VIRUS-L Digest              Friday, 18 Nov 1988         Volume 1 : Issue 14

Today's Topics:
Will The Source of The Worm be Published ?
CSI Standpoint on Internet worm (long)
CMS Protected Mode (IBM VM/CMS)
UK televison programme.
Report of brain virus sighting (PC)

---------------------------------------------------------------------------

Date:         Fri, 18 Nov 88 17:04:18 HMT
From:         Kostas Antonopoulos <NETMAINT@GREARN>
Subject:      Will The Source of The Worm be Published ?

       Greetings ,
Has anyone out there heard if the ArpaNet Worm source will be published ?
I've heard that NSA is trying hard to prevent this ...
Does anyone know something about ?

    Thanx ,
           Kostas

[Ed. I know that at least a couple people are doing formal papers on
the subject, and that there is some talk of an RFC (request for
comment from the Internet governing body) being produced.  The latter
is uncertain.  Anyone else have any more info?]

------------------------------

Date:    Fri, 18 Nov 88 09:25 CST
From:    Ken  De Cruyenaere <KDC@UOFMCC> 204-474-8340
Subject: CSI Standpoint on Internet worm (long)

I have just returned from the 15th annual Computer Security Institute
Conference (held this year in Miami Beach).  This conference was
attended by over 1500 computer security professionals.
The CSI Advisory Council composed the following and distributed
to all attendees.  The intent is to send 'an important message
to the computer criminal and to our public servants':


                               November 16, 1988

 To: CSI Conferees
 From: The CSI Advisory Council

  The education and motivation that all of us receive during this
  and other computer security conferences helps us to be more
  effective practitioners.  This year's CSI Conference especially
  should call us to action.  You probably attended at least one
  workshop that discussed the recent ARPANET situation.

  Whether or no the media "decides" that any damage was done, it
  clearly produced lost time, slipped deadlines, or--at the very
  least-- a few cycles of management "think time" worrying about
  computer viruses.

  We encourage you to do two things immediately upon your return:

      1. Send a letter to your local U.S. attorneys recommending
   that the ARPANET virus situation be prosecuted to the full extent
   of the law.  It may even be appropriate that your organization
   take some form of independent legal action in this case; and,

      2. Send a letter to your state and federal legislators
   requesting that they aggressively pursue the development of
   effective computer crime legislation.  You might even offer to
   help evaluate drafts of pending bills.  Attached are sample of
   letters you may wish to use as models to get this message to your
   local U.S. attorneys and your legislators.

  Consider spending a few minutes "wordsmithing" one or more letters
  and then send them to the people who can make and enforce computer
  crime laws.  As an emerging profession, we can send an important
  message to the computer criminal and to our public servants...
  a message that we take our responsibilities seriously, and that
  we want to establish solid legal accountability for computer
  and information protection.

      Michael Corby, Bain & Co.
      Joseph R. Kretz, Jr., FMC Corp.
      Thomas R. Peltier, General Motors


SAMPLE LETTER TO A UNITED STATES ATTORNEY:

 Hon.___________________
 United States Attorney

 Sir:
 I am in charge of computer security for this organization.  In the
 wake of the recent attack of the ARPANET virus, it was necessary
 to close down our usual computer operations and devote _______
 hours of debugging and testing before we could safely resume
 normal operation.

 This represents a significant interruption of our business, and
 deprived us of an estimated $_______ of employee time.

 In discussing this matter with other computer security
 professionals, I find that our organization was only one of many
 which were disrupted or damaged by the deliberate introduction of
 a viral program.  It is my understanding that abuse of access is
 punishable under Title 18 United States Code 1030(a)(3).  The
 vehicle for this contamination of our systems, as you know, was
 the ARPANET computer network.  If, for example, a primary waterway
 was polluted, I am confident that your office would act and act
 firmly; a primary data stream should be equally protected.

 I urge you to take a close look at this particular offense, and
 to prosecute it vigorously.  I am ready to provide evidence of its
 impact on our organization, and I will be glad to assist you in
 documenting further victimization.

               (Signed)_______________________

SAMPLE LETTER TO A UNITED STATES ATTORNEY:

Dear U.S. Attorney:

I am writing to you to express my organization's concern over the
apparent apathy within the Justice Department as evidenced by
their failure to vigorously pursue computer crime incidents and
to assume a leadership role in this arena.  The recent ARPANET
virus case, which has affected thousands of computer systems and
cost companies and institutions tens of thousands of man-hours to
investigate and remedy--not to mention the cost of denying use of
those systems--appears to be another example of this apathy.

I, along with many other responsible computer professionals
across the United States, beleive it is imperative that this most
recent incident be prosecuted to the fullest extent of the law.
It is not in the best interests of businesses and other
organizations to allow the person(s) responsible for this
situation to avoid being held accountable for their actions, let
alone be allowed to profit by it.  To do so would only encourage
more of the same.

Existing federal computer crime statutes, such as 18 USC
1030(a)(3), can be applied in this case.  My organization expects
those avenues to be fully pursued by the Justice Department.
I would appreciate knowing what actions will be taken by your
department in this matter.

           Sincerely,

SAMPLE LETTER TO A STATE OR FEDERAL LEGISLATOR:

Dear Senator/Representative _______________:

I am a computer professional whose job responsibilities include
protecting the integrity and reliability of my company's critical
business data.  If organizations are to gro and prosper, business
decisions must be made on the basis of accurate and timely data.

I am personally and professionally appalled by the risks posed to
this decision-making ability by computer criminals. I therefore
join my tens of thousands of responsible colleagues and millions
of citizens who support the development ond enforcement of strict
computer crime legislation.  I urge you to aggressively push for
full penalties for perptrators of computer crimes, especially
the creation of damaging virus programs, as was the case in the
recent ARPANET incident.

As your constituents, we encourage and expect your support for
the necessary computer crime legislation.  I am willing to work
with you in evaluating and developing laws that protect our
valuable decision-making ability.  I look forward to hearing
from you.

                  Very truly yours,

------------------------------

Date:         Fri, 18 Nov 88 11:11:03 EST
From:         Gabriel Basco <GJB100C@ODUVM>
Subject:      CMS Protected Mode (IBM VM/CMS)


On the REXX Discussion list, the subject on the CHRISTMA EXEC also
appeared, and someone had a comment that in CMS, you can run a program
in 'protected mode'. Can anybody give me more details?

------------------------------

Date:     18 Nov 1988 14:31:22-WET
Subject:  UK televison programme.
From:     Julian Daley <[email protected]>

This message may well get to UK sites too late to matter, but here
goes ...

Channel 4 in the UK (? S4C) are screening the penultimate programme in
their Equinox series on Sunday 20 November.  The programme
concentrates on chaos and promises to cover the history behind the
subject and current thinking.  I haven't seen any of the other
programmes in this series so I can't vouch for its accuracy or
eloquence.

I'll try to watch the programme (video recorder permitting !) and if
there is anything interesting post a reply to The List.  (Don't let
that stop anyone else who sees it from commenting - I'm a physicist,
not a TV critic ! )

Julian.

------------------------------

Date: Fri, 18 Nov 88 13:13 EST
From: "Shawn V. Hernan" <VALENTIN@pittvms>
Subject: Report of brain virus sighting (PC)


For those of you who are interested in such things, there are
indications that the "brain" virus might have hit Pitt. By
'indications' I mean that someone in the labs said he discovered it
using 'nobrain', a pd (?)  virus detector/eliminator.


                                               Shawn Hernan
                                               Univ. of Pittsburgh

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.