home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.68
< prev
next >
Wrap
Text File
|
1995-01-03
|
10KB
|
211 lines
VIRUS-L Digest Tuesday, 21 Mar 1989 Volume 2 : Issue 68
Today's Topics:
proposed comp.virus newsgroup
Viruses and Media
nVIR without execution of code? (Mac)
POSSIBLE TROJAN HORSE (Mac)
Virus Writer Obituary
---------------------------------------------------------------------------
From: David.J.Ferbrache <davidf@CS.HW.AC.UK>
Date: Mon, 20 Mar 89 13:32:32 GMT
Subject: proposed comp.virus newsgroup
As I am sure those of you with access to USENET news are aware, there
is currently a discussion under way concerning the formation of a new
newsgroup comp.virus. Hopefully the newgroup will be a useful addition
to the virus-l mailing list (with which it will be gatewayed). Through
the creation of this newsgroup (which Jim Wright is organising), we
can increase the level of knowledge of a major part of the community
about the dangers of viruses and the measures we can take to control
the spread of this menace.
I enclose a copy of an article I posted to news.groups, in response to
a variety of initial comments to the posting. Anyone with any comments
please let Jim have them at jwright@atanasoff.cs.iastate.edu, or post
them to the newsgroup news.groups. The discussion period is due to end
in about a week, after which there will be a fortnight during which
the usenet community will vote on the creation of the group.
anyway, to give you a flavour of the discussions under way:
To answer a few points concerning the comp.virus discussion underway
at the moment,
1. There is a need for comp.virus which misc.security cannot satisfy. The
later group is a general discussion forum ranging from Lockpicking to
data integrity. Comp.Virus seeks to address one specific area of computer
security, namely viruses and other self-replicating programs.
By restricting the group specifically to this topic we hope to provide
a useful, informed, technical forum providing details of new virus
threats; disinfection software; advice on general precautions against
viruses and discussion on the social impliations of computer viruses.
Computer viruses can directly affect the owners of any of the more
popular PCs (IBM, Mac, Apple II, Atari ST and Commodore Amiga). To
alleviate this growing problem it is vital that the every owner is
aware of the very real problem of viruses together with the measures
s/he can take to disinfect the system.
Many micro owners are interested in viruses but not in all aspects of
computer security.
2. The newsgroup has the potential to help virus-l (the bitnet mailing
list) reach a far larger audience, with the dual benefit of increasing
the level of knowledge of the community, and (very importantly)
reducing the delay between discovery of a new virus strain and its
reporting to the groups active in developing disinfection software.
3. This proposal was not made in isolation. Much discussion too place before
hand. The group will be gatewayed to virus-l, it will be supported by
a network of software archive sites, it will receive regular summaries
for new members of known viruses, disinfection software and archive sites.
4. The problem of viruses is not machine specific. While individual virus
strains and the associated anti-viral software is machine specific, there
are many aspects of viruses which are not. Witness the excellent series
of articles published on the comp.sys groups dealing with the operational
principles of viruses, and the associated discussion on the ethics of
releasing such information (also the discussion that ensued when I posted
my original request for information on viruses). Low level DOS viruses
do share much in common between the IBM, Atari, Amiga and Apple. Techniques
that operate on one machine can be adapted for the others.
In summary,
Much thought has gone into this proposal. There is both a need and a demand
for this group (as I hope the vote will show). A news group will bring timely
information on new viruses to the whole community, and hopefully help us to
reduce the threat.
Thanks for your time.
- ----------------------------------------------------------------------------
Dave Ferbrache Personal mail to:
Dept of computer science Internet <davidf@cs.hw.ac.uk>
Heriot-Watt University Janet <davidf@uk.ac.hw.cs>
79 Grassmarket UUCP ..!mcvax!hwcs!davidf
Edinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553
------------------------------
Date: 20 March 1989, 14:26:47 CDT
From: Nicholas Geovanis 312-996-0590 UWC6NTG at UICVMC
Subject: Viruses and Media
Dimitris Vulis correctly attacks the media for inadequate and
misinformed virus reporting. I'm not trying to stray from the subject
of this list, but I'd like to mention that, after reading a recent U.S
News and World Report, I was shocked by the low quality of the
reporting and the mindless over-simplification of issues and events.
