home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
scc
/
ddn-security-9221
< prev
next >
Wrap
Text File
|
1992-08-13
|
4KB
|
96 lines
**************************************************************************
Security Bulletin 9221 DISA Defense Communications System
August 14, 1992 Published by: DDN Security Coordination Center
(SCC@NIC.DDN.MIL) 1-(800) 365-3642
DEFENSE DATA NETWORK
SECURITY BULLETIN
The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
Coordination Center) under DISA contract as a means of communicating
information on network and host security exposures, fixes, and concerns
to security and management personnel at DDN facilities. Back issues may
be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5]
using login="anonymous" and password="guest". The bulletin pathname is
scc/ddn-security-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. scc/ddn-security-9221).
**************************************************************************
Virus Alert: "ALIENS 4"
On Saturday, August 8 1992, what is believed to be a new "polymorhpic" or
"adaptive" virus strain was detected on a Macintosh IIci running System 7
at the Space Environment Lab in Boulder, Colorado.
The NOAA/NIST staff working on the problem have been unable to identify this
particular strain, so have given it the name "Aliens 4" because:
(1) It's fast
(2) It mutates
(3) It likes to travel
(4) Every time you think you've eradicated it, it pops up somewhere else.
It is not known at this time whether the virus came in on an infected floppy
or via Internet or DECnet. However, there is a strong suspicion that the virus
can travel via networks.
We also suspect that this virus is one of the new viral strains that can
"mutate" into different forms, making it extremely dangerous because it is
difficult (if not impossible) to trace and very difficult to eradicate.
The investigation continues, but this is what has been found out so far:
(1) It appears to infect System 7 Mac's easier than System 6.07 systems.
(2) It appears as seemingly random system malfunctions (disk drives can't
read disks, printer problems, uncommon desktop displays).
(3) It does NOT appear to destroy files.
(4) Symantec (and others) seem capable of detecting it, but unable to
eradicate it completely.
(5) It was first reported by anti-viral software as the nVIR A strain,
then the MBDF A strain, and so on. For this reason, it has been
identified as a polymorphic or adaptive filter.
(6) The only 100% effective solution to date seems to be the "hard"
re-formatting of infected disks.
The point-of-contact for information about the ALIENS 4 virus is:
Mr. Dave Bouwer
dbouwer@selvax.sel.bldrdoc.gov
(303) 497-3899
If more concrete information on this virus becomes
available, interested parties will be notified.
******************************************************************************
** **
** The DDN Security Coordination Center (SCC) would like to thank **
** Mr. Dave Bouwer for bringing this to our attention. **
** **
******************************************************************************
****************************************************************************
* *
* The point of contact for MILNET security-related incidents is the *
* Security Coordination Center (SCC). *
* *
* E-mail address: SCC@NIC.DDN.MIL *
* *
* Telephone: 1-(800)-365-3642 *
* *
* NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, *
* Monday through Friday except on federal holidays. *
* *
****************************************************************************