VIRUS-L Digest Thursday, 9 Feb 1989 Volume 2 : Issue 42 Today's Topics: Re: How to book On virus education Finding ANTI (Mac) Interferon Question (Mac) The BOOK Information Request RE: Request for info... Interferon 3.0 (Mac) Protecting Public IBM PC's --------------------------------------------------------------------------- Date: Thu, 9 Feb 89 08:17:06 est From: preedy@nswc-wo.arpa.ARPA Subject: Re: How to book I think the book Konrad Neuwirth was talking about is Computer Viruses: A High-Tech Disease by R. Burger. It was translated from German (and is in English) and published by Abacus. The address for Abacus is: 5370 52nd Street, SE / Grand Rapids, Mi 49508. In the book, there are small programs for the PC that are written in assembly language, basic, and Pascal that are examples to show how different viruses work. There are examples of batch viruses and in the case of the network virus - Christmas.exec, the Christmas virus. He tries to explain in some cases how these work and even suggests the shell if this is for demonstration purposes. There is also a statement in the front of the book that states that the programs are for testing and demonstration programs only. Also there is a demonstration program on how the virus works. Hopefully this message is just descriptive. I didn't mean to have any public opinions on this book. I was just trying to give you an idea of what is in it, not the quality. Pat Reedy PREEDY@NSWC-WO.ARPA ------------------------------ Date: Wed, 8 Feb 89 20:15 EST From: Subject: On virus education Although I have no idea of when the first "virus" ever came on the scene, I have noticed that the rage of epidemics has increased steadily with the growing spirit of "sharing," at least in the PC community. I remember the days of logging onto bulletin boards and not really having to worry about trying someone's new, improved, handy-dandy program that prided doing everything but walking the dog. It's really a shame that just when we're at the brink of a great trend like this that people (like Mr. Morris) have to take advantage it. My my outburst is partly a comment on Art Weisenseel's message on the "Anarchist's Cookbook" for computers (n2v37), and partly a comment on Robert Radvanovsky's message on corporate intentional viruses. However, might I suggest something similar to what our Surgeon General has said about AIDS: Educate the people!!! If we can get it across to students in the colleges (high schools?) and to some people in the workplace that these "Malicious Pieces of Code" destroy an open atmosphere for software development on all levels and also waste of alot of precious time and money (I've seen the setup at Lehigh and everyone there works tremendously hard to prevent/control virus outbreaks) then maybe, just maybe, we could all get our work done without having to have twelve backups, two of which are locked away in a safety-deposit box somewhere. "There's a dark side to every powerful technology..." Michael Hawley, Programmers at work. Bob Rudis BITNET: RER1@SCRANTON ------------------------------ Date: Thu, 09 Feb 89 10:10:32 EST From: Joe McMahon Subject: Finding ANTI (Mac) The new ANTI virus works much like a PC virus, causing CODE segment 1 of applications to grow by a certain amount. If you've been using a checksumming program, you should be able to detect ANTI by running a checksumming sweep (the VCheck program will do this). Also, GoFer (sp?) can check the resource forks of files for the string "ANTI" (which is where the virus's name comes from). FEdit can also be used for this. Jeff Shulman (the author of VirusDetective (tm)) is planning on adding code to it to be able to scan for arbitrary hex sequences in a file. Also, it has been sent on to Bob Woodhead, who will be working on adding it to Virex. More as it develops... --- Joe M. ------------------------------ Date: Thu, 09 Feb 89 10:15:37 EST From: Joe McMahon Subject: Interferon Question (Mac) The message you are getting reads, I think, "This is not an _HFS_ disk." The disk you are trying to check is an old 400K MFS-formatted disk, which uses the OLD Mac file system from before System 3.0. Interferon cannot check these disks. I don't use 400K disks now. Have you tried Virus Rx against those? Also, you might want to copy those to an 800K disk and then check them. --- Joe M. ------------------------------ Date: Thu, 9 Feb 89 10:44 EST From: Subject: The BOOK I talked to Bill Machrone, PC MAG columnist, a few days ago. He confirmed for me that the book he alluded to was indeed "Computer Viruses- A High Tech Disease", by Ralf Burger, American (English language) publisher, Abacus, 5370 52nd Street SE, Grand Rapids, MI 49508, ISBN #1-55755-043-3, Copyright 1988. Originally published in German by Data Becker, GmbH, Merowingerstrase 30, 4000 Dusseldorf, West Germany. The phone number for Abacus is 1-800-451-4319. The book is good. The viruses, worms, etc do work. We have tried them. What do you think of the ethics of asking our librarian to remove it from general circulation? Steve Rogowski Computing Center SUNY-Albany 518-442-3767 ------------------------------ Date: Thu, 9 Feb 89 13:06:58 EST From: ca126 Subject: Information Request I am a second year computer science student at the City University, London, England. As part of my degree course I am writing a project on UNIX security with three fellow students. I have received a report on the internet worm, written by Bob Page, and wondered if you could send me more information on viruses/worms found on various networks, their (apparent) purpose and the methods used to prevent their spread. I would be grateful if you could also send me Bob Page's email address, as it was not included in the report, and I have been unable to contact him as yet. Thanking you in anticipation, Adrian Jones. ca126%city.ac.uk@cunyvm.edu also David Brownlee. ca121%city.ac.uk@cunyvm.edu Pete More. ca130%city.ac.uk@cunyvm.edu Ian Taylor. ca146%city.ac.uk@cunyvm.edu The lecturer supervising the project is:- Sunil Das. sunil%cs.city.ac.uk@cuny.edu [Ed. This message was improperly sent to VALERT-L; please do not respond to it there. The author has been informed.] ------------------------------ Date: Thu, 9 Feb 89 13:16 EST From: "Mark H. Anbinder" Subject: RE: Request for info... Interferon 3.0 (Mac) Interferon is telling you that the disk you are giving it is not an HFS disk (not HPS). HFS stands for Hierarchical Filing System, and is the Macintosh disk format that is the current standard. Before the MacPlus came out, MFS (Macintosh Filing System) was the disk format. The easiest way for the average user to tell the difference between an HFS and an MFS disk is that the HFS disk holds 800K and the MFS disk holds 400K. In any case, the Interferon program can not check for viruses on the old format, MFS disks. If you want more information about the real differences between MFS and HFS... an MFS disk is organized as a flat, single-level storage space. The folders are just provided to neaten the desktop. In HFS, the folders are actually logical subdirectories, much as you'd find on an IBM PC, or on many mainframes (though NOT under CMS on an IBM mainframe). This allows you to group your files in ways that actually matter when you're using your computer. To tell whether a disk is MFS or HFS (the 400/800K distinction is not universally true), look in any of that disk's windows, at the double line below the title bar and below the information about the number of files, the amount of space available, and so forth. At the extreme left of this double line, an HFS disk has a pixel between the two lines, and an MFS disk does not. Forgive me if this isn't clear... it's much easier to explain graphically than in words! I'll be happy to try again if anyone wants more (or clearer) information. Mark H. Anbinder THCY@VAX5.CIT.CORNELL.EDU THCY@CRNLVAX5 ------------------------------ Date: Thu, 09 Feb 89 15:13:33 EST From: Claude Goldman Subject: Protecting Public IBM PC's I work for Computing and Information Services at Brown University. We have publicly available PCs and would like to protect then against virus and if that fails detect the presence of virus on hard disks and floppys. Can this list suggest either PD/Shareware or Comerical software? Additional is there a way of testing this software without actually infectiong a machine? Any help would be appreciated. If responses are sent to me I will gladly summarize the results and post them to the list to reduce network traffic. Acknowledge-To: ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253