home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.48
< prev
next >
Wrap
Text File
|
1995-01-03
|
11KB
|
238 lines
VIRUS-L Digest Wednesday, 15 Feb 1989 Volume 2 : Issue 48
Today's Topics:
RE: VT100 emulation (Commodore 64)
MIT virus paper available for anonymous ftp (Internet)
DECNET VTxxx trojan horse
Re: 3M ad
Authentication
help on VIRUS-L archives
---------------------------------------------------------------------------
Date: Tue, 14 Feb 89 17:36 EST
From: LEFF@vms.cis.pittsburgh.edu
Subject: RE: VT100 emulation (Commodore 64)
I am completely familiar with one of the popular VT100/VT102/VT52
emulators for the Commodore 64 (EMULATOR.100, Allegheny Software
Works, P.O. 7103, Pgh., PA 15213). This is a standard emulator that
follows the DEC manual--there is NO WAY to set the answerback message
from the host site. There is also NO WAY to echo text from the screen
back to the host--I don't think "send character" and "send line" are
part of VT100/VT102 or VT52--don't know about the VT131's though.
Also, the function keys/user defined keys can ONLY be programmed from
the terminal side.
Certainly any emulator that allows the host to reprogram its
answerbacks/user defined keys is wide open to attack!
------------------------------
From: Jon Rochlis <jon@ATHENA.MIT.EDU>
Date: Tue, 14 Feb 89 18:13:06 EST
Subject: MIT virus paper available for anonymous ftp (Internet)
The MIT paper on the Internet virus of last Novemember, "With
Microscope and Tweezers: An Analysis of the Internet Virus of November
1988", is now available via anonymous ftp from either bitsy.mit.edu
(18.72.0.3) or athena-dist.mit.edu (18.71.0.38) in the pub/virus
directory as mit.PS (and mit.PS.Z). A version of this paper will be
presented at the 1989 IEEE Symposium on Research in Security and
Privacy.
-- Jon
Abstract:
In early November 1988 the Internet, a collection of networks
consisting of 60,000 host computers implementing the TCP/IP protocol
suite, was attacked by a virus, a program which broke into computers
on the network and which spread from one machine to another. This
paper is a detailed analysis of the virus program itself, as well as
the reactions of the besieged Internet community. We discuss the
structure of the actual program, as well as the strategies the virus
used to reproduce itself. We present the chronology of events as seen
by our team at MIT, one of a handful of groups around the country
working to take apart the virus, in an attempt to discover its secrets
and to learn the network's vulnerabilities.
We describe the lessons that this incident has taught the Internet
community and topics for future consideration and resolution. A
detailed routine by routine description of the virus program including
the contents of its built in dictionary is provided.
------------------------------
Date: Tue, 14 Feb 89 11:52:15 PST
From: PJS%naif.JPL.NASA.GOV@Hamlet.Bitnet
Subject: DECNET VTxxx trojan horse
Thanks to Jerry for his comprehensive posting. Apologies for an error
in mine: I had stated that it was possible to send any control
character in a MAIL message. Well, you can, but it won't be displayed
on the screen; all are converted to $ signs except for the following:
BEL BS HT LF CR FS GS RS US DEL
although if you EXTRACT the message all control codes are left intact.
Evidently DEC installed the filtering since I last tried sending
control characters in MAIL messages, when it *was* possible, for
instance, to send a control-S. The worst that appears possible with
the above set of codes is that some terminals will enter graphics
mode.
It is indeed fortunate that ESC cannot be sent, because I just
discovered that my VT220 compatible supports commands for both
programming and ordering transmission of PF keys! I tried it. It
gave me a shudder. There is a SETUP option to lock the PF keys, but
it doesn't work. Sigh...
Years ago I used a Sigma graphics terminal which was put into graphics
mode by the `escape sequence' "+-*/". Fortunately it wasn't possible
to do anything other than draw pretty pictures after that point.
Peter Scott (pjs@grouch.jpl.nasa.gov)
------------------------------
Date: Tue, 14 Feb 89 18:56 EST
From: <ACS045@GMUVAX.BITNET>
Subject: Re: 3M ad
Neil Goldman <NG44SPEL@MIAMIU.BITNET> writes:
>I was just paging through "Business Today", a magazine mailed to
>college students around the country, and stumbled upon the following
>ad:
>
>Under a picture of a 3M data cartridge it read: "Until There's a Cure
>For Computer Viruses, Take One Of These And Get Back To Work." ...
>
>It is unfortunate that our counterparts in industry are not assisting
>in rectifying the (perhaps unsolvable, yet certainly *not*
>unimprovable) problem.
