HaCKeRz Kr0nlcKLeZ 1

home *** CD-ROM | disk | FTP | other *** search

/ HaCKeRz Kr0nlcKLeZ 1 / HaCKeRz Kr0nlcKLeZ.iso / chibacity / 40hex-7.arj / 40HEX-7.008 < prev next >

Wrap

Text File | 1992-06-06 | 10.6 KB | 247 lines

40Hex Number 7 Volume 2 Issue 3 File 008 More Virus News. An informed virus Programmer is a good one. Article 1: New Macintosh Virus Article 2: RockSteady's 666 Virus [NuKE] Article 3: A Stooge's View <<<<<<<<< Article 1 <<<<<<<<< Date: Fri, 17 Apr 92 11:34:50 -0500 >From: Gene Spafford <spaf@cs.purdue.edu> Subject: Mac announcement - new virus (Mac) New Macintosh Virus Discovered 17 April 1992 Virus: CODE 252 Damage: some, possibly severe (see text) Spread: unknown (see text) Systems affected: Apple Macintosh computers. All types, but see text. A new virus, which has been designated "CODE 252", has been discovered on Apple Macintosh computer systems. This virus is designed to trigger if an infected application is run or system booted between June 6 and December 31, inclusive. When triggered, the virus brings up a dialog box with the message: You have a virus. Ha Ha Ha Ha Ha Ha Ha Now erasing all disks... Ha Ha Ha Ha Ha Ha Ha P.S. Have a nice day. Ha Ha Ha Ha Ha Ha Ha (Click to continue...) Despite this message, no files or directories are deleted in the versions of the virus we have seen; however, a worried user might power down the system upon seeing the message, and thus corrupt the disk -- this could lead to significant damage. Furthermore, the virus may interact with some applications in such a manner as to damage them. Under System 7, the System file can be seriously damaged by the virus under at least some circumstances as the virus attempts to spread. This may lead to a system that will not boot, crashes, or other unusual behavior. Between January 1 and June 5, inclusive, the virus simply spreads from applications to system files, and then on to other application files. At the present moment, we have no indication that the virus causes direct damage to any existing applications. The virus does not spread to other applications under MultiFinder on System 6.x systems, nor will it spread under System 7. However, it will run on those systems if an infected application is executed. Even if you are running one of these systems, we recommend you obtain an use one of latest versions of appropriate anti-virus software. As of the date of this announcement (17 April 92), we have had limited reported sightings of this virus. This, combined with the nature of operation of the virus, leads us to believe that the virus is not yet widespread. The current versions of Gatekeeper and SAM Intercept (in advanced and custom mode) are effective against this virus. Either program should generate an alert if the virus is present and attempts to spread to other files. The Virex Record/Scan feature will also detect the virus. Authors of all major Macintosh anti-virus tools are planning updates to their tools to locate and/or eliminate this virus. Some of these are listed below. We recommend that you obtain and run a CURRENT version of AT LEAST ONE of these programs. Some specific information on updated Mac anti-virus products follows: Tool: Disinfectant Status: Free software (courtesy of Northwestern University and John Norstad) Revision to be released: 2.8 Where to find: usual archive sites and bulletin boards -- ftp.acns.nwu.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, AppleLink, America Online, CompuServe, Genie, Calvacom, MacNet, Delphi, comp.binaries.mac When available: soon Tool: Gatekeeper Status: Free software (courtesy of Chris Johnson) Revision to be released: 1.2.6 (probably) Where to find: usual archive sites and bulletin boards -- microlib.cc.utexas.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, comp.binaries.mac When available: eventually Comments: Gatekeeper should find this virus if it attempts to infect your system or applications, and thus does not need an update. Gatekeeper Aid will need an update to "know" exactly what virus it is seeing so it can remove the virus, but the update is not crucial for continued protection. As Gatekeeper is freeware and Chris has a "real" life, this update may not be immediate. Tool: Rival Status: Commercial software Revision to be released: Rival 1.1.9v (CODE 252 Vaccine or Refresh 1.1.9v) Where to find it: AppleLink, America Online, Internet, Compuserve. When available: Immediately. Tool: SAM (Virus Clinic and Intercept) Status: Commercial software Revision to be released: 3.0.8 Where to find: CompuServe, America Online, Applelink, Symantec's Bulletin Board @ 408-973-9598 When available: 17 April 1992. Version 3.0.8 of the Virus Definitions file are also available. Tool: Virex INIT Status: Commercial software Revision to be released: 3.8 Where to find: Microcom, Inc (919) 490-1277 When available: Immediately. Comments: Virex 3.8 will detect and repair the virus. All Virex subscribers will automatically be sent an update on diskette. All other registered users will