VIRUS-L Digest Thursday, 7 Sep 1989 Volume 2 : Issue 188

VIRUS-L Digest Thursday, 7 Sep 1989 Volume 2 : Issue 188

VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc., and sent to [email protected] (that's
LEHIIBM1.BITNET for BITNET folks). Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: [email protected].
- Ken van Wyk

Today's Topics:

Re: locked macintosh disks
Introduction to the anti-viral archives
Amiga anti-viral archive sites
Apple II anti-viral archive sites
Atari ST anti-viral archive sites
Documentation anti-viral archive sites
IBMPC anti-viral archive sites
Macintosh anti-viral archive sites
list of unix sites
VM Virus Warning (IBM VM/CMS)

---------------------------------------------------------------------------

Date: 07 Sep 89 18:16:29 +0000
From: [email protected] ( Dr. Robin Lake )
Subject: Re: locked macintosh disks

In article <[email protected]> 3XMQGAA@CMUVM writes:
|>In reply to Dan Carr's question. No, when you lock a macintosh disk and stick
|>in the drive, there is absolutley no way for the virus to infect the disk.

It was my understanding that the locked disk signal is read by
software, not by the Mac's hardware. The standard device driver(s)
for the floppy may prevent writing to a locked disk, but a virus could
override the driver(s) and infect the disk --- if my understanding is
correct.

Rob Lake
BP Research
uunet!nitrex!rbl

[Ed. VIRUS-L veterans will recognize this topic, much to their
consternation. Please folks, let's *PLEASE* not flood the "airwaves"
with hearsay. If someone has something that can be substantiated
(preferably via a citation from a vendor's technical document) to
offer on this, then please do so - otherwise, please let us all RUN
LIKE MAD AWAY FROM THIS TOPIC.]

------------------------------

Date: 07 Sep 89 20:18:18 +0000
From: [email protected] (Jim Wright)
Subject: Introduction to the anti-viral archives

# Introduction to the Anti-viral archives...
# Listing of 06 September 1989

This posting is the introduction to the "official" anti-viral archives
of virus-l/comp.virus. With the generous cooperation of many sites
throughout the world, we are attempting to make available to all
the most recent news and programs for dealing with the virus problem.
Currently we have sites for Amiga, Apple II, Atari ST, IBMPC and
Macintosh microcomputers, as well as sites carrying research papers
and reports of general interest.

We are also in the process of organizing a number of sites for Unix
anti-viral and general security issues. More information on that
as things progress.

If you have general questions regarding the archives, you can send
them to this list or to me. I'll do my best to help. If you have a
submission for the archives, you can send it to me or to one of the
persons in charge of the relevant sites.

If you have any corrections to the lists, please let me know.

------------------------------

Date: 07 Sep 89 05:55:00 +0000
From: [email protected] (Jim Wright)
Subject: Amiga anti-viral archive sites

# Anti-viral archive sites for the Amiga
# Listing last changed 08 August 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Amiga index for the virus archives can be retrieved as
request: amiga
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

ms.uky.edu
Sean Casey <[email protected]>
Access is through anonymous ftp.
The Amiga anti-viral archives can be found in /pub/amiga/Antivirus.
The IP address is 128.163.128.6.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
No access details yet.

uxe.cso.uiuc.edu
Mark Zinzow <[email protected]>
Lionel Hummel <[email protected]>
The archives are in /amiga/virus.
There is also a lot of stuff to be found in the Fish collection.
The IP address is 128.174.5.54.
Another possible source is uihub.cs.uiuc.edu at 128.174.252.27.
Check there in /pub/amiga/virus.

------------------------------

Date: 07 Sep 89 05:55:53 +0000
From: [email protected] (Jim Wright)
Subject: Apple II anti-viral archive sites

# Anti-viral archive sites for the Apple II
# Listing last changed 08 August 1989

brownvm.bitnet
Chris Chung <[email protected]>
Access is through LISTSERV, using SEND, TELL and MAIL commands.
Files are stored as
apple2-l xx-xxxxx
where the x's are the file number.

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Apple II index for the virus archives can be retrieved as
request: apple
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
No access details yet.