Agreed. I for one was particularily disappointed to find that 3M was
behind this. Having been acquainted with a number of 3M people over
the years, I got the impression that theirs was not a company to
advertise or promote themselves in such a way.
The thing I find worst about it is that they are not only promoting
backups as a cure for virii, but plugging THEIR OWN BRAND as a cure,
as if their tapes were somehow virus-proof or immune. While this may
sound ridiculous to us, I have worked with enough people who have a
hard time knowing what to do with an "OFF" switch to know that some of
them are going to think this and interpret the ad that way. I'd just
like to see it when they get a call from somebody whose backups got
infected and screams "I thought your tapes were immune!".
As a matter of personal opinion, I have just about tossed the
commercial companies who deal with viruses and prevention on the heap
with the media. Most of the good, usable anti-virals I have seen have
been shareware or PD utilities done by somebody who was stung
themselves and wrote it to protect themselves and help out those in
similar straits. Put it another way, they did it to help the problem,
not make a buck off it.
- --Steve
- ---------------
Steve Okay ACS045@GMUVAX.BITNET/sokay@gmuvax2.gmu.edu/CSR032 on The Source
|____|
|____New address, please do not send mail
to "acs045@gmuvax2.gmu.edu" that
account is dead
"Despite Colorization, MSDOS, and lights at Wrigley Field,
One can still take comfort in the fact that no one is known
to have run COBOL under UNIX"
------------------------------
From: David.J.Ferbrache <davidf@CS.HW.AC.UK>
Date: Tue, 14 Feb 89 14:50:45 GMT
Subject: Authentication
My recent request for information has raised an interesting problem,
basically who on a public list can be trusted with potentially
sensitive information concerning the functional principles of known
viruses, or indeed for that matter with disassembled or object code
versions of the virus.
Unfortunately, being a researcher at a UK university precludes most of
the traditional techniques such as personal contact at conferences.
You try persuading my Department to pay for a trip to the US on a
matter unrelated to my full-time job (ie Part time Phd work).
Equally, when I complete my report the question of who should I send a
potentially useful reference on viruses to. The method suggested by
two of my respondents is that of a letter on Departmental notepaper, I
suspect that this is not foolproof, and the difficulty involved in
either obtaining University notepaper or producing an authentic fake
notepaper is comparitively small.
The recent case of the Modem virus hoax also points towards the need
for a list of recognised researchers in the field. (A recent article
in the FIDONET news reviewed at great length the difficulties arising
from untrusted software, together with suggestions for digital
signatures).
So in summary, unless anyone has any good ideas concerning
authentication, is there such a thing as a list of active researchers
in the field, preferably also indicating their area of specialisation?
PS. Thanks to everyone on the list who responded to my original request for
information. Since that time I have found another 5 forms of Amiga
viruses, and 4 Apple II viruses. Before anyone asks for details of these,
I am still waiting on additional information. I think that now makes
37 virus strains and variants for Micros, together with a number of
Mainframe system viruses, worm and chain letters.
If anyone is in the process of collating a list of extant viruses please
get in touch, and we can arrange to pool our information.
Dave Ferbrache Personal mail to:
Dept of computer science Internet <davidf@cs.hw.ac.uk>
Heriot-Watt University Janet <davidf@uk.ac.hw.cs>
79 Grassmarket UUCP ..!mcvax!hwcs!davidf
Edinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553
------------------------------
Date: Wed, 15 Feb 1989 18:22:00 SIN
From: Thomas Tong <TONGTECK@NUSDISCS.BITNET>
Subject: help on VIRUS-L archives
Hi ...
I would like to enquire how I can get back-dated issues of the
virus-l digests that ( apparently ) were not distributed to the BITNET
sites...
I checked several nodes ( eg. LEHIIBM1 ) for the archives but
there are some issues missing...
The latest "missing" issue that I did not receive ( and a whole
lot of other people too ) is V2 issue 01...
Hope that you can assist me in this matter. Thank you!
Thomas Tong
tongteck@nusdiscs.bitnet
[Ed. VIRUS-L originates on a BITNET/Internet node, IBM1.CC.LEHIGH.EDU
(aka LEHIIBM1.BITNET). It is directly distributed to both BITNET and
Internet. Thus, all of the back-dated issues were sent to both.
There is no V2I1, however. Actually, there is, but it contains one
"welcome back from the holidays" message from me - it was sent but
never distributed while were were having some LISTSERV related
problems. When the problems were fixed, I never re-sent that digest
since it contained no useful information. The LISTSERV archives here
on LEHIIBM1 contain 100% of the contributions to VIRUS-L - unedited.]
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253