VIRUS-L Digest Tuesday, 30 May 1989 Volume 2 : Issue 122 Today's Topics: comp.virus gets undigestified Mac II virus? re: Virus writing - crime? Computer Law (long) New Virus for the PC Dirty Dozen update --------------------------------------------------------------------------- Date: Tue, 30 May 89 11:40:26 EDT From: luken@ubu.cc.lehigh.edu (Kenneth R. van Wyk) Subject: comp.virus gets undigestified Comp.virus readers will be happy to see that the VIRUS-L digests are now being undigestified as they get spooled to the usenet newsgroup comp.virus. Hopefully, this will make things easier for news users. It also makes the subject line even more important than before, so I'd like to request everyone's assistance in using informative subject lines. Without a good subject line, your message is more likely to be ignored - particularly by people reading comp.virus. Thanks, Ken ------------------------------ Date: Tue, 30 May 89 08:34:30 PDT From: gutman@manta.nosc.mil (Lewis M. Gutman) Subject: Mac II virus? I'm not sure I'm having a virus problem, but I wanted to check if anyone has had similar experiences. After attending a virus seminar, I went back and checked my Mac II, and noticed that the System file had been modified earlier that day. I ran Interferon 3.1 and it showed a virus type 003 in my TOPS file. The Interferon documentation says that virus type 003 is the "SNEAKS" virus, and that this virus affects the INITs in the System folder. There are only 6 INITs in my System folder, one for each of the three TOPS files: TOPS, SOFTTALK, and SPOOL. EasyAccess has three INITs. I ran ResEdit over all the INITs and couldn't find any strings like "Evil Wizard," or anything else overtly suspicious. Another symptom: I've been running Gatekeeper in Notify Only mode for the past month, and whenever I bring up the machine, it gives warnings for SPOOL and TOPS. I've ignored those messages, thinking that TOPS (and SPOOL) were just performing some misinterpretted, but legal operation. Anyone having similar experiences? Am I infected? Thanks. Lew Gutman Naval Ocean Systems Center San Diego, Ca. (619) 553-4958 ------------------------------ Date: 30 May 1989, 11:48:00 EDT From: David M. Chess Subject: re: Virus writing - crime? > ... but then i thought that if you do not copy diskettes you do > not have viruses. Diskette copying is a crime, ofcourse, so... As I'm sure other folks will point out as well, there are two errors here. First, it's not true that "if you do not copy diskettes you do not have viruses". Viruses can spread in all sorts of ways, including buying diskettes with legitimate software on them, getting and running public domain executable files, and even just from putting a diskette into an infected machine and doing a DIR on it! Second, it's not true that "diskette copying is a crime". Some instances of diskette copying (and file copying) are violations of copyright laws. But many are not; many programs are in the public domain, or may be copied in some circumstances without violating the license; there are All Sorts of Terms and Conditions out there, and by no means is "diskette copying" always a "crime". I think it's very (very very) important to keep firmly in mind the fact that viruses typically spread through legitimate actions by legitimate users; the myth that viruses are only spread by grubby criminals and law-breaking teenagers trading pirated software is potentially a very dangerous one. OBEYING THE LAW DOES NOT MAKE YOU IMMUNE FROM COMPUTER VIRUSES, and having a virus does not mean that you have broken the law! DC ------------------------------ Date: Tue, 30 May 89 11:06:30 CDT From: "Len Levine" Subject: Computer Law (long) >My question is if virus writing is a crime. I have thought of this >question a lot. At the begining i thought that it must be a crime >because people write this program in order to erase data to other >people but then i thought that if you do not copy diskettes you do not >have viruses. Diskette copying is a crime, ofcourse, so virus writing >is not a crime because people wouldn't had them unless they copy >diskettes. The following (long) document is the computer law for the state of Wisconsin. Other states have similar laws. Virus writing is against the law if damage occurs. The penalty is proportional to the amount of damage. o / -------------------x----------------------------------------- O \ -- Computer Law - State of Wisconsin Statute -- Chapter 293, Laws of 1981 943.70 Computer crimes. (1) DEFINITIONS. In this section: (a) "Computer" means an electronic device that performs logical, arithmetic and memory functions by manipulating electronic or magnetic impulses, and includes all input, output, processing, storage, computer software and communication facilities that are connected or related to a computer in a computer system or computer network. (b) "Computer network" means the interconnection of communication lines with a computer through remote terminals or a complex consisting of 2 or more interconnected computers. (c) "Computer program" means an ordered set of instructions or statements that, when executed by a computer, causes the computer to process data. (d) "Computer software" means a set of computer programs, procedures or associated documentation used in the operation of a computer