------------------------------

Date: 07 Sep 89 05:56:44 +0000
From: [email protected] (Jim Wright)
Subject: Atari ST anti-viral archive sites

# Anti-viral archive sites for the Atari ST
# Listing last changed 08 August 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Atari ST index for the virus archives can be retrieved as
request: atari
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
No access details yet.

ssyx.ucsc.edu
Steve Grimm <[email protected]>
Access to the archives is through FTP or mail server.
With ftp, look in the directory /pub/virus.
The IP address is 128.114.133.1.
For instructions on the mail-based archiver server, send
help
to <[email protected]>.

------------------------------

Date: 07 Sep 89 05:57:29 +0000
From: jwright@atanasoff (Jim Wright)
Subject: Documentation anti-viral archive sites

# Anti-viral archive sites for documentation
# Listing last changed 08 August 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The index for the **GENERAL** virus archives can be retrieved as
request: general
topic: index
The index for the **MISC.** virus archives can be retrieved as
request: misc
topic: index
**VIRUS-L** entries are stored in monthly and weekly digest form from
May 1988 to December 1988. These are accessed as log.8804 where
the topic substring is comprised of the year, month and a week
letter. The topics are:
8804, 8805, 8806 - monthly digests up to June 1988
8806a, 8806b, 8806c, 8806d, 8807a .. 8812d - weekly digests
The following daily digest format started on Wed 9 Nov 1988. Digests
are stored by volume number, e.g.
request: virus
topic: v1.2
would retrieve issue 2 of volume 1, in addition v1.index, v2.index and
v1.contents, v2.contents will retrieve an index of available digests
and a extracted list of the the contents of each volume respectively.
**COMP.RISKS** archives from v7.96 are available on line as:
request: comp.risks
topic: v7.96
where topic is the issue number, as above v7.index, v8.index and
v7.contents and v8.contents will retrieve indexes and contents lists.
For further details send a message with the text
help
The administrative address is <[email protected]>

lehiibm1.bitnet
Ken van Wyk <[email protected]> new: <[email protected]>
This site has archives of VIRUS-L, and many papers of
general interest.
Access is through ftp, IP address 128.180.2.1.
The directories of interest are VIRUS-L and VIRUS-P.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
No access details yet.

unma.unm.edu
Dave Grisham <[email protected]>
This site has a collection of ethics documents.
Included are legislation from several states and policies
from many institutions.
Access is through ftp, IP address 129.24.8.1.
Look in the directory /ethics.

------------------------------

Date: 07 Sep 89 05:58:20 +0000
From: [email protected] (Jim Wright)
Subject: IBMPC anti-viral archive sites

# Anti-viral archive for the IBMPC
# Listing last changed 06 September 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The IBMPC index for the virus archives can be retrieved as
request: ibmpc
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

ms.uky.edu
Daniel Chaney <[email protected]>
This site can be reached through anonymous ftp.
The IBMPC anti-viral archives can be found in /pub/msdos/AntiVirus.
The IP address is 128.163.128.6.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
No access details yet.

uxe.cso.uiuc.edu
Mark Zinzow <[email protected]>
This site can be reached through anonymous ftp.
The IBMPC anti-viral archives are in /pc/virus.
The IP address is 128.174.5.54.

vega.hut.fi
Timo Kiravuo <[email protected]>
This site (in Finland) can be reached through anonymous ftp.
The IBMPC anti-viral archives are in /pub/pc/virus.
The IP address is 128.214.3.82.

wsmr-simtel20.army.mil
Keith Peterson <[email protected]>
Direct access is through anonymous ftp, IP 26.2.0.74.
The anti-viral archives are in PD1:<MSDOS.TROJAN-PRO>.
Simtel is a TOPS-20 machine, and as such you should use
"tenex" mode and not "binary" mode to retreive archives.
Please get the file 00-INDEX.TXT using "ascii" mode and
review it offline.
NOTE:
There are also a number of servers which provide access
to the archives at simtel.
WSMR-SIMTEL20.Army.Mil can be accessed using LISTSERV commands
from BITNET via LISTSERV@NDSUVM1, LISTSERV@RPIECS and in Europe
from EARN TRICKLE servers. Send commands to TRICKLE@<host-name>
(for example: TRICKLE@AWIWUW11). The following TRICKLE servers
are presently available: AWIWUW11 (Austria), BANUFS11 (Belgium),
DKTC11 (Denmark), DB0FUB11 (Germany), IMIPOLI (Italy),
EB0UB011 (Spain) and TREARN (Turkey).

