VIRUS-L Digest   Tuesday, 15 Aug 1989    Volume 2 : Issue 175
 
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed.  Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU.  Information on
accessing anti-virus, document, and back-issue archives is distributed
periodically on the list.  Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
 - Ken van Wyk
 
Today's Topics:
 
IBM PC virus found?
Posting VIRUSCAN (PC)
possible new PC virus?
Marijuana Virus wreaks havoc in Australian Defence Department (PC)
 
---------------------------------------------------------------------------
 
Date:    14 Aug 89 23:28:16 +0000
From:    berman-andrew@CS.Yale.EDU (Andrew Berman)
Subject: IBM PC virus found?
 
Hi.  I don't have much familiarity with viruses, but:
 
        A good friend has been working for a few months on some IBM PC's.
In the last several weeks, all her programs were screwing up.  We ran her
stuff and noticed that each time an executable was ran, it's size increased
by 1808 bytes.  This included some system files such as 'SORT'.  She had
been using a bunch of disks, including some disks from Israel.  So far,
it just seems that it was loading up the disks.  Anyway, if anyone has
any information about this virus, we'd be very interested.  She proceeded
to copy all her source files onto clean, formatted disks.  Is that
sufficient, assuming she zaps everything else?
        Thanks,
 
        Andrew P. Berman
 
------------------------------
 
Date:    Mon, 14 Aug 89 18:12:37 -0700
From:    portal!cup.portal.com!Alan_J_Roberts@Sun.COM
Subject: Posting VIRUSCAN (PC)
 
    In yesterday's Virus-L, Jim Wright stated:
>(Posting VIRUSCAN to comp.binaries)... is not a good idea.  Since it is
>frequently updated it would be long out of date by the time it got through
>c.b.i.p.
 
    I'd like to point out that, while ViruScan is indeed updated as
soon as a new virus is discovered, even the first version of ViruScan
is still statistically current.  We need to differentiate between the
NUMBER of viruse out there and the statistical PROBABILITY of
infection from any given virus.  Viruses are not created on one day
and the next become major infection problems.  It take many months,
and in some cases - years, before a given virus becomes a
statistically valid threat to the average computer user.  A case in
point is the Jerusalem virus.  It's nearly 2 years old and was first
reported in the States (other than by a researcher) in February of
1988.  In August of '88 the reported infection rate was 3 infections
per week.  In July of '89, the rate was over 30 reports per day.
Today the Jerusalem virus is a valid threat.  Another more current
case is the Icelandic virus.  It's over 2 months old and we've had no
reported infections in the U.S.
    Given even the limited information we have about virus
epidemiology, any product that can identify 99% of the infection
ocurrences today, will be able to identify close to the same
percentage 5 to 6 months from now, irrespective of the number of new
viruses created in the interim.  For those that insist on the 100%
figure, I suggest you bite the bullet and download the current version
of ViruScan from HomeBase every month.
 
    P.S.  Some people have suggested that the CVIA statistics are
inaccurate or incomplete.  The numbers come from a reporting network
composed of member companies.  These companies include such
multinationals as Fujitsu, Phillips N.A., Amdahl, Arthur Anderson and
Co., the Japan Trade Center, Weyerhauser, Amex Assurance and others
whose combined PC base, either internal or through client
responsibility, totals over 2 million computers.  It is highly
unlikely that a major virus problem could exist and not be reported by
one or another of these agencies.
 
------------------------------
 
Date:    Mon, 14 Aug 89 10:09:01 -0700
From:    rogers@cod.nosc.mil (Rollo D. Rogers)
Subject: possible new PC virus?
 
Original-From: tyl@cbnews.ATT.COM (Ten-Yu Lee)
Original-Newsgroups: comp.sys.ibm.pc,comp.sys.mac
Original-Subject: Virus - Disk Killer
 
Does any one know a virus called "Disk Killer" ?
 
My IBM PC is seriously being affected by this unknown virus.
The system hung and can't be brought up by any means.
I tried to use firmware to re-format the hard disk.
The formatting completed without any error message but
the computer still does not work.
 
I need help to remove or kill this virus.
 
------------------------------
 
Date:    Mon, 14 Aug 89 10:18:16 +0100
From:    J.Holley@MASSEY.AC.NZ
Subject: Marijuana Virus wreaks havoc in Australian Defence Department (PC)
 
[Ed. This is from RISKS...]
 
Quoted from The Dominion, Monday August 14 :
 
A computer virus call marijuana has wreaked havoc in the Australian
Defence Department and New Zealand is getting the blame.
 
Data in a sensitive security area in Canberra was destroyed and when
officers tried to use their terminals a message appeared : "Your PC is
stoned - Legalise marijuana".
 
Viruses are [guff on viruses] The New Zealand spawned marijunana has
managed to spread itself widely throughout the region.
 
Its presence in Australia has been known for the past two months. The
problem was highlighted two weeks ago when a Mellbourne man was
charged with computer trespass and attempted criminal damage for
allegedly loading it into a computer at the Swinbourne Institute of
Technology.
 
The virus invaded the Defence Department earlier this month - hitting
a security division repsonsible for the prevention of computer viruses.
 
A director in the information systems division, Geoff Walker said an
investigation was under way and the infection was possibly an
embarrassing accident arising from virus prevention activities.
 
New personal computers installed in the section gobbled data from
their hard disk, then disabled them.
 
Initially it was believed the virus was intoduced by a subcontractor
installing the new computer system but that possibility has been ruled out.
 
One more outlandish theory suggested New Zealnd, piqued at its
exclusion from Kangaroo 89 military exercises under way in northern
Australia, was showing its ability to infiltrate the Canberra citadel.
 
New Zealand was not invited to take part in Kangaroo because of United
States' policy of not taking part in exercises with New Zealand forces
since Labour's antinuclear legislation. However, New Zealand observers
were invited.
 
New Zealand Defence Department spokesmand Lieutenant Colonel Peter Fry
categorically denied the claim. "It would be totally irresponsible to
do this kind of thing."
 
In fact, New Zealand's Defence Department already had problems with
the virus, he said.
 
------------------------------
 
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253