home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
scc
/
ddn-security-8902
< prev
next >
Wrap
Text File
|
1991-07-10
|
3KB
|
74 lines
**********************************************************************
DDN Security Bulletin 02 DCA DDN Defense Communications System
05 Oct 89 Published by: DDN Security Coordination Center
(SCC@NIC.DDN.MIL) (800) 235-3155
DEFENSE DATA NETWORK
SECURITY BULLETIN
The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
Coordination Center) under DCA contract as a means of communicating
information on network and host security exposures, fixes, & concerns
to security & management personnel at DDN facilities. Back issues may
be obtained via FTP (or Kermit) from NIC.DDN.MIL [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest". The bulletin
pathname is SCC:DDN-SECURITY-nn (where "nn" is the bulletin number).
**********************************************************************
COLUMBUS DAY / OCTOBER 12TH / FRIDAY THE 13TH / DATACRIME VIRUS
1. Recently, there has been considerable attention given to a family
of MS/DOS-PC viruses with many names: Columbus Day, October 12th
(later redesignated October 13th), Friday the 13th, and DataCrime.
According to the Computer Virus Industry Association, there have been
only SEVEN confirmed U. S. "sightings" to date. Based on this,
there may be only a few dozen sites affected.
2. Normally the SCC would not be involved with a personal computer
virus incident (unless it was propagated via the DDN). However, this
virus has received extensive media coverage, necessitating a DDN
Security Bulletin to answer some commonly asked questions.
+ + + + + + + + + + + + + + + + + + + + + + + +
Q: What is known about this Columbus Day/DataCrime virus?
A: There are several variants of DataCrime. They are designated
"1168", "1280", and "DataCrime II" (or "1514"); this naming convention
is based on the number of bytes each added to the .COM files it has
infected. DataCrime II infects both .EXE and .COM files.
Q: How does DataCrime spread?
A: The DataCrime Viruses are designed to infect via diskette sharing.
There is no network component (unlike the infamous November Internet
Worm), therefore they CANNOT traverse the DDN unassisted. The only
way a DataCrime virus can be spread through a network is by FTP'ing an
infected file into a PC and running it.
Q: What is the result?
A: On or after Friday, 13 October 1989, these software timebombs will
reformat cylinder 0 of any infected hard disk (drive C:) and display
the message, "DATACRIME VIRUS RELEASED: 1 MARCH 1989". The infected
PC cannot boot from drive C:, and all data on it is unreachable.
Q: How can DataCrime (and other viruses) be stopped?
A: The National Institute of Standards and Technology (NIST) has
recently issued guidelines for controlling malicious software in
various computer environments, including PCs and networks. The SCC
has obtained an electronic copy of NIST Special Publication 500-166,
"Computer Viruses and Related Threats: A Management Guide" by John P.
Wack and Lisa J. Carnahan. It may be obtained via FTP (or Kermit)
from NIC.DDN.MIL [26.0.0.73 or 10.0.0.51] using login="anonymous" and
password="guest". The pathname is SCC:NIST-001.
**********************************************************************