system. (dm) "Computer supplies" means punchcards, paper tape, magnetic tape, disk packs, diskettes and computer output, including paper and microform. (e) "Computer system" means a set of related computer equipment, hardware or software. (f) "Data" means a representation of information, knowledge, facts, concepts or instructions that has been prepared or is being prepared in a formalized manner and has been processed, is being processed or is intended to be processed in a computer system or computer network. Data may be in any form including computer printouts, magnetic storage media, punched cards and as stored in the memory of the computer. Data are property. (g) "Financial instrument" includes any check, draft, warrant, money order, note, certificate of deposit, letter of credit, bill of exchange, credit or credit card, transaction authorization mechanism, marketable security and any computer representation of them. (h) "Property" means anything of value, including but not limited to financial instruments, information, electronically produced data, computer software and computer programs. (i) "Supporting documentation" means all documentation used in the computer system in the construction, clarification, implementation, use or modification of the software or data. (2) OFFENSES AGAINST COMPUTER DATA AND PROGRAMS. (a) Whoever willfully, knowingly and without authorization does any of the following may be penalized as provided in par. (b): 1. Modifies data, computer programs or supporting documentation. 2. Destroys data, computer programs or supporting documentation. 3. Accesses data, computer programs or supporting documentation. 4. Takes possession of data, computer programs or supporting documentation. 5. Copies data, computer programs or supporting documentation. 6. Discloses restricted access codes or other restricted access information to unauthorized person. (b) Whoever violates this subsection is guilty of: 1. A Class A misdemeanor unless subd. 2, 3 or 4 applies. 2. A Class E felony if the offense is committed to defraud or to obtain property. 3. A Class D felony if the damage is greater than $2,500 or if it causes an interruption or impairment of governmental operations or public communication, of transportation or of a supply of water, gas or other public service. 4. A Class C felony if the offense creates a situation of unreasonable risk and high probability of death or great bodily harm to another. (3) OFFENSES AGAINST COMPUTERS, COMPUTER EQUIPMENT OR SUPPLIES. (a) Whoever willingly, knowingly and without authorization does any of the following may be penalized as provided in par. (b): 1. Modifies computer equipment or supplies that are used or intended to be used in a computer, computer system or computer network. 2. Destroys, uses, takes or damages a computer, computer system, computer, network or equipment or supplies used or intended to be used in a computer, computer system, or computer network. (b) Whoever violates this subsection is guilty of: 1. A Class A misdemeanor unless sub. 2,3 or 4 applies. 2. A Class E felony if the offense is committed to defraud or obtain property. 3. A Class D felony if the damage to the computer, computer system, computer network, equipment or supplies is greater than $2,500. 4. A Class C felony if the offense creates a situation of unreasonable risk and high probability of death or great bodily harm to another. -- Penalties for Infractions -- 939.50(3) Penalties for felonies are as follows: (a) For a Class A felony, life imprisonment. (b) For a Class B felony, imprisonment not to exceed 20 years. (c) For a Class C felony, a fine not to exceed $10,000 or imprisonment not to exceed 10 year, or both. (d) For a Class D felony, a fine not to exceed $10,000 or imprisonment not to exceed 5 year, or both. (e) For a Class E felony, a fine not to exceed $10,000 or imprisonment not to exceed 2 year, or both. 939.51(3) Penalties for misdemeanors are as follows: (a) For a Class A misdemeanor, a fine not to exceed $10,000 or imprisonment not to exceed 9 months, or both. (b) For a Class B misdemeanor, a fine not to exceed $1,000 or imprisonment not to exceed 90 days, or both. (c) For a Class C misdemeanor, a fine not to exceed $500 or imprisonment not to exceed 30 days, or both. o / -------------------x----------------------------------------- O \ + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail len@evax.milw.wisc.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ------------------------------ Date: 30 May 1989, 12:07:20 EDT From: David M. Chess Subject: New Virus for the PC > This virus marks track 39 sector 8 as bad (it stores the virus there). Hm. That's the place where the Yale/Alameda virus stores the original boot record. Perhaps you have a variant of that virus that does the screen effect? Are there any speaker noises (like the 17xx virus produces), or little bouncing balls on the screen? Or do letters just get blanked out? DC ------------------------------ Date: TUE MAY 30, 1989 12.48.18 EST From: "Jack Maher" Subject: Dirty Dozen update Could someone send me an updated copy of the "DIRTY DOZEN", PLEASE. The most recent version I have is dated 2/21/88. I am JJMC @ LEHIGH. Thank you very much. I really appreciate it. ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253