This is not a problem confined to their reporting of technical
issues. If factual reporting of international events is beyond their
desire or capability, then it's no wonder that they stumble over
technology. Unfortunately, since technology plays an increasingly
important role in American society, our citizens are destined to be
uninformed and misinformed here also.
NickGeovanis-SysProg-AdminCompCtr
UnivIllinois-Chicago
UWC6NTG at UICVMC
------------------------------
From: Mitchell Perilstein <mitch@pjd.CES.CWRU.Edu>
Date: Mon, 20 Mar 89 15:46:37 EST
Subject: nVIR without execution of code? (Mac)
In reference to Anders Christensen's message about witnessing
an nVIR infection by inserting an infected floppy to a clean machine
and immediately removing it, I would like to add two thoughts.
One is that the nVIR sourcecode was widely posted to European
bulletin boards, so a new strain that patched a system to respond to
DiskInsert events wouldn't be unreasonable.
Second, it may be possible Apple distributed some nVIR by
accident. My friend's new SE recently was infected with the nVIR
virus, and we are fairly certain it was introduced to the machine via
the "Teach Text" application on the System Tools diskette packaged
with the machine. The diskette was used to format the SE's new drive,
then it was put away and never again touched. Later, when nVIR was
found, all my friend's floppies were examined, and the Tools disk,
still locked, had the normal nVIR strain in that one application.
I emailed to someone at Apple a question about the possibility
of this happening, complete with disk serial numbers. They replied
that they had done some checking and found nothing, and suggested I
see if the machine's dealer had possibly used the diskettes. I trust
Apple on this -- their business depends upon it.
Mitchell N. Perilstein
usenet: {decvax,sun}!cwjcc!alpha!mitch
arpa: mitch@alpha.ces.CWRU.edu
------------------------------
Date: Mon, 20 Mar 89 12:05:31 PST
From: rogers@cod.nosc.mil (Rollo D. Rogers)
Subject: POSSIBLE TROJAN HORSE (Mac)
Date: 19 Mar 89 01:21:46 GMT
From: bmug@garnet.berkeley.edu (BMUG)
Newsgroups: comp.sys.mac
Subject: Trojan Horse Warning
WARNING: We have discovered the existence of a "Trojan Horse" in a
bogus upgrade to Anti-Toxin, a virus-detecting INIT from Mainstay.
The INIT, labelled as version 2.0 in the Get Info box, attempts to
format your disk and rename it "Scored!".
A couple variations of this INIT have been reported. The one we have
seen has a size of 2,276 bytes, created Fri, Jan 13, 1989, 3:05PM, and
modified Mon, Mar 6,1989, 12:03AM. A quick inspection of the
disassembled code of the INIT indicates that it does nothing until the
clock time on your mac is after Mar 13, 1989, 5:20PM. The perpetrator
obviously wanted the Trojan Horse to lie dormant for a few days,
giving it a chance to spread to more users.
Although I believe Anti-Toxin is a commercial product, this bogus
version has apparently been uploaded to several bulletin boards.
Watch out!
/\
BMUG ARPA: bmug@garnet.berkeley.EDU A__A
1442A Walnut St., #62 BITNET: bmug@ucbgarnet |()|
Berkeley, CA 94709 | |
(415) 549-2684 | |
- -------
- -------
------------------------------
Date: MON MAR 20, 1989 21.48.07 EST
From: "David A. Bader" <DAB3@LEHIGH.BITNET>
Subject: Virus Writer Obituary
Copied from the Globe-Times (Bethlehem, Pa), March 17, 1989:
Jim Hauser, 39, made first computer virus
SAN LUIS OBISPO, Calif. (AP) -
Jim Hauser, who took credit for creating the first computer virus,
was found dead Tuesday at age 39.
Deputy Coroner Ray Connelly said Hauser died following an aneurysm
of the brain suffered Sunday night or Monday morning.
Hauser said he and one of his students developed the first computer
virus in 1982 for the Apple ][ computer, designing it to give users a
"guided tour" of the computer's internal programming. Although his
program was harmless, he saw the potentially destructive capability of
what he also called an "electric hitchhiker" that could attach itself
to computer programs.
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253