VIRUS-L Digest Friday, 30 Jun 1989 Volume 2 : Issue 146 Today's Topics: RE: retrieving Mac archives Re: Notifications for Network Viruses RE: questions re: HomeBase virus interviews query re: VIRUSCAN program availability (PC) Traceback virus (IBM PC) ------------------------------------------------------------ Date: Thu, 29 Jun 89 18:45:00 -0400 From: Subject: RE: retrieving Mac archives Attn: Joe McMahon Joe, I do have trouble accessing archives. I also have trouble trying to send you e-mail. Anyway, I am on VAX/VMS withOUT Netmbx (can't send interactives) and would like some serious HELP regarding your virus list and retreiving archived files. thanks, Alex Z... . . . ------------------------------ Date: 30 Jun 89 00:11:41 +0000 From: zardoz!neil@uunet.UU.NET (Neil Gorsuch) Subject: Re: Notifications for Network Viruses In article <0006.8906121206.AA02017@ubu.CC.Lehigh.EDU> I wrote: >The security mailing list has a procedure for emergency >notification of viruses and other problems. I have appended >membership directions. Oops, the posting was truncated somehow. Here is the rest: - ----------------------------------------------------------- All email regarding this list should be sent to: security-request@cpd.com (INTERNET sites) uunet!zardoz!security-request (UUCP sites) Please be patient, I answer all requests, but I receive hundreds of letters a week. If you don't receive an answer after a reasonable amount of time (2 or 3 weeks), send another request, in case the previous one was eaten by an email monster 8<). Neil Gorsuch (AKA security-request) ------------------------------ Date: Thu, 29 Jun 89 21:01:00 -0700 From: kelly@uts.amdahl.com (Kelly Goen) Subject: RE: questions re: HomeBase > > It's shareware and available on the HomeBase BBS - 408 988 4004. > > This is my first time replying to the list, so be gentle with me :-) > Does the HomeBase BBS have a FidoNet node number, and if so does it > accept file requests? Also, if you are giving info on a BBS, please > include the FidoNet node number if it has one. Thanks in advance. no Homebase is not part of fidonet.. as far as previous requests to add to the SIMTEL archives I will talk with john next time I call him the above comment is in reference to VIRUSCAN... cheers kelly ------------------------------ Date: Thu, 29 Jun 00 19:89:00 +0000 From: biar!trebor@uunet.uu.net (Robert J Woodhead) Subject: virus interviews A Mr. Atsushi Tanaka is visiting me today from Japan, interviewing me for Nikkei Computer Magazine. He will be in the San Francisco area July 11 & July 13, and wishes to meet with people involved in anti-virus and computer security activities on a wide variety of machines from Micros to Mainframes. If anyone is interested and can spend some time doing an interview, please send me mail at the below address, including phone number, and I'll pass the information on to Tanaka-san. Thanks in advance, - -- (^;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-;^) Robert J Woodhead, Biar Games, Inc. !uunet!biar!trebor | trebor@biar.UUCP ``I can read your mind - right now, you're thinking I'm full of it...'' ------------------------------ Date: 30 Jun 89 00:00:00 +0000 From: Rainer Kleinrensing RAINER at DBNUAMA1 Subject: query re: VIRUSCAN program availability (PC) Hello, in VIRUS-L of Jun 28, 1989 Alan J.Roberts mentioned a program called VIRUSCAN for the IBM PC. I would like to get this program, but I don't know how. Could someone, if possible, mail me a uuencoded ARC-file ? Thank you, Rainer Kleinrensing (RAINER at DBNUAMA1 in BITNET) ------------------------------ Date: Fri, 30 Jun 89 11:07:02 -0000 From: "David.J.Ferbrache" Subject: Traceback virus (IBM PC) There has been a new virus for the IBM PC detected in the UK, this virus is known as the Traceback virus. The following description is from material supplied by the British Computer Virus Research Centre. Traceback Category: Memory resident, Non-overwriting .COM/.EXE infector Characteristic file extension: 3066 bytes Description: When an infected binary is executed the virus installs itself in memory, thereafter any program executed will be infected by the virus. This is the indirect infection mode. Additionally each time the virus is executed, if the date is after 5th Dec 1988, it will infect one .com or .exe file in the current directory, failing which it will search the entire directory structure commencing at the root for a candidate. The search process will terminate if an infected file is encountered prior to infection taking place. The name traceback derives from the fact that each infected copy of the virus contains the directory path of the file causing the infection. It is thus possible to trace an infection back through a number of files. Symptoms: If the date is after the 28th Dec 1988 the virus will produce a screen display similar to the cascade virus (ie letters will detach from their position on the screen and fall downwards until striking another letter). This display occurs one hour after infection. During the display sequence any keystrokes will cause a system lockup. Following the character descent the user may restore each character to its original position. Each time the user types a keystroke one character will be restored to its original position (depressions of the same key twice are ignored). The screen display will nevertheless restore itself after 1 minute. The cascade and restore are repeated at one hour intervals. - ------------------------------------------------------------------------------ Dave Ferbrache Internet Dept of computer science Janet Heriot-Watt University UUCP ..!mcvax!hwcs!davidf 79 Grassmarket Telephone +44 31-225-6465 ext 553 Edinburgh, United Kingdom Facsimile +44 31-220-4277 EH1 2HJ BIX/CIX dferbrache - ------------------------------------------------------------------------------ ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253