home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.53
< prev
next >
Wrap
Text File
|
1995-01-03
|
10KB
|
204 lines
VIRUS-L Digest Wednesday, 22 Feb 1989 Volume 2 : Issue 53
[Ed. My apologies for taking so long to get this digest out - we were
having some mailer problems.]
Today's Topics:
Re: Viruses
Abacus book
Closed virus list proposal
Re: Who *benefits* from viruses?
Student's Disks (MAC)
---------------------------------------------------------------------------
Date: Wed, 1 Feb 89 10:40:35 EST
Sender: SECURITY Digest <SECURITY@PYRITE.RUTGERS.EDU>
From: Alex Nishri <nishri@GPU.UTCS.TORONTO.EDU>
Subject: Re: Viruses
Three copies of a garden variety nVir were included on the "QLTech
MEGA-ROM" CD-ROM, Volume 1 October 1988, produced by Quantum Leap
Technologies, Inc. This CD-ROM is a collection of public domain and
shareware Macintosh software, available for about $35. Quantum Leap
Technologies sent a letter out once the virus was discovered, and
subsequently released a replacement disc, labelled Volume 2 December
1988. Unfortunately for us here at the University of Toronto
Computing Services, the virus had already spread by that point. We
know the virus has spread into our University Community, but have no
way of estimating how many people were affected. Within the Computing
Services itself about twenty machines were hit.
------------------------------
Date: Tue, 21 Feb 89 15:52:05 est
From: ubu!luken@lehi3b15.csee.lehigh.edu
Subject: Abacus book
In briefly looking over the Abacus book, Computer Viruses: A High Tech
Disease, I see that the book is fairly interesting, but (imho) much
seems to have been lost in the translation from German into English.
In English, the book appears to be a fairly random scattering of
information on viruses, including the infamous source code examples.
Even so, it's worthwhile reading; Mr. Burger (the author) has some
interesting things to say, and his examples are worth keeping a copy
of.
I would be interested to see whether the publishing of these examples
has any real effect on computer virus activity. As people become more
aware of the virus threat and take suitable precautions, I should
think that any virus author would have to be more clever than to use
an existing example if s/he has any expectations of his/her creation
spreading any significant amount. Perhaps this is an overly
idealistic attitude.
It is interesting to note that Mr. Burger didn't include the source
code for all of his examples. Specifically, when discussing the VIRDEM
virus demo program which has been available since the Chaos Computer
Congress in December 1986, he says, "Unfortunately the source code
cannot be published because with the help of the source code anyone
would be able to change the manipulation task and have a
non-overwriting virus in 8088 assembly language." Ironically, he goes
on to give several 8088 assembly language examples.
Ken
------------------------------
Date: Tue, 21 Feb 89 15:01:09 MST
From: Chris McDonald ASQNC-TWS-R 678-4176 <cmcdonal@wsmr-emh10.army.mil>
Subject: Closed virus list proposal
David,
I would like to contribute these thoughts to your proposal. First,
there is a large range of government users who subscribe to Virus-L
who are outside the commercial and industrial concerns identified in
your proposal. These "government" subscribers may not be academic
researchers, but could be certified to meet whatever "trust" criteria
might be important. This assumes that "trust" can somehow be
established by "suitable authentication" and that authentication and
trust are somehow related in the first place.
Second, the real value of Virus-L and VALERT-L lies in their ability
to disseminate information quickly and with a rather high degree of
reliability and integrity. I wonder if the establishment of yet
another list will not result in the eventual demise of these lists
because individuals will choose to post only "non-sensitive"
information to these lists; while reserving the "sensitive" material
for your proposed addition. This assumes one can define sensitive to
everyone's satisfaction.
Third, one has seen rather detailed information posted to the INTERNET
on specific viruses, their symptoms, their strengths, their
weaknesses, and finally their eradication. Whether such discussion
has led the authors of viruses to modify their product or to
specifically combat the countermeasures is admittedly a difficult
question to answer. But, if such information had not been readily
available, most of us without the current Virus-L mailing would have
had to suffer through an infection with little background on control
strategies or on detection and recovery techniques. The fact that
"sensitive" information is available on Virus-L, RISKS-FORUM and other
mailings is a reality which I think benefits all of us. The issue of
network encryption and host/user authentication are real problems.
