home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.75
< prev
next >
Wrap
Text File
|
1995-01-03
|
12KB
|
279 lines
VIRUS-L Digest Wednesday, 29 Mar 1989 Volume 2 : Issue 75
Today's Topics:
"dBase virus" (PC)
disinfectant (Mac)
RE: Virus in PD Software
Television & viruses
News Usenet group comp.virus
Re: Israeli viruses (PC)
Disinfectant (Mac)
---------------------------------------------------------------------------
Date: Tue Mar 28 22:23:43 1989
From: utoday!greenber@uunet.UU.NET
Subject: "dBase virus" (PC)
Hmmm. Although the transposition algorithm in the (what I'm calling)
the dBase Virus was pretty simple, it took a while to hack through the
virused code to see what was happening. Far easier than
reconstructing the algorithm was merely to defang it as I indicated in
my posting.
Consider if the bad-guy encrypted the transposition-information file.
Besides, I took some sort of perverse joy out of using the bad guys's
code to reverse his "work" (we must all get our pleasures in some
strange way, right? :-) )
Ross M. Greenberg
UNIX TODAY! 594 Third Avenue New York New York 10016
Review Editor Voice:(212)-889-6431 BBS:(212)-889-6438
uunet!utoday!greenber BIX: greenber MCI: greenber CIS: 72461,3212
------------------------------
Date: Wed, 29 Mar 89 08:03:27 CET
From: "Willem N. Ellis" <A429WILL@HASARA11.BITNET>
Subject: disinfectant (Mac)
Disinfectant was announced a few days ago on the Infomac list. Bitnet
users may obtain it from the LISTSERV @ RICE by sending a mail with as
only text: $macarch get virus/disinfectant.hqx
Unfortunately, I do not have description of the program at hand, but
it looked impressive indeed.
Willem N. Ellis
------------------------------
Date: Wed, 29 Mar 89 00:05 EST
From: "SYSOP, THE SHENANDOAH VALLEY HELPLINE BBS: (703) 269-4802"
<STU_CWHITES@JMUVAX1>
Subject: RE: Virus in PD Software
Roman Olynyk writes that CD-ROM is a good source of "sanitized"
software. Although it may be more reliable than software downloaded
from a local BBS, it still doesn't assure you of a clean program.
Recently, here at JMU, several versions of Macintosh viruses made it
onto campus through just such a media. Although the CD-ROM is
unaffected by the virus, the software on it can be replaced. Not so
for the data residing on your PC that you've put so much work into. I
am a strong believer in the PD/Shareware concept, and feel that the
programs are as safe as the shrink wrapped variety. However, I also
think that getting it from the source is a reasonable precation.
Chip Whiteside
------------------------------
Date: Tue, 28 Mar 89 21:35 EST
From: <RER1@SCRANTON.BITNET>
Subject: Television & viruses
FYI -- television & viruses
I'm not sure how many "trekkies/trekkers" subscribe to this list, but
this is the latest medium for public awareness of viruses. Last weeks
Star Trek -- the Next Generation was centered around (of all things)
viruses. The Enterprise was heading to the neutral zone to meet with
a ship who was investigating a strange planet. During the ships
contact with the planet, it received transmissions that were stored in
the computer banks. After that, the ship began to experience mishaps
and system failures here and there. When the Enterprise finally met
up with the ship, they barely had time to download the logs and data
before the ship exploded. They were convinced that it was a design
flaw with the ship and not due to any external force.
Well, to make a long story even longer, the Enterprise began to
experience the same problems. Through careful analysis, they
discovered that the errors were caused by a program which was attached
to the downloaded logs. The program, once in the Enterprise's banks
began to adapt to the environment and seek out available space and
re-generate itself throughout the whole system. After a good amount
of storyline, they finally figured out that the way to get rid of the
"virus" was to shut down systems and (I'm paraphrasing) re-format and
re-initialize from backups which were locked and stored in one of the
bays.
For a change, I saw nothing wrong with the way viruses were dealt with
in a television program. This is far from the teenage revenge hacker
with black, thick-rimmed glasses seeking to destroy the government.
If anyone else has seen it, please let me know what you think.
Reply to: RER1@SCRANTON
------------------------------
Date: Wed, 29 Mar 89 07:53:15 CST
From: jwright@ATANASOFF.CS.IASTATE.EDU
Subject: News Usenet group comp.virus
To all virus-l readers,
As some of you may be aware, there is an effort underway to
establish a new newsgroup on the Usenet system: comp.virus.
This group will have close ties to virus-l. The group will
be moderated by Ken van Wyk. All traffic on virus-l will
appear on comp.virus, and vice-versa. The most significant
benefit of this will be the much larger base of informed
computer users who can contribute to the group. Usenet
propogates throughout the entire world, and has ties to
many different networks.
As a supplement to the creation of comp.virus, I have been
trying to coordinate the establishment of a number of
anti-viral archive sites. We currently have commitments
for archive sites for Amiga, AppleII, Atari ST and Mac
computers. I'm still trying to find an IBM PC site.
Dave Ferbrache will be the European coordinator of comp.virus. He
will handle issues of particular interest to European readers
(conventions, archive sites, etc.).
