VIRUS-L Digest Monday, 31 Jul 1989 Volume 2 : Issue 164
Today's Topics:
BBS virus possibilities (PC)
Re: Beta Testers for FLU_SHOT+
"Computer Condom" (from Risks digest)...
virus identification
TRUSS???? any one know??? (no system given)
message virus (was: Computer Virus Research)
Jerusalem Disinfector
---------------------------------------------------------------------------
Date: 26 Jul 89 04:56:51 +0000
From:
[email protected]
Subject: BBS virus possibilities (PC)
I have been working as an undergraduate consultant here at SUNY for
a while now, and have been part of our battles with the (c) Brain virus that
has been making the rounds; and have seen the damage that can be done.
I would appreciate it if someone would post a list that details which
kinds of viruses (and which known viruses) can be transmitted along with
archived IBM PC files (assuming that the files were clean when put in the
archive), and how they can be found and eliminated.
Thanks in advance for your help...
- -----------------------------------------------------------------------------
Kenneth J. Hoover | "LN03, I knew LaserWriter. I worked with LaserWriter.
SUNY-Binghamton | LaserWriter was my friend. LN03, you're no LaserWriter!"
- -----------------------------------------------------------------------------
------------------------------
Date: Fri, 28 Jul 00 19:89:12 +0000
From:
[email protected]
Subject: Re: Beta Testers for FLU_SHOT+
Wow! The response has been overwhelming! The beta list is filled
up as of now with more testers than I could reasonably handle! VIRUS-L
certainly has some interesting people with some interesting hardware
and software: one beta-tester is running with a super-micro and a
DOS emulation box!
Anyway: to those who responded, I expect the alpha to finish this weekend,
and disks to ship early next week. The first beta period is gonna close
rapidly -- and you'll get instructions on what being a beta tester means.
My thanks to those who responded and to Ken for the list, my apologies
for those a little late in responding.
Ross M. Greenberg
Author, FLU_SHOT+
------------------------------
Date: Fri, 28 Jul 89 23:18:17 -0400
From:
[email protected] (David Gursky)
Subject: "Computer Condom" (from Risks digest)...
[From the Seattle Weekly, 5/3/89]
PUT A CONDOM ON YOUR COMPUTER
Every worry that your computer might be hanging out in a network where it
will pick up some disgusting virus? Empirical Research Systems of Tacoma
suggests you supply it with one of their "computer condoms". This high-tech
prophylactic is a combination of hardware and software embodied in a
controller card that simply replaces the one already in the machine. Rick
Cummings, the company's president, says the system "stops all viruses" by
monitoring the user network, the keyboard, and the program in use. He notes
that the system is programmable to alter the parameters of its control on
any given machine, but he guarantees that, "when programmed to your
requirements, it will not allow viruses to enter."
The technology was developed through successful efforts to protect a group of
European banks from the massive virus that penetrated European computer
networks last autumn. "Naturally these became our first orders," Cummings
says. He has since picked up an additional 2500 firm orders in Europe, with
5000 more contingent on inspection of the product. In the United States, the
product has been reviewed by Boeing Computer Services and computer technicians
at the UW. It will be on the domestic market "early next autumn at a cost of
under $1000," Cummings says.
DG -- Pardon me while I laugh uncontrollably.
------------------------------
Date: 29 Jul 89 00:00:00 +0000
From: Christoph Fischer <
[email protected]>
Subject: virus identification
In our computerviruslab we have been working on the problem of mutants
of several viruses. Initially we intended to make antiviruspackages more
secure. Since a single byte added or removed from the virus code will
cause most antiviruspackages to do erroneous repair attempts which might
result in even bigger harm than the virus itself will do. Furthermore
watertight identification leads to a better 'Epidemiology' of the
different virusstrains.
Thanks to the kind help of fellow virus researchers all over the world
we were able to obtain and tryout quite a few viruses and their mutants.
PROPOSAL
VIRUS IDENTIFICATION ALGORITHM
PURPOSE: Positive and secure identification of *known* viruses to
prevent repair attempts on files infected by unknown
mutants of a virus.
REPLACES: Identification by a unique string of code. (Which might
still be unaltered at the same offset in the code of a
new variant of the virus)
METHOD: 1. Identification of the *known* virusstrain by a unique
string or other feature (sUMsDos, (C)Brain, or the 1Fh
in the seconds of the filetime)
2. Relocation to segmentoffset 0 and possible decryption
of the viruscode. (This might be necessary for mutiple
parts of the virus)
3. Writing zero over sections that contain variant parts
like garbage from the last infection attempt or a time-
bomb counter.
4. Finally a CRC-sum is generated (maybe using more than
one polynominal)
If this signature matches the one calculated on the virus
code for which the removalalgorithm was designed it is
safe to apply this antivirusprogram.
IMPLEMENTATION: We have done a testimplementation in C and for 2
virusstrains (6 viruses yet). Our goal is to prepare a
toolset for quick addition of new variants to the set
identifyable viruses.
ADVANTAGE: Antivirus tools can identify exactly a specific virus
without encorporating full or partial viruscode in the
antivirusprogram. (This would be a security risk if done
in comercial or PD software)
Any comments sugestions welcome respond to VIRUS-L or directly
we will summarize to the list|
Currently we are also working on virus behavior in networks. For this
we have setup a 4 machine Novell network. (PS2/80, PS2/60, Atari386,
and a good old PC-XT). Here also any sugestions and help are welcome|
*******************************************************************
* Christoph Fischer and Torsten Boerstler *
* Micro-BIT Virus Center / University of Karlsruhe / West-Germany *
* D-7500 Karlsruhe 1, Zirkel 2, Tel.: (0)721-608-4041 or 2067 *
* E-Mail: RY15 at DKAUNI11.BITNET or RY12 at DKAUNI11.BITNET *
*******************************************************************
------------------------------
Date: 29 Jul 89 11:41:36 +0000
From:
[email protected] (Kelly Goen)
Subject: TRUSS???? any one know??? (no system given)
In A past issue of the Whole earth review there was an article on
computer viruses... in there was a security monitor program referred
to as truss .... anyone ever hear of it???????
thanx in advance
kelly
return replys to
[email protected]
------------------------------
Date: 30 Jul 89 17:17:17 +0000
From:
[email protected] (Jon Hutto)
Subject: message virus (was: Computer Virus Research)
You might be interested to know that even messages can have damaging viruses
in them. On several local BBS's there have been Escape sequences that have
redevined keys so as to when the sysop is in dos and hits a key, it starts
deleting files and directories. The worst thing about this is that people
have been able to do this for a long time. they are explained in the DOS
Technical Reference manual.
There are also rumors of a ZMODEM virus that spreads visa ZMODEM transfers,
but I have not been able to find out very much about it, and it may be just
a rumor.
------------------------------
Date: Sat, 29 Jul 89 15:59:43 -0700
From:
[email protected]
Subject: Jerusalem Disinfector
Mark Zinzow asked if there were a public domain program that would restore
programs infected with the Jerusalem virus to their original, uninfected
condition. John McAfee's M-series programs have just been made shareware
(M-1 removes the Jerusalem from COM and EXE files and restores them), and the
programs are available on HomeBase - 408 988 4004.
Alan
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253
