VIRUS-L Digest Tuesday, 29 Nov 1988 Volume 1 : Issue 24 Today's Topics: Re: General virus query RE: Auto-Configuring PC's Attitude of Alvi brothers re: Brain virus (PC) On the local front... Free Virus booklet RTM: Hacker or Hero? --------------------------------------------------------------------------- Date: Tue, 29 Nov 88 10:05:19 EST From: Joe McMahon Subject: Re: General virus query In response to Dave's question about viruses: I don't collect viruses, and do not plan to do so. I distribute the anti-viral software; my tale on it is that you don't want viruses around at all, even if you know where they are. - --- Joe M. ------------------------------ Date: TUE NOV 29, 1988 12.39.02 EST From: "David A. Bader" Subject: RE: Auto-Configuring PC's The IBM AT's (and clones) use CMOS ram to store information needed on bootup (number of disk drives, type of hard disk, monitor type, memory, etc.). If you remember a program from a while back, FluShot Plus 1.2 (the latest version of FSP is 1.4, BTW.) had a problem doing CMOS checking on AT's. It read the information in, but did not write it back correctly, and thus, corrupted the memory. On the next bootup, one could go crazy trying to figure out why the computer would not find a hard disk, or something like that (I know I spent an hour in shock.). Anyway, if this program could mistakenly do that, there is a *fairly* good chance that a small little virus could do that also. :-) *** PLEASE NOTE *** This problem with FluShot Plus has been corrected in FSP version 1.4 . David Bader DAB3@LEHIGH ------------------------------ Date: Tue, 29 Nov 88 12:00 EDT From: Stephen Tihor Subject: Attitude of Alvi brothers re: Brain virus (PC) > He created a 'virus', a self-replicating program that would 'infect' > an unauthorised user's computer, disrupt his operations and force the > user to contact Alvi for repairs. The Alvi brothers then started > copying commercial programs and selling the 'bootleg' copies at a > steep discount. Pakistani customers were sold clean, uncontaminated > copies. However foreigners, particularly Americans, were sold 'virus'- > ridden versions. > ... " This was discussed on RISKS a few weeks ago. The story there was that Alvi sold bootleged copies of American Software since there is no software copyright in Pakistan. But in a moral act when a foreigner bought a copy planing to take it back to the States or the EEC (he assumed) where it would be illegal he gave him a virus infected copy since that was stealing the software. A very legal attitude. ------------------------------ Date: Tue, 29 Nov 88 10:29 MDT From: "CARLA M. CALLAHAN, (303) 492-8176" Subject: On the local front... I have been very interested in reading about the different viruses that seem to be cropping up in different universities around the US and Europe, but there is one element of all this that no one seems to write to Virus-L about. Dealing with a virus technically is one thing, but what about politically? When do different institutions, after discovering that they have a virus, announce it to users? How do you announce it? Do you find that pandemonium breaks out? How up-front have you been with your local users about the viruses that have been sighted in other locations other than your own? These are difficult questions for us from a non-technical standpoint because here at CU, we have a computing magazine and there is a lot of debate about how much the users should be informed. Some staff think that if you talk about viruses openly, you are inviting "copycat viruses", or a panic from that section of the community that has less understanding about what "having a virus" really means. I would welcome your comments. Lord knows we could all use some suggestions... Carla Callahan callahan_c%cubldr@vaxf.colorado.edu ------------------------------ Date: Mon, 28 Nov 88 17:39:01 CST From: "Mark S. Zinzow" Subject: Free Virus booklet To: Virus Discussion List This is from the November 23, 1988 issue of BUSS The Independant Newsletter of Heath/Zenith Computers #157, p. 2. Free Booklet on Computer Viruses "A new booklent on computer viruses is availa- ble free from Computer Security Institute. The pocket-sized, eight-page booklet, 'A Manager's Guide to Computer Viruses: Symptoms and Safeguards,' is aimed at individuals with man- agement responsibilty who are concerned about protecting the organization's computer systems. "The booklet describes what computer viruses are, how they operate, types of damage they can cause to programs and data, and how to detect their presence. It also discusses ways of protecting against them--how to keep viruses from infecting computer systems and how to get them out if they are found. The booklet includes a list of commercially available products de- signed to detect, combat, and/or repair damage caused by computer viruses. "To obtain a copy of the booklet, write Vanessa Gilmore at Computer Security Insti- tute, 360 Church St., Northborough, MA 01532. Important: Each request must include a self-ad- dressed, business-size envelope with $0.25 postage affixed." Although the newsletter bears no copyright notice, I will assuage my guilt for quoting the article in its entirety with a personal endorsement that I've read the newsletter for about five years and have always found it full of little gems well worth the subscription. Here is the publication info.: BUSS Published by Sextant Publishing Company 716 E Stree, S.E., Washington, DC 20003 Editor: Charles Floto, 202/544-0484 8 issues for $19 ($24 overseas) 16 issues for $29 ($40 overseas) Published 16 times a year Subscription Action Line: 202/544-0900 - -------Electronic Mail----------------------------U.S. Mail-------------------- ARPA: markz@vmd.cso.uiuc.edu Mark S. Zinzow, Research Programmer BITNET: MARKZ@UIUCVMD.BITNET University of Illinois at Urbana-Champaign CSNET: markz%uiucvmd@uiuc.csnet Computing Services Office "Oh drat these computers, they are 150 Digital Computer Laboratory so naughty and complex I could 1304 West Springfield Ave. just pinch them!" Marvin Martian Urbana, IL 61801-2987 USENET/uucp: {ihnp4,convex,pur-ee,cmcl2,seismo}!uiucdcs!uiucuxc!uiucuxe!zinzow (Phone: (217) 244-1289 Office: CSOB 110) ihnp4!pyrchi/ \markz%uiucvmd ------------------------------ Date: Sat, 26 Nov 88 13:19:44 PST From: pjs%plato.Jpl.Nasa.Gov@Hamlet.Bitnet Subject: RTM: Hacker or Hero? A few thoughts on the current "penalty debate": "Homer W. Smith" writes: >In fact >we should give him the opportunity to help us prevent such occurances >in the future and thus make amends to us and justify his existance to >the rest of the world. [...] I vote for mercy with amends and community >service. Just a practical note here... the virus infected approx. 6,000 systems; if we assume that it cost an average of 4 person-hours to decontaminate and secure each system (ignoring subsidiary elective efforts such as the decompiling, FBI investigation, etc), that's 24,000 hours of amends for RTM, or 12 years of full-time work. A little steep, don't you think? :-) The "he didn't do any damage, he did us a favor by pointing out holes in our security" argument has a flaw. If someone exploits a bug in my burglar alarm, doesn't steal or damage anything, but (closest parallel I can think of to the RTM worm) fills every room with helium balloons so that when I return I can't move around until I've taken them all down, I don't think there would be much debate in a court of law that the offender was guilty of burglary and some penalty would be imposed. Not as great as it would be if there had been theft/damage, though. Just because you know of a bug in my security doesn't mean you have to exploit it to inform me of it. [I'm sneakily avoiding revealing my actual opinion in the matter. I just like to examine lines of reasoning.] Peter Scott (pjs%grouch@jpl-mil.jpl.nasa.gov) ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253