VIRUS-L Digest Monday, 12 Dec 1988 Volume 1 : Issue 42 Today's Topics: Public CERT Teams Paper viri and postage Sending .arc files from vax/vms to ibm/vm userids CHRISTMA EXEC?? Kids Stuff!!!! (IBM VM/CMS) Virus Carried by >2400 baud modem carrier --------------------------------------------------------------------------- Date: SAT, 10 DEC 88 13.11.11 EST From: "Scott J. Ellentuch" Subject: Public CERT Teams The idea of a CERT team is nothing new. The Air Force (I believe) has what they refer to as a "Tiger Team". Basically they are specialized in penetration testing. They will set up a coordinated effort to get into a computer system and then point out any weak spots. This service is also available to the public sector from only a few companies. Using the techniques of computer "hackers/crackers" (Since some team member ARE ex-hackers/crackers) they will attempt to launch a full scale attack on your computer system. When (and if) they gain entry they will inform you as to where the weak spot was and suggestions on how to improve security. This service usually runs for 1 week. Another service available is where they will log onto private electronic bulletin boards and check to see if there is any information about your system (Dial up #, passwords, etc) on those boards. Any such information is sent to the owner for further actions. This service usually lasts for one month. These people are also available to speak at conferences in the fields of cowhen relating to computer "hackers/crackers" and phone "phreaks" If anyone is interested in more information, please contact me personally by email.......Scott J. Ellentuch KFBT@MARISTB.BITNET ------------------------------ Date: Sat, 10 Dec 88 12:56:34 PST From: Robert Slade Subject: Paper viri and postage Regarding the recent messages about a "personals" virus, and the "caution" slowdown, a wirter in RISKS-FORUM suggested that a really fiendish virus would be to send out a notification of a really serious (and totally fictious) virus that was so dangerous you should reformat *everything* you own, and send away for replacements of *all* your software. *But first* spread the message to everyone you know, so they won't get caught ... Also, I have had a number of requests from those in the States as to how to get Canadian postage. No, the Canadian post office doesn't accept American postage. (I have had people send cas in the States.) As the international community is aware, there are such things as "International Reply Coupons" which allow you to, essentially,prepay the return postage at your post office. Unfortunately, I do not have access to Quad density disk drives at home, so you must use 360 or 720 K. And, I have not received a request in a year and a half for Apple or Mac format. I do not think, given how behind I am in just compiling the stuff, that I can accomodate those requests. Again, please don't ask for the stuff via email. ------------------------------ Date: Sun, 11 Dec 88 19:09 EST From: Subject: Sending .arc files from vax/vms to ibm/vm userids I am a recent subscriber to VIRUS-L and became one because I discovered the Brain virus on some of my floppies. I've managed to get a copy of FSP_14.arc from uxe.cso.uiuc.edu via anonymous ftp. I've also downloaded it onto my PC and have De-Arced the contents and it runs fine on my PCrd because I live off campus and there are too many people on campus who are perpetually logging into his boa rd. He has a VM account (on the IBM 3090) to which I could send this file if I can determine how. This file is currently on my VAX/VMS account. I've tried sending it with the /binary and the /binary/netdata options of the send/file command but when its downloaded it cannot be de-arced. I was wondering of some one else encountered this problem and how it could be remedied. I'm sorry this doesn't pertain directly to viruses, but there are a lot of students out there who would benefit greatly if I could make it available on their BBS. Any help or leads would be greatly appreciated. - -Mathew Mathai Student Virgina Tech (aka VPI & SU) Blacksburg, VA. ------------------------------ Date: Sun, 11 Dec 88 22:39:38 EST From: Gabriel Basco Subject: CHRISTMA EXEC?? Kids Stuff!!!! (IBM VM/CMS) We got a REXX psuedo-compiler, tns besides the all the XMAS EXEC stuff.. PUSH 'YES' 'FORMAT 191 A' Is there a way to fight back? Or should we just don;t run any programs that appear in the READER?? Gabe ------------------------------ Date: Tue, 6 Dec 88 08:33:44 PST From: eto@elroy.jpl.nasa.go Subject: Virus Carried by >2400 baud modem carrier This memo has been distributed at JPL, but I have not run across mention of the virus anywhere else: Subject: New Virus Sender: David I NAKAMOTO / JPL/01 Contents: 2. Part 1. TO: JEMS / JPL/01 Part 2. There is a new virus out there that is carried on the subcarrier of modems running at 2400 baud or higher. This virus was discovered by someone working in a Telecommunications company in Seattle. From my information, this virus is transmitted during a binary file transfer and uses the subcarrier to change registers inside your modem to spread the virus around. That's how it replicates. The virapparent cure is to cycle the power on the modem or reset the modem registers BY HAND. To prevent the spread of the virus, it is recommended that you use 300 or 1200 baud only, that you refrain from file transfers, that sysops close their file transfer areas, and make backups of your hard disk every day in case of infection. Four systems are known to be infected with this virus, none on lab that I know of. A possible hardware fix is being developed that filters the subcarrier for this virus. End of Item 2. ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253