VIRUS-L Digest Wednesday, 14 Dec 1988 Volume 1 : Issue 46 Today's Topics: Fred Cohens Thesis VIRUS WARNING: Brain Virus at Yale Information Overload Re: modem virus >> TROUBLE << - Brain virus on distribution disk (PC) --------------------------------------------------------------------------- Date: Tue 13 Dec 1988 17:25 CDT From: GREENY Subject: Fred Cohens Thesis Hiya all, I too have been attempting to get a copy of Fred Cohens thesis and I finally broke down and went into the library and heres what I dug up. 1) I looked in the lists of dissertations after getting the librarian to look it up for me on DIALOGUE. 2) The only copies available are directly from the Micrographics Department at University of Southern California (los angeles I think....) So I put my interlibrary request thru, and Im still waiting three weeks later. I think Ill just buy one....by the time interlibrary loan comes thru, Ill be 95 yrs old...:-> Bye for now but not for long Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@cunyvm.cuny.edu ------------------------------ Date: Wed, 14 Dec 88 15:31:46 EST From: "Conrad Jacoby (DC)" Subject: VIRUS WARNING: Brain Virus at Yale Howdy!! Last night one of our computer consultants encountered a user who had all his disks infected with some version of the BRAIN virus. We're working on figuring out where any infected sites might be, as well as try to detect any changes that have been made to the Brain to change it from its original code. As we do not know how long this user (who is a Yale Grad Student) might have had his disks infected, it might be prudent if you have visited Yale recently and used a PC there to check your disks. We're hoping it was just a very isolated outbreak. - -------------------------------------------------------------------------- Conrad J. Jacoby P.O. Box 3805 Yale Station Yale University New Haven, CT 06520 Sterling Memorial Library (203) 436-1402 "Generalist at Large" Jacoby@Yalevm.Bitnet @Yalevm.ycc.yale.edu - -------------------------------------------------------------------------- [Ed. This is a reposting (the first!) from VALERT-L...just for those who might be interested.] ------------------------------ Date: Wed, 14 Dec 88 15:02 EST From: Lynn R Grant Subject: Information Overload Regarding the recent complaints about too much information on Virus-L to be able to find anything, I had a thought: how much smaller would the Virus-L digests be if we cut back on the long right-bracketed quotations from previous entries and the multi-line signiture blocks, complete with pictures, cursive signatures, and quotations from favorite cartoon characters? I'm rather new to Virus-L, so I don't know to what degree these things are an essential part of the Virus-L culture, but its a thought. Lynn Grant [Ed. The right hand bracket quotations can certainly be cut to a minimum from time to time, leaving just enough to get the pertinent information across, in my opinion. As for the signatures, being somewhat of an, er, culprit myself...I believe that a 5 line signature is a generally accepted network etiquette standard, and I don't see anything wrong with getting five lines of identifying text in. Any, er, additional text in those five lines doesn't do much harm, I should think... :-)] ------------------------------ Date: Wed, 14 Dec 88 14:27:54 CST From: "Rich James" Subject: Re: modem virus It looks to me like the initial announcement of this purported virus was itself a virus attack against human hardware! It cleverly exploits the current pitch of fear about viruses, and has a phenomenal infection rate. Thanks goodness it's relatively benign! Think of it now folks: How could a self replicating virus become embedded in registers which are used to hold data, not program instructions? The only memory used to hold program instuctions in a modem is ROM. Data registers are treated as DATA. Getting a modem to treat a data register as program input would require the exploitation of a known bug in the modem's ROM program. Such ROMs are anything but standard .. they vary between manufacturers and between models and revisions of modems from the same manufacturer. How likely is it that an industry standard modem protocol would have an 'unused bandwidth' sufficient to allow simultaneous transmission of a separate data stream? It wouldn't be much of a protocol if it ignored such potentially useful bandwidth. How could such a virus convince the terminal program running on the computer to modify system files, especially in a user-transparent way? (it's easy enough to clobber a file by writing over it, but patching a machine code file or RAM resident code in a transparent way is pretty non trivial) Remember, incoming modem data is treated as DATA, not program information. Again, this would require exploitation of a known bug common to all or many modem programs, and all or many error correcting protocols. Seems a tad unlikely. Education=immunization. ------------------------------ Date: Wed, 14 Dec 88 18:26:40 EDT From: SSAT@PACEVM Subject: >> TROUBLE << - Brain virus on distribution disk (PC) I just received my own personal copy of a popular IBM word processor >> DIRECT FROM THE MANUFACTURER << in a sealed carton, and guess what? When I installed it, it decided to be nice and loaded my disks with BRAIN! Yes, the disks I installed it on were BRAND NEW and freshly formatted from a secure copy of DOS. I don't want to mention any names here, but I spoke to the manufacturer who was not at all surprised (in my opinion) that this had happened. To reiterate, it DID NOT happen at Pace University, but to my own personal copy of [Ed. of? of what? I don't think that mentioning the name here, if indeed the virus is on the distribution disk, would do any harm; quite the contrary, it would warn innocent (prospective) buyers.] ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253