home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.77
< prev
next >
Wrap
Text File
|
1995-01-03
|
8KB
|
201 lines
VIRUS-L Digest Thursday, 30 Mar 1989 Volume 2 : Issue 77
Today's Topics:
several reports available via anonymous FTP
Anti viral software and known viruses
Arcmaster: here is the explanation (PC)
---------------------------------------------------------------------------
Date: Thu, 30 Mar 89 09:02:38 EST
From: luken@ubu.cc.lehigh.edu (Kenneth R. van Wyk)
Subject: several reports available via anonymous FTP
Over the last couple of weeks, I've received several technical reports
from various people. I'd like to announce their availability.
Currently, they're only available via anonymous FTP from
lll-winken.llnl.gov, but I hope to have them on our LISTSERV shortly,
for BITNET users (FTP is for Internet users only).
Available are:
Coping With Computer Viruses and Related Problems
by David M. Chess and Steve R. White
IBM T.J. Watson Research Center
filename: ibm.paper
Net Hormones: Part 1
Infection Control Assuming Cooperation Among Computers
by David S. Stodolsky, PhD.
filename: net.hormones
Virus 101 - Chapters 1,2,3 (would someone please send me chapter 4?)
by George Woodside
filenames: virus101.1, virus101.2, virus101.3
These files are all in the ~ftp/virus-l/docs directory on
lll-winken.llnl.gov.
Special thanks to all those who worked on these documents! Your
efforts are *greatly* appreciated!
Enjoy,
Ken
------------------------------
Date: Thu, 30 Mar 89 16:22:41 BST
From: David.J.Ferbrache <davidf@CS.HW.AC.UK>
Subject: Anti viral software and known viruses
A quick request, as you may know Jim Wright's in the process of trying
to establish a network of co-operating server sites each of which are
prepared to create a directory of anti-viral software for one or
machine types.
Each server site would then share anti-viral software, with regular
notices of newly available software, index lists and note of the
methods of obtaining software being published on the virus lists, and
probably on the comp.sys groups.
Anyhow, now the request, I would be very grateful for details of where
the following anti-viral programs can be obtained, preferably from an
email based server :-
IBM PC
Cop command obfuscation processor
Ice intrusion countermeasure electronics (Cyberpunk anyone?)
Ifcrc CRC checker
Novirus file size monitor
Trojan stop disk request interceptor
Xficheck crc and file attribute checker
MAC
Agar petri dish for viruses
Nomad, nVIR weapons, nVIR assassin
Amiga
clkdoctor, killvirus, sentry, viewboot, protection, tcell
I will be publishing a list of known viruses in mid-April together
with reviews of known protective software, the provisional virus list
now includes 11 IBM PC reported strains:
Lehigh (2 variants),
Brain (alias: Lahore, Pakastani; numerous variants),
Italian (alias: Bouncing Ball, Ping Pong),
Yale (relationship with Alameda virus to be established)
Alameda (alias: Merritt)
Austrian (alias: 648, Vienna),
New Zealand (alias: Stoned),
Cascade(alias: second austrian, blackjack, 1701, 1704),
Friday 13th (alias: 1808, 1813, 1792, Israeli, Hebrew University, PLO,
sUMsDos; also the sURIV 3.01 variant)
April 1st (2 strains sURIV 1.01, sURIV 2.01)
Dbase (based on Ross's recent report, awaiting confirmation)
Hmm, two basic viruses appearing in Computer viruses: a high
tech disease, plus two other viruses developed as personal projects by
various people and never release (thank goodness!).
For the Mac, 7 strains:
MacMag (alias: Peace, Drew),
nVIR (4 variants: nVIR A, nVIR B, Hpat and AIDS)
Scores (alias: Vult),
INIT 29,
Anti,
2 hypertext viruses: Dukakis, Hypertext avenger (Don't know
much about this, only going by one of Alan Solomon's papers)
For the Amiga, 9 strains (including a few anti-virus viruses):
Swiss crackers association, IRQ, Byte Bandit, Byte Warrior,
Revenge, Obelisk softworks crew,
[ North Star, Pentagon Circle, SystemZ - anti-viruses]
For the Atari ST, 11 strains (including 1 anti-virus virus):
info mainly from George Woodside's virus killer program,
Anti, Blot, Freeze, Mad, Screen, Key, ACA, Anti, Mouse inverter
and from the Virus destruction utility:
Milzbrand link virus
also known to exist a family of viruses produced by the Virus
construction set available at a recent German computer fair.
For the Atari 8 bit series:
1 alleged virus (no details as of yet)
For the Apple II system, 4 strains:
Elk cloner, festering hate, Cyberaids and Zlink
For a grand total of 44 discernable strains which are (or in some
extinct cases wer)e in circulation, I guess with about 57 if you count
variants as separate viruses. A list of this kind by its very nature
cannot be comprehensive, but I would be exceptionally grateful for
information on any viruses which do not appear on the above list, and
on any aliases you use for the above viruses which I have not cited.
And PLEASE, PLEASE how about some consensus regarding the terms used
to name viruses (especially IBM PC), the proliferation of aliases does
no-one any good and just serves to muddy the water. So far we have
named viruses by characteristic growth in file length, transient
memory usage, strings found in code, originating country, major
infections, resources added, obvious screen symptoms, oh and alleged
writer!
Oh, thanks to Y.Radai for the corrections on my report about the April
1st strains. Hopefully, it won't be quite as prolific as the Friday
13th.
It is my intention to disassemble a number of the more common viral
strains in the near furture to cross-check the reports published on virus-l,
comp.sys groups et al. The next list will include a classification of each
virus by its mode of operation, brief description of symptoms and available
disinfection software. Anyone else compiling a similar list please get in
touch so we can arrange to pool information, any reports of infections by
viruses not appearing on the above list would be of particular interest.
PS.Any more news about the so called Russian virus?
- ------------------------------------------------------------------------------
-
Dave Ferbrache Personal mail to:
Dept of computer science Internet <davidf@cs.hw.ac.uk>
Heriot-Watt University Janet <davidf@uk.ac.hw.cs>
79 Grassmarket UUCP ..!mcvax!hwcs!davidf
Edinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553
------------------------------
Date: Thu, 30 Mar 89 11:50:24 EST
From: msmith@topaz.rutgers.edu
Subject: Arcmaster: here is the explanation (PC)
Original-From: felstein@mcnc.org (Bruce M. Felstein)
Original-Subject: Re: Virus warning
The supposed bugs in ARCMASTER version 4xx and higher do not exist. If
people would bother to read the doc files they would have learned that
the directory that you specify for it to use to unarc and arc files to
MUST be a special blank directory, since it will erase the entire
contents of the directory after it finishes rearchiving the file. If
you didn't bother to read the docs you might specify your root
directory to use for this function and after ARCMASTER was done, it
would automatically erase all files in that directory.
Bruce Felstein Microelectronic Center of NC
N3DOD Research Triangle Park, NC
felstein@mcnc.org
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253