VIRUS-L Digest Tuesday, 21 Feb 1989 Volume 2 : Issue 52 Today's Topics: Flu_Shot availability (PC) nVIR virus on Mac SE Re trusted trojan horse mail nVIR virus and suggested remedies (Mac) --------------------------------------------------------------------------- Date: Sun Feb 19 23:07:53 1989 From: utoday!greenber@uunet.UU.NET Subject: Flu_Shot availability (PC) To: Matthew Mathai and other FLU_SHOT+ users: Be advised that I'm now available on the below address and can answer any questions regarding the FLU_SHOT+ series of programs. Ross M. Greenberg UNIX TODAY! 594 Third Avenue New York New York 10016 Review Editor Voice:(212)-889-6431 BBS:(212)-889-6438 uunet!utoday!greenber BIX: greenber MCI: greenber PCMagNet: 72241,36 ------------------------------ Date: Mon, 20 Feb 89 13:44 EST From: STEVEN LINDELL Subject: nVIR virus on Mac SE I have a virus on my Mac SE which installs itself as resource "nVIR" in applications. It does not appear to damage documents, and appears to be unable to get through locked files. It does damage those applications it enters, but not all of them (Resedit OK) others work erratically for a while and then won't launch. Telltale signs were modification dates on applications just after they launch. If any one knows of this virus, please let me know what would be the best way to eradicate it. P.S. It also modifies some system files possibly (Macromaker, System)? ------------------------------ Date: Mon, 20 Feb 89 16:07:27 est From: ellis@morgul.psc.edu (James Ellis) Subject: Re trusted trojan horse mail As others have pointed out, many terminals do support sendline and sendpage functions and although some mailers block escape characters, not all do. This is also a problem with finger, which can be done remotely, and with systems that do not provide adequate protection for user's /dev/tty* devices (still the case on many unix systems). Unless you know that your terminal or emulator does not support such "features", beware. A common "fix" proposed is to simply not trust mail from someone you don't know. But the problem is that such "worm" mail (it is really more a worm than a virus) *does* come from someone you know. Since it is "you" (or commands from your terminal) causing letters to be propogated, the mail looks like it is coming from you. The IBM "Christmas Tree Virus" used the victim's personal mail list for more targets with a resutling high probability of mail coming from someone whom the next user "trusted". This is the same problem as with a biological epidemic, of course, until the public becomes aware of it. James Ellis ------------------------------ Date: Mon, 20 Feb 89 23:12 EST From: Subject: nVIR virus and suggested remedies (Mac) We here at calm, quiet, Quakerly Haverford have just discovered the nVIR virus on almost all of our Macs. As I am relatively new to this list (and incredibly anxious to restore calm and quiet to our campus), I was wondering if any of you might be able to offer any suggestions as to the best strategy for dealing with the nVIR strain. We have so far used Interferon 3.0 to identify affected files, although Interferon seems to choke on AppleShare volumes (we have two AppleShare servers which were hit pretty badly). Would Vaccine or Rx work any better? Does anyone have any general info. they could share regarding the general characteristics of the nVIR virus? It would be nice to know the nature of the beast with which we deal. I would also be VERY interested in how other colleges/universities dealt with the cleaning of students' disks so as to prevent reinfection of the public machines. Thanks in advance for any help you might be able to provide. Eric Davies Academic Computing Consultant Haverford College Haverford, PA 19041 E_DAVIES@HVRFORD.BITNET (215) 896-1110 ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253