home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.79
< prev
next >
Wrap
Text File
|
1995-01-03
|
9KB
|
213 lines
VIRUS-L Digest Friday, 31 Mar 1989 Volume 2 : Issue 79
Today's Topics:
RE: The Star Trek virus.
Re: Arcmaster bug (PC)
Disinfectant 1.0 Bugs (Mac)
Hypercard based viruses... (Mac)
How can I get into VIRUS-L archives
administrative message (please read)
---------------------------------------------------------------------------
Date: Fri, 31 Mar 89 09:13 EST
From: Morton Downey Jr. for President. <KUMMER@XAVIER.BITNET>
Subject: RE: The Star Trek virus.
There's been some mention of the Star Trek: The Next Generation
episode "Contagion". The episode seemed to me to be an attempt to
educate people about viruses. What the episode said to me was, that
while viruses can be potentially dangerous (i.e. it destroyed the
Yamato), the solution to them is fairly simple (a shut down of the
Enterprise computer, clean out effected memory, then a restart). This
seems to be a much better way to discuss the problem than the
sensationalism that goes on when viruses are discovered.
Tom Kummer
------------------------------
Date: Fri, 31 Mar 89 09:35:24 EST
From: "Peter G. Rose" <LCO114@URIACC.BITNET>
Subject: Re: Arcmaster bug (PC)
>>The supposed bugs in ARCMASTER 4xx do not exist. ...
>>the directory that you specify for it to use to unarc and arc files to
>>MUST be a special blank directory ...
>>[If you] specify your root directory ... it would automatically erase
>>all files in that directory.
Ok, its not a bug, its a design error. It's STILL wrong. If the damn
thing is going to require its own special blank directory, why doesn't
it create its own?
P.Rose
[Ed. If the problem was actually due to a design error, as appears to
be the case, then it is a problem unrelated to viruses that should be
taken up with the author of Arcmaster.]
------------------------------
Date: Fri, 31 Mar 89 10:46:24 EST
From: jln@acns.nwu.edu
Subject: Disinfectant 1.0 Bugs (Mac)
Disinfectant 1.0 has been released for about a week and a half now,
and for the most part it seems to be working well. There have been a
few bug reports, however, and I want to let you know that I'm working
on a 1.1 release to fix them. It will be at least a few weeks before
I release it. I want to wait a bit until I'm certain that we've
discovered all the problems in 1.0. Until then, watch out for the
following problems.
Some kinds of "damaged" files could cause version 1.0 to hang, bomb,
or put up its "out of memory" alert. Version 1.1 will do a better job
of checking for damaged files. If you get a bomb, hang, or out of
memory alert while scanning with 1.0, try removing the file that was
being scanned from your disk and then scan the disk again.
Scanning an active server disk in 1.0 is problematic. If other users
create or delete files or folders while the scan is in progress, it
can sometimes cause other files or folders to be skipped or scanned
twice. This is a problem shared by almost all programs which scan
disks. We've designed and implemented an improved disk scanning
algorithm for 1.1 to avoid this problem. Note that in any case we
continue to recommend that you take servers out of production to scan
them. This is the only way to avoid file busy errors and insufficient
privileges errors.
Version 1.0 evidently doesn't work at all over a TOPS network. We'll
try to find out why and fix it if possible. For now you should not
attempt to scan non-local disks over TOPS.
Disinfectant works on unenhanced 512K Macs with System 3.2 or later,
but it requires the "Hard Disk 20" file. We overlooked this in our
testing of version 1.0. Version 1.1 will check to make sure this file
is present, and issue an alert if it is missing.
Version 1.0 doesn't properly display its icon in the Finder, because
we forgot to set the "bundle bit" when we shipped the program. This
stupid mistake will be fixed in 1.1.
If you run 1.0 on a GateKeeper-protected system to try to repair
infected files, and if you forgot to add Disinfectant to GateKeeper's
list of privileged applications, you will get "unexpected" error
messages. In 1.1 we will try to special-case these errors and issue a
better message that mentions GateKeeper explicitly.