------------------------------

Date: 07 Sep 89 05:59:14 +0000
From: [email protected] (Jim Wright)
Subject: Macintosh anti-viral archive sites

# Anti-viral archive sites for the Macintosh
# Listing of 08 August 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Mac index for the virus archives can be retrieved as
request: mac
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

ifi.ethz.ch
Danny Schwendener <[email protected]>
Interactive access through SPAN/HEPnet:
$SET HOST 20766 or $SET HOST AEOLUS
Username: MAC
Interactive access through X.25 (022847911065) or Modem 2400 bps
(+41-1-251-6271):
# CALL B050 <cr><cr>
Username: MAC
Files may also be copied via SPAN/HEPnet from
20766::DISK8:[MAC.TOP.LIBRARY.VIRUS]

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
No access details yet.

rascal.ics.utexas.edu
Werner Uhrig <[email protected]>
Access is through anonymous ftp, IP number is 128.83.144.1.
Archives can be found in the directory mac/virus-tools.
Please retrieve the file 00.INDEX and review it offline.
Due to the size of the archive, online browsing is discouraged.

scfvm.bitnet
Joe McMahon <[email protected]>
Access is via LISTSERV.
SCFVM offers an "automatic update" service. Send the message
AFD ADD VIRUSREM PACKAGE
and you will receive updates as the archive is updated.
You can also subscribe to automatic file update information with
FUI ADD VIRUSREM PACKAGE

sumex-aim.stanford.edu
Bill Lipa <[email protected]>
Access is through anonymous ftp, IP number is 36.44.0.6.
Archives can be found in /info-mac/virus.
Administrative queries to <[email protected]>.
Submissions to <[email protected]>.
There are a number of sites which maintain shadow archives of
the info-mac archives at sumex:
* MACSERV@PUCC services the Bitnet community
* LISTSERV@RICE for e-mail users
* FILESERV@IRLEARN for folks in Europe

wsmr-simtel20.army.mil
Robert Thum <[email protected]>
Access is through anonymous ftp, IP number 26.2.0.74.
Archives can be found in PD3:<MACINTOSH.VIRUS>.
Please get the file 00README.TXT and review it offline.

------------------------------

Date: Thu, 07 Sep 89 01:00:07 -0500
From: [email protected] (Jim Wright)
Subject: list of unix sites

Here is the list of Unix sites as I have it. It obviously is in need
of some filling out. Information on access and contents of the
archives would be helpful. Also make sure to let me know about any
errors in the list.

Jim

- ------------------------
# Anti-viral and security archive sites for Unix
# Listing last changed 06 September 1989

attctc
Charles Boykin <[email protected]>
Accessible through UUCP.

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

netCS
Hans Huebner <[email protected]>
netCS is a public access Unix site in Berlin which is
also accessible through UUCP.

sauna.hut.fi
Jyrki Kuoppala <[email protected]>
Accessible through anonymous ftp, IP number 192.26.107.100.

ucf1vm
Lois Buwalda <[email protected]>
Accessible through

wuarchive.wustl.edu
Chris Myers <[email protected]>
Accessible through anonymous ftp, IP number 128.252.135.4.
A number of directories can be found in ~ftp/usenet/comp.virus/*.

------------------------------

Date: Thu, 07 Sep 89 14:40:52 -0500
From: IRMSS907%[email protected]
Subject: VM Virus Warning (IBM VM/CMS)

I got this from the PROFS-L discussion list...Mignon Erixon-Stanford

*** Forwarding note from KIEFFER --UNCANET 09/06/89 19:48 ***
Date: Wed, 6 Sep 89 18:16 PDT

A computer virus has just appeared in the CERNVM system in the form of
a set of files which copy themselves to your A-disk when you execute
the commands RELEASE or DROP. The mechanism is that there is a modified
RELEASE EXEC which invokes a module called DVHVIR which copies itself,
plus other files, to your A-disk. It is sufficient to be linked to a disk
containing these viruses to be vulnerable to them. Some of the copied files
pretend to be parts of the directory maintenance system and we do not
yet know what damage they may cause.
Please take the following action: look for any of the following files on
your disks and ERASE them at once

RELEASE EXEC
DVHGMN EXEC
DVHGKB EXEC
DMSXMS EXEC
DVHVIR MODULE

We are attempting to find the source of this virus and are taking
other preventative measures.

User Support

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253