receive a notice with information to update prior versions to be able to detect CODE 252. This information is also available on Microcom's BBS. (919)419-1602, and is presented here: Guide Number = 6324448 1: 0203 3001 7778 2A00 / 79 2: 0C50 4EFA 0003 A9AB / C4 3: 0004 A9AA 0002 A647 / B2 4: 8180 9090 9090 9090 / 1B Tool: Virus Detective Status: Shareware Revision to be released: 5.0.4 Where to find: Usual bulletin boards will announce a new search string. Registered users will also get a mailing with the new search string. When available: Immediately. Comments: search strings are: Resource Start & Size < 1200 & WData 2F2C#23F3C#2A9A0*3F3C#24878#2A9AB ; For find CODE 252 in Appl's Filetype=ZSYS & Resource INIT & Size < 1200 & WData 2F2C# 3F3C#2A9A0*3F3C#24878 #2A9AB ; For find CODE 252 in System If you discover what you believe to be a virus on your Macintosh system, please report it to the vendor/author of your anti-virus software package for analysis. Such reports make early, informed warnings like this one possible for the rest of the Mac community. <<<<<<<<<< Article 2: <<<<<<<<<< ========================================================================== Date: 04-27-92 (04:18) Number: 264 of 275 (Echo) To: ALL Refer#: NONE From: STEVENS WALLACE Read: (N/A) Subj: 666 IS GONNA GET YEAH Status: PUBLIC MESSAGE Conf: N_VIRUS (41) Read Type: GENERAL (A) (+) Rock Steady `666' Virus Released: Mar 24'92 [Montreal,Canada] PROGRAMMED:By Rock Steady. A few patches from other neat Viruses DAMAGE:The Virus will format the HD BOOT & FAT area on the 13th of every Month! I wrote TWO formating procedures. One with the INT 13h and one with the INT 26h! To make 100% the suckers HD gets trashes for GOOD! NOTES:This is a Simple EXE & COM Infector! It infects ALL Files Executed The Virus Hides in High Memory! And Hooks Int 21h! It will increase files by the length of 666 Bytes! but if the Virus is Resident in Memory the Length of the Files on a "DIR" will remain the SAME under MSDOS V3.30 - 5.0! OTHER:*uck the Name. Its the ONLY text in the Virus! So the Anti-Virus people will call it `Rock Steady', since the virus needs that signature to check if the file is infected on infection routines & DIR routine! PURPOSE:To make a very small "Stealth" Virus. And create a HOLE shit load of damage for people not to forget! ANTI-VIRAL:*uck Them! I've tried with SCANV89B, F-PROT2.03A, VirexPC Central Point 1.2, Nortan Scanner, ViruScan And it's UNDETECTABLE! Neat heh? McGill Univ. is flipping over this new Virus that they just got hit with in Montreal. *uck it's hot... aLl comments to moi... ======================================================================= <<<<<<<<<< Article 3: <<<<<<<<<< Extracted from "Gui Guts" by Yacco, in ComputerCraft Magazine, June 1992 ------------------------------------------------------------------------ Mutant Ninja Morons ------------------- Did you survive the Michaelangelo Virus? That's what everybody, including Bill, the guy from UPS, has been asking me. I spent most of last night organizing and archiving several year's worth of data. I suppose I should be grateful to the fan of comic culture who wrote this virus for the motivation to do something I've been putting off for a long time. But these virus writers aren't exactly virtuous. I wouldn't be sitting here now creating files with tomorrow's date on them if they were. In fact, it occurs to me that what motivates them is a need to control and terrorize people. In other words, they're a new breed of rapist: the mass rapist. And just like physical rape isn't about sex, electronic rape isn't about intellectual challenges. [I wasn't going to comment until I got this classic article. This is so funny. This guy thinks Michelangelo was named after the Teenage Mutant Ninja Turtle. And hell, *IF* we are rapists, Yacco, better bend over and spread em wide, cause we are gonna fuck you hard. What kinda name is Yacco??? Fuck him. Why is everyone so curious as to what motivates us? Can't it be that we just simply enjoy it? Must it be social problems, or publicity? Don't blame the virus community for the Michelangelo scare, blame the Anti Virus Community. It was a scare, a simple ploy to gain money! I had everyone asking me how do I protect myself? So, I spent a couple days helping out people who weren't infected. Everywhere I went, Michelangelo! How many infections did I find? 1. One fucking infection. I think everyone in the Anti-Virus Community benefitted. Do you think that the author of Michelangelo made a press release about the virus? I don't recall that. So, there goes the publicity theory. He didn't control anyone. Anti-Virus people did. A scare tactic. Plain and simple. The End.] PS: Saw a useful article in the latest issue of a magazine? Anything Virus related? Well, ya don't have to type it in! Just contact a -=PHALCON/SKISM=- Member, and we will take care of it. Leave him mail stating what magazine, what issue, and what page, and your handle (We will throw ya into our Greet list). ->GHeap!