VIRUS-L Digest Tuesday, 22 Nov 1988 Volume 1 : Issue 17 Today's Topics: Coming Survey request for info on ibmpc virus -- "@:)" (PC) Hardware damage... Book (micro) Prosecution of Morris CSI-proceedings Re: Jerusalem Virus... (PC) --------------------------------------------------------------------------- Date: Mon, 21 Nov 88 17:28:20 EST From: Ron Dawson <053330@UOTTAWA> Subject: Coming Survey HI THERE! Just dropping a note to inform you that in the next couple of days, you will be graced with a survey. This survey is for a research paper that we are doing on Malicious software(Such as Viruses, Worms, Trojan Horses, etc.). The survey will attempt to determine what problems you or your organization has had from malicious software and the results. I am sure that you will all be jumping at the opportunity to help us with our research. The responses will be kept confidential and the results will be posted back to this list. The survey should be sent on Tuesday or Wednesday (22 or 23 Nov). Hope to be hearing from you soon. (Note: Detailed instructions will be included in the preamble to the survey) Ron Dawson 053330@UOTTAWA Systems Science - University of Ottawa J. Lin LINHG@UOTTAWA Administration - University of Ottawa Steve Adamson 453140@UOTTAWA MBA Program - University of Ottawa Tom Kannemann 385230@UOTTAWA MBA Program - University of Ottawa ------------------------------ Date: Mon, 21 Nov 88 18:35 EST From: "DANNY CHORIKI AT DAC@CUNYVMS1.BITNET" Subject: request for info on ibmpc virus -- "@:)" (PC) greetings netters! We seem to have been hit by a virus. What do you know? The following is what we know at 6:30 est 11/21/88. 1. ibmpc's with hard disk 2. dos 3. infected files have the following TWO characters all over them "@smiley face". That's hex 30 02 as my key board does not have the right keys. 4. infected program files seem to stop operations 5. we know that the virus can be copied when a file is copied or in an infected file 6. the virus wipes out the root directory of a hard disk Have others seen this one? Have we given it a name? (how about @ sh*tface?) ;> Anywhere to look for more info? Send stuff to me at the following addresses: bitnet dac@cunyvms1 internet dac%cunyvms1.bitnet@cunyvm.cuny.edu or something like that depending on the state of mind of the computer you are sending from and if it's new to this group I'll summarize to the net. BTW, "we" are the academic computer center for the Graduate School at City Univ. of New York. This is our second known virus, as we just beat back a benign version of "brain" with help from Virus-L. Yah! Be talking at ya, Danny Choriki ------------------------------ Date: Mon, 21-NOV-1988 19:53 EST From: The CAEC managers Subject: Hardware damage... Hello everyone, On the topic of hardware damage caused by a virus (somebody impail me if my memory isn't correct about this one!), I seem to remember about 4 or 5 years ago, I big discussion about a program (virus, whatever!) that would literally fry all of the chips in certain Radio Shack portable computers. If memory serves me correct, it worked by setting some of the interrupts accessed by the CPU (for clock speed), to a different value, causing the CPU to overheat and fail. I know that you can modify the CPU speed on Radio Shack Color Computers by a simple poke to a given address, which causes the CPU speed to double. You can quadruple the speed of the CPU, but buy then the associated chips, (like the address multiplexing chip) cannot keep up. This little poke was employed by quite a few software vendors to speed up the execution time of their programs - ******************************************************************************* * Tom Kurke Bitnet: CAEC@VUVAXCOM * Computer Consulant Snailmail: Villanova University * Computer Aided Engineering Center Villanova, PA 19085 * College of Engineering MABellnet: (215) 645-7360 * * Disclaimer: The views mentioned above are my own, not my employers. Come * to think of it, if they were, it would be strange times indeed! ******************************************************************************* ------------------------------ Date: Mon, 21 Nov 88 19:59:35 CST From: James Ford Subject: Book (micro) This is taken from the Nov. 21 edition of US News & World Report (page 82, Virus-Proofing Your PC). - ------------------------------------------------------------------------ [Article begins] . . The book "Online Auditing Using Microcomputers" ($28) by computer-security specialist Jerry FitzGerald has computing tips and 14 free vaccines. To order, write FitzGerald Associates, 506 Barkentine Lane, Redwood City, Calif. 94065. [End of article] - ------------------------------------------------------------------------ Has anyone heard of this? Does anyone know what the 14 free vaccines are? Are they worth anything, or just public domain/sharewear files? James ------------------------------ Date: Tue, 22 Nov 88 03:32:04 EST From: Jefferson Ogata (me!) Subject: Prosecution of Morris There seem to be two camps here: one says prosecute the hell out of this guy, the other says go easy on him. The prosecution camp's rationale seems to be this: by maximizing the penalty for damaging programming, especially in a highly publicized case, we can scare more people away from evil hacking. The go-easy camp's rationale seems to be this: he didn't mean any harm, so don't penalize him, even though he caused (at some estimates) $20 million worth of damage. [Ed. Whose estimate is that?] I think it's pretty clear that the first camp has the stronger case. I'm sure Union Carbide didn't mean any harm when they negligently released poison gas in India a few years back, blinding and killing thousands of people. The fact remains that damage has been done, and it is the normal practice to place the blame on the instigator, regard- less of his or her intentions. Consider a drunk driver who kills ten pedestrians one night. The driver had no intention of killing anyone, however he is still to blame, largely because he arranged the circumstances that caused him to kill those people. By drinking and then driving he endangered others. Morris is similar in that he chose to experiment with a dangerous program on a computer connected to the Internet. This was negligent behavior that demands punishment. So there's my opinion, for what it's worth. I'm sorry for the guy, in the same way I might be sorry for a drunk driver, but I can't argue that he should be treated leniently. - - Jeff Ogata ------------------------------ Date: Tue, 22 Nov 88 11:25:13 MET From: Martin Jansen Subject: CSI-proceedings To: VIRUS-L@LEHIIBM1.BITNET Hello, Can anybody tell me if there are proceedings available from the latest Computer Security Institute Conference (held in Miami Beach)? And, if yes, where can you order them? Thanks. Martin J. University Computing Centre Nijmegen, Holland ------------------------------ Date: Tue, 22 Nov 88 14:14:16 +0200 From: Y. Radai Subject: Re: Jerusalem Virus... (PC) I must confess that I find it rather difficult to understand the messages that have been coming from Pedro Sepulveda J. on the so-called "Jerusalem Virus" which has appeared at his university in Chile. In response to his original message (Oct. 22) to VIRUS-L, I wrote to him asking what evidence he has that what he has is really the "Jerusalem virus". His reply indicated similarities to the Friday-the-13th Israeli virus, but differed in some details (which might have been inaccuracies in his description instead of real differences). On Nov. 7 I sent him a description of the Israeli virus(es), but have received no reply from him. Now (Issue 15 of the digest) he tells us that > it has been developed a program which take out the JV virus > from the .COM files. Well, all I can say that if this really is the "Jerusalem Virus" (i.e. the Friday-the-13th or any other Israeli virus) then Pedro and Co. are re-inventing the wheel, since (as was published in VIRUS-L and many other newsletters and digests) we developed an antidote for both COM and EXE files over 10 months ago. And if this is not an Israeli virus, then why on earth does Pedro insist on calling it the "Jerusalem virus"??? Y. Radai Hebrew Univ. of Jerusalem ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253