VIRUS-L Digest Friday, 13 Jan 1989 Volume 2 : Issue 14 Today's Topics: Two-Day Computer Virus Seminar AMIGA virus warning (Amiga) Interferon virus detection program for Macintosh Re: Interferon virus detection program for Macintosh ISS OFF! Virus? (PC) Request for *confirmation* on Friday the 13th *rumor* --------------------------------------------------------------------------- Date: Fri, 13 Jan 89 08:04 CST From: Ken De Cruyenaere 204-474-8340 Subject: Two-Day Computer Virus Seminar (from the Computer Security Newsletter:) Computer Viruses, Trojan Horses, Logic Bombs -- Strategies for Protection Instructor John O'Leary describes and demonstrates examples, discusses how they operate, how to detect their presence, and how to guard against viral infection. The seminar examines why we"re seeing this epidemic now, the people who create viruses, and the effects that computer viruses are having on software distribution methids. Administrative and technical controls, including demos of commercially available "vaccination" software, will be offered. The course is being offered in several cities: January 12-13 in New Orleans January 18-19 in Dallas February 2-3 in San Diego March 6 - 7 in Boston June 15 - 16 in Detroit For complete details: Call Vanessa at 508-393-2600 cost is $595.00 - --------------------------------------------------------------------- Ken De Cruyenaere - Computer Security Coordinator Computer Services - University of Manitoba - Winnipeg, Manitoba, Canada Bitnet: KDC@CCM.UManitoba.CA (204)474-8340 ------------------------------ Date: Fri, 13 Jan 89 08:50 EST From: "Joseph M. Beckman" Subject: AMIGA virus warning (Amiga) >From one of my colleagues. I am enclosing a posting from a local Bulletin Board (Alfheim) which I know to be reputable, and the individuals named in the posting are reputable and well known developers in the Amiga Community. I have not had much luck in sending things to Virus-l, if you wish to forward this, feel free to do so. if not, then it is just for your own info -- I know you follow virus issues. - --------------------------- Msg:10663 Sec: 4 - Amiga Computer Room 31-Dec-88 12:42 AM Subj: virus alert! From: Dj James To: all Today Steve Tibbett (VirusX author) gave me a copy of a new Amiga virus. This one does not attach itself to the boot sector of a disk as the older viruses did. Instead, this one opens the Startup-sequence file and looks for the first executable file in the S-S file. It then opens this file and copies itself inside it. By doing this, it hopes to remain invisable from the standard boot block virus checkers and yet always get executed early on in the boot sequence. The virus is pretty clever in the way it looks at the S-S file and also how it rebuilds the executable file to include itself. In operation, it intercepts the OldOpenLibrary vector and inserts it's own code there. The OOL call doesn't require a version parameter to be passed - so I'd expect that the OS itself uses that call to open the ROM libraries (I'm guessing here). The virus will change the title bar of CLI windows to "AmigaDOS presents: a new virus by the IRQ-Team V41.0" other than that, and the fact that it writes itself to your boot disk, it seems harmless. This info comes from a disassembly - I'm not unleashing this thing in my machine! Steve claims that it won't work under DOS 1.3 - let's hope that this is true so the number of infections will go down. If infected, turn off the machine, boot with a VIRGIN WB disk and delete the first executable file in the infected disks Startup-sequence, then copy a new version of that file to your WB disk. Let's hope that this relatively harmless virus doesn't suddenly become a killer! Djj - ------------------------------------------ Thanks, ------------------------------ Date: Fri, 13 Jan 89 12:13 EST From: RESEARCH CLUSTER SUPERVISOR JMH 320 X2164 Subject: Interferon virus detection program for Macintosh Hi everyone: A couple of months ago occasionally my desktop accessories didn't work. I ran a program called Interferon (version 1.1b) and the response was that I had viruses in my system folder and several software packages (hypercard) and so on. By the way, this DA problem happened AFTER I had down-loaded PD stuff from MACSERVE@PUCC but that *may* not be the source of the problem. I reformatted my Hard Disk just to make sure and then re-installed everything. Interferon when run again said "No viruses detected". I vowed not to put any more PD software on my HD. I haven't installed any other software since I reformatted the Hard Disk and checked Interferon. This is the killer... I ran Interferon again today and I'm full of reported viruses again. Has anybody had similar problems with this?? Is Interferon reliable? Does anybody know of absolutely reliable virus detection programs? I am running System 6.0.2 and Finder 6.1 . Thank you /paul ------------------------------ Date: Fri, 13 Jan 89 13:08:03 EST From: Joe McMahon Subject: Re: Interferon virus detection program for Macintosh "RESEARCH CLUSTER SUPERVISOR JMH 320 X2164 " writes: > ... I ran a program called Interferon (version 1.1b) ... > ... This is the killer... I ran Interferon again today and I'm full >of reported viruses again. > Has anybody had similar problems with this?? Is Interferon >reliable? Does anybody know of absolutely reliable virus detection >programs? > I am running System 6.0.2 and Finder 6.1 ... Okay, a couple of things. Problem 1: You have a very, very old version of Interferon. The current version is 3.1. Problem 2: The LaserWriter and LaserPrep files in System 6.0 and up will be labelled as infected by older versions of Interferon, even though they are clean. TELL LISTSERV AT SCFVM GET INTERFER SITHQX to get the newest version in BinHex format. You may also want to get Apple's newest version of Virus RX, which can now detect nVIR (hurrah!). Get that with TELL LISTSERV AT SCFVM GET VIRUSRX SITXHQX. Once you have those, drop me a private note and we'll go over your disinfection technique to see if there might have been a problem there. - --- Joe M. [Ed. Thanks again for your help, Joe! It's greatly appreciated.] ------------------------------ Date: Fri, 13 Jan 89 11:15:23 -0800 From: Steve Clancy Subject: ISS OFF! Virus? (PC) Has anyone encountered a virus or other badware which leaves a message similar to a happy face followed by "ISS OFF!" ? A local company called me today and said that one of their AST 286's, running MS-DOS 3.2 has been having a problem with files being chopped in half, and growing numbers of bad sectors on the hard disk. This seems so far to be happening when a file is saved using Lotus. The message arose when a user was using PC-Tools from a floppy. He tried to save a batch file using a PC-Tools editor, and got the message "unable to read sector" from PC-tools. When he exited to DOS, he saw the ISS OFF! message at the A: prompt. I don't have all of the information yet, but I'm wondering if anyone else has encountered this? This is a credit company, and they are really worried about information they have on their other disks! - -- Thanks! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Steve Clancy | WELLSPRING RBBS | | Biomedical Library | 714-856-7996 24 HRS | | P.O. Box 19556 | 300-9600 N,8,1 | | University of California, Irvine | 714-856-5087 nites/wkends | | Irvine, CA 92713 | 300-1200 N,8,1 | | SLCLANCY@UCI | "Are we having fun yet?" | | SLCLANCY@ORION.CF.UCI.EDU | | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------ Date: Fri, 13 Jan 89 14:39:03 est From: ubu!luken@lehi3b15.csee.lehigh.edu Subject: Request for *confirmation* on Friday the 13th *rumor* I just heard an UNFOUNDED RUMOR about a Friday the 13th virus doing a bit of damage in the United Kingdom. Can any of our UK readers confirm (or preferably deny) this? If there's any truth to it, could someone please send in some additional info? Ken ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253