But, if one waits until those problems have cost-effective solutions,
we will have assisted the virus authors in my opinion. I do not wish
to engage in a debate over what is "sensitive" or not, but I note this
fact. Both Gene Spafford and MIT have distributed reports on the
recent INTERNET Worm. Those analyses identify technical
vulnerabilities which typically have been reserved for a small circle
of system administrators and WIZARDS. But most of us on the INTERNET
are not in that circle, nor are we WIZARDS. I applaud the subject
reports precisely because they represent a conscious attempt to
distribute information. I think an additional list, which would have
to rely on a moderator to extract material for posting elsewhere,
would have the opposite effect and would impede distribution.
Four, I think we in the US are already as a matter of Federal statute
and executive policy equipped to support the collection and
distribution of that really "sensitive" data to which you refer. The
National Security Agency and the National Computer Security Center
already provide support to the government, university and private
sectors. The National Institute of Science and Technology has the
charter to provide comparable support to the government, university
and private sectors in the area of unclassified computer processing.
I have no reason to question either the competency or the sincerity of
those individuals tasked with such responsibilities. In fact, I have
always been impressed with their professionalism.
Finally, I really like the idea of a "clearing house" on virus
information. I think we already have the foundation in Virus-L and in
the general effort of Ken and others at Lehigh. I really think it is
too difficult a task to determine the criteria of "trust" and to then
implement and maintain the administrative tasks associated with that
criteria. Therefore, I would prefer to defer the establishment of an
additional list at this time.
Thanks for the opportunity to express my thoughts,
Chris McDonald
White Sands Missile Range
------------------------------
Date: Fri, 3 Feb 89 00:21:46 MST
Sender: SECURITY Digest <SECURITY@PYRITE.RUTGERS.EDU>
From: Lazlo Nibble <cs1552ao@CHARON.UNM.EDU>
Subject: Re: Who *benefits* from viruses?
>From SECURITY Digest...........
- ----------------------------Original message----------------------------
> So, some kind person comes along and starts to distribute a virus.
> This makes everyone SO SCARED of accepting a non shrink-wrapped diskette
> that the piracy problem just goes away ...
It's already happened, at least in the Apple pirate community. Last
summer, CyberAIDS and Festering Hate, two Apple //-specific viruses,
were released into the pirate community. They were real killers, and
Festering Hate is apparently still floating around in some quarters.
But even though the pirate community was hit (and hit HARD -- several
of the largest pirate BBSes in the country were knocked down before
anyone even knew what was happening) things are still trundling
happily along today.
There are no simple solutions to software piracy. All the ones I've
heard that sounded to me like they might work involved measures so
draconian that only the most singleminded anti-pirate types would
consider them feasable. Nothing short of a complete reprogramming of
society's views on WHO OWNS INFORMATION is going to put an end to it,
and frankly I don't see that happening in my lifetime . . .
laz (cs1552ao@charon.unm.edu)
------------------------------
Date: Wed, 22 Feb 89 10:02:02 EDT
From: "A. Goldberg" <CS0250A2@UKCC.BITNET>
Subject: Student's Disks (MAC)
At The University of Kentucky, although we have very few Mac's, and
they are exclusively in one room (so this may or may not be applicable
to E_DAVIES@HVRFORD), before disks are allowed to be used they must be
checked by a consultant to be virus-free.
Last spring aparently (I was not here at the time) we ran into a
similar problem.
However, there are a number of Mac's on campus that are not available
to general student use, and as a result many of those users don't
realize that virus's even exist -- which obviously leads to a lot of
virus's floating around campus...but the machines available for
general use are virus-free.
Hope this helped E_DAVIES (and others)
Adam Goldberg - CS0250A2@UKCC.BITNET
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253