VIRUS-L Digest              Friday, 9 Dec 1988          Volume 1 : Issue 40

Today's Topics:
ROM virus distribution (PC & general)
Two VM/CMS files for LISTSERV
Mace vaccine (PC)
Virus talk in NYC
Info on Mac Viruses
undigestifying mail in VMS
the cynics approach to CERTs
On Morris' "guilt"
Japanese viruses
nVir at University of Alaska (Mac)

---------------------------------------------------------------------------

Date: Thu,  8 Dec 88 17:38:43 -0500 (EST)
From: Michael Francis Polis <[email protected]>
Subject: ROM virus distribution (PC & general)

Somewhat related to hardware viruses is this idea: Suppose someone who
repaired IBM PC's and clones wanted to spread a virus.  The bootstrap
ROMs probably have some extra space at the end of thier memory.  By
inserting a JSR to this memory into the cold boot interrupt, a short
program there could be executed during boot-up, but before any
operating system with file protection could be start.  If the sum of
the date and the day was say, divisible by 19, then this program would
copy a small virus also stored in ROM into a program on the boot disk
(if it was unwisely not write-protected), or the hard disk.  From
there these viruses would move from disk to disk in a normal manner.
How many PCs do you think he could get to?  How long do you think it
would take before someone figured out where the viruses were coming
from?  Would something similar work with Macs?

------------------------------

Date:         Thu, 08 Dec 88 18:49:49 EDT
From:         Jean <SSAT@PACEVM>
Subject:      Two VM/CMS files for LISTSERV

I just sent two files to luken@lehiibm1. these are bitsend exec and
bitrcv exec. ifthese could be used on listserv at lehiibm1 it would
make getting files easier.

It works on other listserv's so it probably will work there.

bitsend breaks a file like one of the archives into smaller pieces which
travel over the network very quickly.

in case anyone is interested these can be requested from netserv@bitnic
which is where I got them from.
Acknowledge-To: <SSAT@PACEVM>

[Ed. Thanks for the files; I'll look into whether or not they'll be
useful here.]

------------------------------

Date:         Thu, 08 Dec 88 19:04:53 EDT
From:         SSAT@PACEVM
Subject:      Mace vaccine (PC)

Has anyone had any experiences yet with Mace's vaccine.com ?

Good or bad, I would like to hear about it. It seems to be a fairly good
program BUT once loaded it can be shut off, meaning that anyone worth
his/her salt could stuff the keyboard buffer with VACCINE OFF and a
carraige return and then tell the system to read the buffer.
Acknowledge-To: <SSAT@PACEVM>

------------------------------

Date:     Thu,  8 Dec 88 19:16 EST
From:     Dimitri Vulis <DLV@CUNYVMS1>
Subject:  Virus talk in NYC

We got the following in the (snail) mail today:

The New York Academy of Sciences
Section of Computer and Information Sciences

December 13, 1988   Tuesday   8:00 p.m.

COMPUTER VIRUSES: SEARCHING FOR A CURE
George Purdy
Geier Professor of Computer Science
University if Cincinnati
Cincinnati, Ohio

    Computer viruses constitute a clear and present danger not
only to computers themselves, but also to the complex systems
used by banks, insurance companies, North American Radar Defense,
and the New York Stock Exchange. At the moment, all that can be
done against viruses is ``practice safe computing'' and hope for
the best.

    Is there a defense against viruses? We are implementing
a system of unparelleled security to detect unauthorized changes
in users' files and software based on a new mathematically secure
cryptographic function. This approach allows the deterction,
isolation and excision of infected computer codes.

(Illistrated with slides)

Place:
The New York Academy of Sciences
2 ast 63rd Street
New York, NY 10021
Telephone (212) 838-0230
ADMISSION FREE

(End of flier)

I have a party planned for Tuesday night, so I can't go and any person
whom I know who might go there and tell me what this was all about will
presumably be at the party as well.

This fellow Purdy does not ask for money upfront and does not quote
figures like $20M in damages---a good sign.