New group creation procedures on Usenet require an initial
call for discussion, followed by a two week discussion
period. Then a call for votes is posted, and a four week
voting period ensues. After this, the group is created if
(1) at least 100 votes have been received and (2) if the
number of YES votes exceeds the No votes by at least 100.
We are currently in the voting stage, which will end April 23.
If you would like to cast a vote on this, send mail to
jwright@atanasoff.cs.iastate.edu
To vote for the creation of comp.virus, include the word
"YES" in the subject line or body of the message. To vote
against the creation of comp.virus, include the word "NO".
Please, only vote if you actually receive Usenet and are
a potential reader of comp.virus.
Jim Wright
jwright@atanasoff.cs.iastate.edu
------------------------------
Date: 29 March 1989, 09:42:55 EST
From: David M. Chess <CHESS@YKTVMV.BITNET>
Subject: Re: Israeli viruses (PC)
I have seen two "April 1st" viruses (they came to me from Israel; no
telling where they started, of course!). One infects COM files and,
if I'm reading it right, will display the message "YOU HAVE A VIRUS"
any time any program is run in an infected system after April 1, 1988.
So this one isn't likely to be around any more, if it ever was
(because any infected system would be so obviously infected).
The other one infects EXE files. It will print a message ("APRIL 1ST
HA HA HA YOU HAVE A VIRUS") and hang the machine on any April 1st in
1988 or after. On any Wednesday after 1988/3/1, it will install a
timer hook which will hang the system later on. If the year is 1980
(not set), it will also install the hook. So infected systems will
hang on Wednesdays; again, a very unsubtle virus!
I haven't heard any reports of either one recently, or outside of
Israel. Of course, there may be other similar viruses around, and my
notes above may not be at all true for them. If you get a virus that
sounds like it might be one of them, have a guru rip it thoroughly
apart, to make sure...
DC
------------------------------
Date: 29 March 1989, 11:20:55 EST
From: jln@acns.nwu.edu
Subject: Disinfectant (Mac)
Yes, Disinfectant is for real. I'm the author. I'm attaching a copy
of the announcement I posted on the internet.
The program is available via anonymous FTP from:
sumex-aim.stanford.edu
rascal.ics.utexas.edu
It's also available on CompuServe, Genie, BIX, MacNet, CI$, Delphi, and
AppleLink.
- ---------- Announcement:
Disinfectant 1.0 is the first public release of a new program to
detect and remove Macintosh viruses.
Features:
- - Detects and repairs files infected by Scores, nVIR A, nVIR B, Hpat,
AIDS, INIT 29, ANTI, and MacMag. These are all of the currently known
Macintosh viruses.
- - Scans volumes (entire disks) in either virus check mode or virus
repair mode.
- - Option to scan a single folder or a single file.
- - Option to "automatically" scan a sequence of floppies.
- - Option to scan all mounted volumes.
- - Can scan both MFS and HFS volumes.
- - Dynamic display of the current folder name, file name, and a thermometer
indicating the progress of a scan.
- - All scans can be canceled at any time.
- - Scans produce detailed reports in a scrolling field. Reports can be
saved as text files and printed with an editor or word processor.
- - Carefully designed human interface that closely follows Apple's
guidelines. All operations are initiated and controlled by 8 simple
standard push buttons.
- - Uses an advanced detection and repair algorithm that can handle partial
infections, multiple infections, and other anomalies.
- - Careful error checking. E.g., properly detects and reports damaged and
busy files, out of memory conditions, disk full conditions on attempts
to save files, insufficient privileges on server volumes, and so on.
- - Works on any Mac with at least 512K of memory running System 3.2
or later.
- - Can be used on single floppy drive Macs with no floppy shuffling.
- - 8500 word online document describing Disinfectant, viruses in general,
the Mac viruses in particular, recommendations for "safe" computing,
Vaccine, and other virus fighting tools. The document can be saved as
a text file and printed with an editor or word processor. We tried to
include everything in the document that the average Mac user needs to
know about viruses.
I wrote Disinfectant with the help of an international group
of Mac virus experts, programmers and enthusiasts: Wade Blomgren,
Chris Borton, Bob Hablutzel, Tim Krauskopf, Joel Levin, Robert Lentz,
Bill Lipa, Albert Lunde, James Macak, Lance Nakata, Leonard Rosenthol,
Art Schumer, Dan Schwendener, Stephan Somogyi, David Spector, and
Werner Uhrig.
These people helped design and debug the program, edit the document,
locate copies of the viruses for testing, and analyze the viruses. I
wrote all the code, but I could not have written the program without
their help.
Disinfectant is an example of a new kind of cooperative software
development over the internet. It was developed over a period of three
and one half months starting on December 1, 1988. During this period I
sent out nine development releases and nine Beta releases to the
working group, and we exchanged several hundred notes. The result is a
program that is much better than any one of us could have produced
individually.
We are offering this program free of charge as a public service. We
hope that the Mac community finds it useful.
John Norstad
Academic Computing and Network Services
Northwestern University
Bitnet: jln@nuacc
Internet: jln@acns.nwu.edu
AppleLink: a0173
CompuServe: 76666,573
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253