We received reports that in some cases Disinfectant claims that a file
is infected, even when other virus tools report that the file is
uninfected (e.g., Virus Rx 1.4a1 and Virus Detective). This is
possible, since Disinfectant uses stronger checks than most of the
other tools. The files sent to us were indeed partially infected, but
not contagious. We'll document this possibility in version 1.1.
The version 1.1 document will correct a few minor typos and errors,
and we'll add a "Version History" section.
Thanks to everybody who's written about Disinfectant - I enjoy and
appreciate your notes. Special thanks to those people who have
reported bugs.
John Norstad
Academic Computing and Network Services
Northwestern University
Bitnet: jln@nuacc
Internet: jln@acns.nwu.edu
AppleLink: a0173
CompuServe: 76666,573
------------------------------
Date: Fri, 31 Mar 89 11:17:38 EST
From: dmg@mwunix.mitre.org
Subject: Hypercard based viruses... (Mac)
Original-To: david@cs.hw.ac.uk
In your message entitled "Anti viral software and known viruses", you
referenced two Hypercard viruses, "Dukakis" and "Hyperavenger". If I
am not mistaken, there is one Hypercard virus, known as "Dukakis",
written by the self-proclaimed "Hyperavenger"
David Gursky, W143
Member of the Technical Staff
Special Projects Department
The MITRE Corporation
------------------------------
Date: Fri, 31 Mar 89 14:54 CST
From: Chris Garrigues <7thSon@SLCS.SLB.COM>
Subject: How can I get into VIRUS-L archives
I just discovered that one of our Macs got infected by the "SCORES"
virus.
Since I'm not generally interested in viruses, I don't subscribe to
the list, but in this case, I'd like to look at your archives to
search for messages on this subject. How can I do this?
(Or could someone just forward me anything I need to know?)
Chris Garrigues,
Systems manager,
Schlumberger Laboratory for Computer Science
[Ed. This comes up periodically, so I thought I'd include it here.
VIRUS-L archives are available via anonymous FTP from
IBM1.CC.LEHIGH.EDU (in weekly format) and from lll-winken.llnl.gov (in
per-digest format). BITNET readers can get to the archives by sending
mail (or interactive message) to LISTSERV at LEHIIBM1 (*NOT* VIRUS-L
at LEHIIBM1). The message should read:
GET VIRUS-L LOGyymmx
where "yy" is the year (88, 89...), mm is the month (01...), and x is
a letter corresponding to the week of the month (A, B,...). So, the
archive file for the second week of March, 1989 is VIRUS-L LOG8903B.]
------------------------------
Date: Fri, 31 Mar 89 16:39:04 EST
From: luken@ubu.cc.lehigh.edu (Kenneth R. van Wyk)
Subject: administrative message
Greetings all,
VIRUS-L is now up to just about 1200 direct subscribers. Among other
things, this means that the amount of bounced mail (due to computers
or networks being down, disk quotas exceeded, etc.) gets to be pretty
major here. The most common cause of this is when an account gets
removed from a machine, I get a message back saying "user unknown" for
every digest that goes out. It's not uncommon for me to get 30 such
messages in a day. (Violins start playing...*:) Sometimes, bounced
messages snowball. For example, some mail relays try to connect for 3
days, and then send back a bounced message once every 3 days for 12
days. Needless to say, the information flow can be high.
What to do... If the message is obviously due to a permanent thing,
such as a user being removed from a system, then I remove the address
from the list. If the message could be due to an intermittent
problem, such as a network link being down, then I give that address a
day or two to clean up its act. Having failed that, I remove the user
from the list.
The moral to this long sob story is this: if you've not received any
digests in quite a while (a week or so), and/or if you know that your
e-mail system was down for a period of time, you may well have gotten
removed from the list, not because I'm out to get you, but because I
have to try to keep bounced mail (read: time) to a minimum. If this
happens, please understand, and re-subscribe (if you wish to rejoin
the list, that is...). (I'll add this to the "welcome" message for
new subscribers.)
Ken
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253