------------------------------

Date:         Thu, 08 Dec 88 12:36:20 EST
From:         Joe McMahon <XRJDM@SCFVM>
Subject:      Info on Mac Viruses

> I am interested in obtaining more information about viruses and the
> Macintosh...I would like any and all information relating to viruses
> and vaccines that are available.
>
>...I have a user who would like to purchase a vaccine...

Ken Van Wyk (the VIRUS-L administrator) forwarded your note to me. We
have a collection of virus documentation and anti-viral programs here
on our LISTSERV at SCFVM. TELL LISTSERV AT SCFVM GET VIRUSREM $PACKAGE
to see what files we have. The individual files can be ordered via
TELL LISTSERV AT SCFVM GET file name.

The files are all in BinHex4 format. You'll need to upload them as TEXT
files to your Mac, and then use either BinHex4, BinHex5, or one of the
more recent versions of StuffIt to get them into executable format.
Many of the files are StuffIt archives, so you will probably need
StuffIt in any case. I would recommend getting StuffIt first (if you
don't have it), then the virus documentation stack, and then any
other files which you might need.

If you don't have a copy of BinHex4, I can send you text files of
a Microsoft BASIC program and a Turbo Pascal program, each of which
produces a copy of BinHex4. Also, you can get StuffIt from CompuServe
or like services. Please drop me a note directly if you need more help.

As far as purchasing a vaccine, the best ones I know of are free:
  1) Vaccine from CE Software - guards against all known Mac viruses
     except the "Dukakis" HyperTalk virus
  2) Dukakis Vaccine from Ian Summerfeld, Apple UK - guards against
     the "Dukakis" virus and other HyperTalk viruses.

Both are available from the SCFVM LISTSERV. Note that neither is a
guarantee of cleanliness; "safe computing" is the best defense.

- --- Joe M.

------------------------------

Date:     Fri, 9 Dec 88 02:36:43 EST
From:     Jefferson Ogata (me!) <OGATA@UMDD>
Subject:  undigestifying mail in VMS

I don't have a VMS undigestifyer, but I imagine VMS has a C compiler.
It's pretty easy to write a C program that will undigestify a
digest...I'd be happy to write it myself if it will come in handy;
someone might want to fix it up for VMS -- I don't know what VMS file
specifiers look like.  Let me know if you want it.

- - Jeff Ogata

[Ed. That would be great, and then I'll make it available on the
LISTSERV for other VMS users.]

------------------------------

Date:     Thu, 8 Dec 88 16:54:41 EST
From:     Jefferson Ogata (me!) <OGATA@UMDD>
Subject:  the cynics approach to CERTs

Possibly this is primarily intended to assuage the public's fears
about malicious attacks?

- - Jeff Ogata

------------------------------

Date:     Thu 08 Dec 1988 15:25 CDT
From:     GREENY <MISS026@ECNCDC>
Subject:   On Morris' "guilt"

Hi all....

I would just like to say that I think that the discussion of whether
or not Mr. Morris is guilty or not is actually moot.  No matter what
we say, or do, it is probably not going to affect the outcome of his
court case whatsoever (If he actually does get one...)

Anyways, what I would like to say is that I think that the discussion
of whether or not morris is guilty or not should be moved to the
Ethics-L or Law-L lists and that we should get back to the topic at
hand -- Viruses

bye for now but not for long
Greeny

Bitnet: miss026@ecncdc
Internet: miss026%[email protected]

------------------------------

Date: Fri, 9 Dec 88 07:07:50 est
From: [email protected]
Subject: Japanese viruses

    I just read a samll blurb in the Look Ahead section of Datamation
November 15, 1988, p. 14.  It was entitled Tokyo Flu.  Has anyone
heard about Japanese viruses or the team of software developers that
they are gat gathering to produce an anit-viral package?  The article
also says that NEC was hit by a virus on its PC-VAN, and it is setting
up a similar project.

          Pat Reedy

------------------------------

Date:     Fri, 09 Dec 88 02:39:29 -0900
From:     BILL _ POTTENGER <FTBP@ALASKA>
Subject:  nVir at University of Alaska (Mac)

The nVir was discovered here at UAF last week in our Student Council's
Mac lab.  Looks like a lot of people's data bit the dust.  UAF
computer support has good vaccines to stenger

------------------------------

End of VIRUS-L Digest
*********************


Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.