could also send me Bob Page's email
address, as it was not included in the report, and I have been unable
to contact him as yet.
Thanking you in anticipation,
Adrian Jones. ca126%city.ac.uk@cunyvm.edu
also David Brownlee. ca121%city.ac.uk@cunyvm.edu
Pete More. ca130%city.ac.uk@cunyvm.edu
Ian Taylor. ca146%city.ac.uk@cunyvm.edu
The lecturer supervising the project is:-
Sunil Das. sunil%cs.city.ac.uk@cuny.edu
[Ed. This message was improperly sent to VALERT-L; please do not
respond to it there. The author has been informed.]
------------------------------
Date: Thu, 9 Feb 89 13:16 EST
From: "Mark H. Anbinder" <THCY@VAX5.CCS.CORNELL.EDU>
Subject: RE: Request for info... Interferon 3.0 (Mac)
Interferon is telling you that the disk you are giving it is not an
HFS disk (not HPS). HFS stands for Hierarchical Filing System, and is
the Macintosh disk format that is the current standard. Before the
MacPlus came out, MFS (Macintosh Filing System) was the disk format.
The easiest way for the average user to tell the difference between an
HFS and an MFS disk is that the HFS disk holds 800K and the MFS disk
holds 400K. In any case, the Interferon program can not check for
viruses on the old format, MFS disks.
If you want more information about the real differences between MFS
and HFS... an MFS disk is organized as a flat, single-level storage
space. The folders are just provided to neaten the desktop. In HFS,
the folders are actually logical subdirectories, much as you'd find on
an IBM PC, or on many mainframes (though NOT under CMS on an IBM
mainframe). This allows you to group your files in ways that actually
matter when you're using your computer. To tell whether a disk is MFS
or HFS (the 400/800K distinction is not universally true), look in any
of that disk's windows, at the double line below the title bar and
below the information about the number of files, the amount of space
available, and so forth. At the extreme left of this double line, an
HFS disk has a pixel between the two lines, and an MFS disk does not.
Forgive me if this isn't clear... it's much easier to explain
graphically than in words! I'll be happy to try again if anyone wants
more (or clearer) information.
Mark H. Anbinder
THCY@VAX5.CIT.CORNELL.EDU
THCY@CRNLVAX5
------------------------------
Date: Thu, 09 Feb 89 15:13:33 EST
From: Claude Goldman <CLAUDE@BROWNVM.BITNET>
Subject: Protecting Public IBM PC's
I work for Computing and Information Services at Brown University. We
have publicly available PCs and would like to protect then against
virus and if that fails detect the presence of virus on hard disks and
floppys. Can this list suggest either PD/Shareware or Comerical
software? Additional is there a way of testing this software without
actually infectiong a machine? Any help would be appreciated. If
responses are sent to me I will gladly summarize the results and post
them to the list to reduce network traffic.
Acknowledge-To: <CLAUDE@BROWNVM.BITNET>
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253