home *** CD-ROM | disk | FTP | other *** search
- VIRUS-L Digest Thursday, 10 Aug 1989 Volume 2 : Issue 172
-
- VIRUS-L is a moderated, digested mail forum for discussing computer
- virus issues; comp.virus is a non-digested Usenet counterpart.
- Discussions are not limited to any one hardware/software platform -
- diversity is welcomed. Contributions should be relevant, concise,
- polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU. Information on
- accessing anti-virus, document, and back-issue archives is distributed
- periodically on the list. Administrative mail (comments, suggestions,
- and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- - Ken van Wyk
-
- Today's Topics:
-
- Unix archive site
- DataCrime II - tiny clarification (PC)
- Virus in Gould logic analyzer distribution (MAC)
- Macintosh virus sites
- Macintosh anti-viral archive sites
- LaserWriter (Mac)
-
- ---------------------------------------------------------------------------
-
- Date: 09 Aug 89 13:57:52 +0000
- From: krvw@sei.cmu.edu (Kenneth Van Wyk)
- Subject: Unix archive site
-
- It looks like we have an archive site for Unix anti-virus software
- (wuarchive.wustl.edu (IP#=128.252.135.4)). Now all we need is some
- software for the archive. It would seem logical to start by putting
- all of the documents on the Internet Worm there (which is already
- done), but I'd also like to see some software tools. For example, a
- tool for automating checksums (and/or CRCs) on specified, or all,
- binary files would be a good starting point.
-
- The files on wuarchive.wustl.edu are in "~ftp/usenet/comp.virus". The
- current document files there are in the "doc" directory (of the above
- directory) and any programs, as they're made available, will be in the
- "src" directory.
-
- Contributions of both software and documentation are encouraged, as
- are ideas, suggestions, comments, etc.
-
- And thanks to Chris Myers for supplying the archive directory!
-
- Thanks,
-
- Ken
-
- ------------------------------
-
- Date: 09 Aug 89 00:00:00 +0000
- From: David M. Chess <CHESS@YKTVMV.BITNET>
- Subject: DataCrime II - tiny clarification (PC)
-
- Alan Roberts is basically right about the oddness of the "DataCrime II"s
- self-degarbling code. One small point (just so we don't get too
- impressed with these virus-writers): while the trick that Alan refers
- to does prevent the virus from degarbling itself if you single-step
- through it, it's still trivial to disassemble; just set a breakpoint
- right after the degarbling loop (there's even one clear byte there
- to make it easy!), and let it run until then. The virus writer
- was probably trying to show off, and no doubt thinks him/her/itself
- very clever, but in fact the trick added about 90 seconds to the
- time required to analyze the virus, and was hardly worth the effort...
-
- DC
-
- ------------------------------
-
- Date: Wed, 09 Aug 89 09:41:57 -0600
- From: dce@Solbourne.COM (David Elliott)
- Subject: Virus in Gould logic analyzer distribution (MAC)
-
- Yesterday, one of the people here discovered that the Mac II's we
- are using as part of a Gould logic analyzer setup came from Gould
- infected with nVIR. The disk is marked as
-
- CLAS 4000 Software
- Version A12
-
- Gould knows of this problem, and I assume they are taking appropriate
- steps.
-
-
- David Elliott dce@Solbourne.COM
- ...!{uunet,boulder,nbires,sun}!stan!dce
-
- ------------------------------
-
- Date: Wed, 09 Aug 89 13:23:53 -0400
- From: Sari Khoury <3XMQGAA@CMUVM.BITNET>
- Subject: Macintosh virus sites
-
- Are there any virus archives for the Macintosh besides
- MACSERVE@PUCC AND LISTSERV@RICE?
-
- Acknowledge-To: <3XMQGAA@CMUVM>
-
- [Ed. See next message...]
-
- ------------------------------
-
- Date: 09 Aug 89 17:36:03 +0000
- From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
- Subject: Macintosh anti-viral archive sites
-
- Apparently I missed the posting of the Mac archive sites. Sorry folks.
- I'm trying to automate things a bit, and must have lost it in the confusion.
