VIRUS-L Digest Wednesday, 14 Dec 1988 Volume 1 : Issue 46
Today's Topics:
Fred Cohens Thesis
VIRUS WARNING: Brain Virus at Yale
Information Overload
Re: modem virus
>> TROUBLE << - Brain virus on distribution disk (PC)
---------------------------------------------------------------------------
Date: Tue 13 Dec 1988 17:25 CDT
From: GREENY <MISS026@ECNCDC>
Subject: Fred Cohens Thesis
Hiya all, I too have been attempting to get a copy of Fred Cohens
thesis and I finally broke down and went into the library and heres
what I dug up.
1) I looked in the lists of dissertations after getting the librarian to
look it up for me on DIALOGUE.
2) The only copies available are directly from the Micrographics Department
at University of Southern California (los angeles I think....)
So I put my interlibrary request thru, and Im still waiting three
weeks later. I think Ill just buy one....by the time interlibrary
loan comes thru, Ill be 95 yrs old...:->
Bye for now but not for long
Greeny
Bitnet: miss026@ecncdc
Internet: miss026%
[email protected]
------------------------------
Date: Wed, 14 Dec 88 15:31:46 EST
From: "Conrad Jacoby (DC)" <
[email protected]>
Subject: VIRUS WARNING: Brain Virus at Yale
Howdy!!
Last night one of our computer consultants encountered a user who
had all his disks infected with some version of the BRAIN virus.
We're working on figuring out where any infected sites might be, as
well as try to detect any changes that have been made to the Brain to
change it from its original code.
As we do not know how long this user (who is a Yale Grad Student)
might have had his disks infected, it might be prudent if you have
visited Yale recently and used a PC there to check your disks. We're
hoping it was just a very isolated outbreak.
- --------------------------------------------------------------------------
Conrad J. Jacoby P.O. Box 3805 Yale Station
Yale University New Haven, CT 06520
Sterling Memorial Library (203) 436-1402
"Generalist at Large"
[email protected]
@Yalevm.ycc.yale.edu
- --------------------------------------------------------------------------
[Ed. This is a reposting (the first!) from VALERT-L...just for those
who might be interested.]
------------------------------
Date: Wed, 14 Dec 88 15:02 EST
From: Lynn R Grant <
[email protected]>
Subject: Information Overload
Regarding the recent complaints about too much information on Virus-L to
be able to find anything, I had a thought: how much smaller would the
Virus-L digests be if we cut back on the long right-bracketed quotations
from previous entries and the multi-line signiture blocks, complete with
pictures, cursive signatures, and quotations from favorite cartoon
characters? I'm rather new to Virus-L, so I don't know to what degree
these things are an essential part of the Virus-L culture, but its a
thought.
Lynn Grant
[Ed. The right hand bracket quotations can certainly be cut to a
minimum from time to time, leaving just enough to get the pertinent
information across, in my opinion. As for the signatures, being
somewhat of an, er, culprit myself...I believe that a 5 line signature
is a generally accepted network etiquette standard, and I don't see
anything wrong with getting five lines of identifying text in. Any,
er, additional text in those five lines doesn't do much harm, I should
think... :-)]
------------------------------
Date: Wed, 14 Dec 88 14:27:54 CST
From: "Rich James" <MATHRICH@UMCVMB>
Subject: Re: modem virus
It looks to me like the initial announcement of this purported virus was
itself a virus attack against human hardware! It cleverly exploits the
current pitch of fear about viruses, and has a phenomenal infection rate.
Thanks goodness it's relatively benign!
Think of it now folks:
How could a self replicating virus become embedded in registers which are
used to hold data, not program instructions? The only memory used to hold
program instuctions in a modem is ROM. Data registers are treated as DATA.
Getting a modem to treat a data register as program input would require
the exploitation of a known bug in the modem's ROM program. Such ROMs
are anything but standard .. they vary between manufacturers and
between models and revisions of modems from the same manufacturer.
How likely is it that an industry standard modem protocol would have an
'unused bandwidth' sufficient to allow simultaneous transmission of a
separate data stream? It wouldn't be much of a protocol if it ignored
such potentially useful bandwidth.
How could such a virus convince the terminal program running on the
computer to modify system files, especially in a user-transparent way?
(it's easy enough to clobber a file by writing over it, but patching a
machine code file or RAM resident code in a transparent way is pretty
non trivial) Remember, incoming modem data is treated as DATA, not
program information. Again, this would require exploitation of a known
bug common to all or many modem programs, and all or many error
correcting protocols. Seems a tad unlikely.
Education=immunization.
------------------------------
Date: Wed, 14 Dec 88 18:26:40 EDT
From: SSAT@PACEVM
Subject: >> TROUBLE << - Brain virus on distribution disk (PC)
I just received my own personal copy of a popular IBM word processor
>> DIRECT FROM THE MANUFACTURER << in a sealed carton, and guess what?
When I installed it, it decided to be nice and loaded my disks with
BRAIN!
Yes, the disks I installed it on were BRAND NEW and freshly formatted
from a secure copy of DOS.
I don't want to mention any names here, but I spoke to the manufacturer
who was not at all surprised (in my opinion) that this had happened.
To reiterate, it DID NOT happen at Pace University, but to my own personal
copy of
[Ed. of? of what? I don't think that mentioning the name here, if
indeed the virus is on the distribution disk, would do any harm; quite
the contrary, it would warn innocent (prospective) buyers.]
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253
