VIRUS-L Digest Friday, 9 Dec 1988 Volume 1 : Issue 40 Today's Topics: ROM virus distribution (PC & general) Two VM/CMS files for LISTSERV Mace vaccine (PC) Virus talk in NYC Info on Mac Viruses undigestifying mail in VMS the cynics approach to CERTs On Morris' "guilt" Japanese viruses nVir at University of Alaska (Mac) --------------------------------------------------------------------------- Date: Thu, 8 Dec 88 17:38:43 -0500 (EST) From: Michael Francis Polis Subject: ROM virus distribution (PC & general) Somewhat related to hardware viruses is this idea: Suppose someone who repaired IBM PC's and clones wanted to spread a virus. The bootstrap ROMs probably have some extra space at the end of thier memory. By inserting a JSR to this memory into the cold boot interrupt, a short program there could be executed during boot-up, but before any operating system with file protection could be start. If the sum of the date and the day was say, divisible by 19, then this program would copy a small virus also stored in ROM into a program on the boot disk (if it was unwisely not write-protected), or the hard disk. From there these viruses would move from disk to disk in a normal manner. How many PCs do you think he could get to? How long do you think it would take before someone figured out where the viruses were coming from? Would something similar work with Macs? ------------------------------ Date: Thu, 08 Dec 88 18:49:49 EDT From: Jean Subject: Two VM/CMS files for LISTSERV I just sent two files to luken@lehiibm1. these are bitsend exec and bitrcv exec. ifthese could be used on listserv at lehiibm1 it would make getting files easier. It works on other listserv's so it probably will work there. bitsend breaks a file like one of the archives into smaller pieces which travel over the network very quickly. in case anyone is interested these can be requested from netserv@bitnic which is where I got them from. Acknowledge-To: [Ed. Thanks for the files; I'll look into whether or not they'll be useful here.] ------------------------------ Date: Thu, 08 Dec 88 19:04:53 EDT From: SSAT@PACEVM Subject: Mace vaccine (PC) Has anyone had any experiences yet with Mace's vaccine.com ? Good or bad, I would like to hear about it. It seems to be a fairly good program BUT once loaded it can be shut off, meaning that anyone worth his/her salt could stuff the keyboard buffer with VACCINE OFF and a carraige return and then tell the system to read the buffer. Acknowledge-To: ------------------------------ Date: Thu, 8 Dec 88 19:16 EST From: Dimitri Vulis Subject: Virus talk in NYC We got the following in the (snail) mail today: The New York Academy of Sciences Section of Computer and Information Sciences December 13, 1988 Tuesday 8:00 p.m. COMPUTER VIRUSES: SEARCHING FOR A CURE George Purdy Geier Professor of Computer Science University if Cincinnati Cincinnati, Ohio Computer viruses constitute a clear and present danger not only to computers themselves, but also to the complex systems used by banks, insurance companies, North American Radar Defense, and the New York Stock Exchange. At the moment, all that can be done against viruses is ``practice safe computing'' and hope for the best. Is there a defense against viruses? We are implementing a system of unparelleled security to detect unauthorized changes in users' files and software based on a new mathematically secure cryptographic function. This approach allows the deterction, isolation and excision of infected computer codes. (Illistrated with slides) Place: The New York Academy of Sciences 2 ast 63rd Street New York, NY 10021 Telephone (212) 838-0230 ADMISSION FREE (End of flier) I have a party planned for Tuesday night, so I can't go and any person whom I know who might go there and tell me what this was all about will presumably be at the party as well. This fellow Purdy does not ask for money upfront and does not quote figures like $20M in damages---a good sign. ------------------------------ Date: Thu, 08 Dec 88 12:36:20 EST From: Joe McMahon Subject: Info on Mac Viruses > I am interested in obtaining more information about viruses and the > Macintosh...I would like any and all information relating to viruses > and vaccines that are available. > >...I have a user who would like to purchase a vaccine... Ken Van Wyk (the VIRUS-L administrator) forwarded your note to me. We have a collection of virus documentation and anti-viral programs here on our LISTSERV at SCFVM. TELL LISTSERV AT SCFVM GET VIRUSREM $PACKAGE to see what files we have. The individual files can be ordered via TELL LISTSERV AT SCFVM GET file name. The files are all in BinHex4 format. You'll need to upload them as TEXT files to your Mac, and then use either BinHex4, BinHex5, or one of the more recent versions of StuffIt to get them into executable format. Many of the files are StuffIt archives, so you will probably need StuffIt in any case. I would recommend getting StuffIt first (if you don't have it), then the virus documentation stack, and then any other files which you might need. If you don't have a copy of BinHex4, I can send you text files of a Microsoft BASIC program and a Turbo Pascal program, each of which produces a copy of BinHex4. Also, you can get StuffIt from CompuServe or like services. Please drop me a note directly if you need more help. As far as purchasing a vaccine, the best ones I know of are free: 1) Vaccine from CE Software - guards against all known Mac viruses except the "Dukakis" HyperTalk virus 2) Dukakis Vaccine from Ian Summerfeld, Apple UK - guards against the "Dukakis" virus and other HyperTalk viruses. Both are available from the SCFVM LISTSERV. Note that neither is a guarantee of cleanliness; "safe computing" is the best defense. - --- Joe M. ------------------------------ Date: Fri, 9 Dec 88 02:36:43 EST From: Jefferson Ogata (me!) Subject: undigestifying mail in VMS I don't have a VMS undigestifyer, but I imagine VMS has a C compiler. It's pretty easy to write a C program that will undigestify a digest...I'd be happy to write it myself if it will come in handy; someone might want to fix it up for VMS -- I don't know what VMS file specifiers look like. Let me know if you want it. - - Jeff Ogata [Ed. That would be great, and then I'll make it available on the LISTSERV for other VMS users.] ------------------------------ Date: Thu, 8 Dec 88 16:54:41 EST From: Jefferson Ogata (me!) Subject: the cynics approach to CERTs Possibly this is primarily intended to assuage the public's fears about malicious attacks? - - Jeff Ogata ------------------------------ Date: Thu 08 Dec 1988 15:25 CDT From: GREENY Subject: On Morris' "guilt" Hi all.... I would just like to say that I think that the discussion of whether or not Mr. Morris is guilty or not is actually moot. No matter what we say, or do, it is probably not going to affect the outcome of his court case whatsoever (If he actually does get one...) Anyways, what I would like to say is that I think that the discussion of whether or not morris is guilty or not should be moved to the Ethics-L or Law-L lists and that we should get back to the topic at hand -- Viruses bye for now but not for long Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@cunyvm.cuny.edu ------------------------------ Date: Fri, 9 Dec 88 07:07:50 est From: preedy@nswc-wo.arpa Subject: Japanese viruses I just read a samll blurb in the Look Ahead section of Datamation November 15, 1988, p. 14. It was entitled Tokyo Flu. Has anyone heard about Japanese viruses or the team of software developers that they are gat gathering to produce an anit-viral package? The article also says that NEC was hit by a virus on its PC-VAN, and it is setting up a similar project. Pat Reedy ------------------------------ Date: Fri, 09 Dec 88 02:39:29 -0900 From: BILL _ POTTENGER Subject: nVir at University of Alaska (Mac) The nVir was discovered here at UAF last week in our Student Council's Mac lab. Looks like a lot of people's data bit the dust. UAF computer support has good vaccines to stenger ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253