-
- # Anti-viral archive sites for the Macintosh
- # Listing of 08 August 1989
-
- cs.hw.ac.uk
- Dave Ferbrache <davidf@cs.hw.ac.uk>
- NIFTP from JANET sites, login as "guest".
- Electronic mail to <info-server@cs.hw.ac.uk>.
- Main access is through mail server.
- The master index for the virus archives can be retrieved as
- request: virus
- topic: index
- The Mac index for the virus archives can be retrieved as
- request: mac
- topic: index
- For further details send a message with the text
- help
- The administrative address is <infoadm@cs.hw.ac.uk>
-
- ifi.ethz.ch
- Danny Schwendener <macman@ethz.uucp>
- Interactive access through SPAN/HEPnet:
- $SET HOST 20766 or $SET HOST AEOLUS
- Username: MAC
- Interactive access through X.25 (022847911065) or Modem 2400 bps
- (+41-1-251-6271):
- # CALL B050 <cr><cr>
- Username: MAC
- Files may also be copied via SPAN/HEPnet from
- 20766::DISK8:[MAC.TOP.LIBRARY.VIRUS]
-
- pd-software.lancaster.ac.uk
- Steve Jenkins <pdsoft@pd-software.lancaster.ac.uk>
- No access details yet.
-
- rascal.ics.utexas.edu
- Werner Uhrig <werner@rascal.ics.utexas.edu>
- Access is through anonymous ftp, IP number is 128.83.144.1.
- Archives can be found in the directory mac/virus-tools.
- Please retrieve the file 00.INDEX and review it offline.
- Due to the size of the archive, online browsing is discouraged.
-
- scfvm.bitnet
- Joe McMahon <xrjdm@scfvm.bitnet>
- Access is via LISTSERV.
- SCFVM offers an "automatic update" service. Send the message
- AFD ADD VIRUSREM PACKAGE
- to listserv@scfvm.bitnet and you will receive regular updates as
- the archive is updated.
- You can also subscribe to automatic file update information with
- FUI ADD VIRUSREM PACKAGE
-
- sumex.stanford.edu
- Bill Lipa <info-mac-request@sumex-aim.stanford.edu>
- Access is through anonymous ftp, IP number is 36.44.0.6.
- Archives can be found in /info-mac/virus.
- Administrative queries to <info-mac-request@sumex-aim.stanford.edu>.
- Submissions to <info-mac@sumex-aim.stanford.edu>.
- There are a number of sites which maintain shadow archives of
- the info-mac archives at sumex:
- * MACSERV@PUCC services the Bitnet community
- * LISTSERV@RICE for e-mail users
- * FILESERV@IRLEARN for folks in Europe
-
- wsmr-simtel20.army.mil
- Robert Thum <rthum@wsmr-simtel20.army.mil>
- Access is through anonymous ftp, IP number 26.2.0.74.
- Archives can be found in PD3:<MACINTOSH.VIRUS>.
- Please get the file 00README.TXT and review it offline.
-
- - --
- Jim Wright
- jwright@atanasoff.cs.iastate.edu
-
-
- ------------------------------
-
- Date: 10 Aug 89 02:43:26 +0000
- From: carroll1!dnewton@uunet.UU.NET (Dave Newton)
- Subject: LaserWriter (Mac)
-
- Is there such a thing as a LaserWriter virus on an AppleTalk net? We
- printed out a directory listing from a MacII hooked to a net and on
- two of the pages got these large black lock-like looking things in the
- middle of the page. The funny thing is, they were different sizes,
- one was big, one was small.
-
- I didn't read about those in any Apple book 8-)
-
- - --
- "Life is just a popularity contest, and I didn't get my entry in on time."
- -David L. Newton
- David L. Newton (414) 524-7253 dnewton@carroll1.cc.edu
- =8-) (smiley w/ a mohawk) (414) 524-7343 uunet!marque!carroll1!dnewton
-
- ------------------------------
-
- End of VIRUS-L Digest
- *********************
-
- Downloaded From P-80 International Information Systems 304-744-2253
-