VIRUS-L Digest Wednesday, 22 Feb 1989 Volume 2 : Issue 53 [Ed. My apologies for taking so long to get this digest out - we were having some mailer problems.] Today's Topics: Re: Viruses Abacus book Closed virus list proposal Re: Who *benefits* from viruses? Student's Disks (MAC) --------------------------------------------------------------------------- Date: Wed, 1 Feb 89 10:40:35 EST Sender: SECURITY Digest From: Alex Nishri Subject: Re: Viruses Three copies of a garden variety nVir were included on the "QLTech MEGA-ROM" CD-ROM, Volume 1 October 1988, produced by Quantum Leap Technologies, Inc. This CD-ROM is a collection of public domain and shareware Macintosh software, available for about $35. Quantum Leap Technologies sent a letter out once the virus was discovered, and subsequently released a replacement disc, labelled Volume 2 December 1988. Unfortunately for us here at the University of Toronto Computing Services, the virus had already spread by that point. We know the virus has spread into our University Community, but have no way of estimating how many people were affected. Within the Computing Services itself about twenty machines were hit. ------------------------------ Date: Tue, 21 Feb 89 15:52:05 est From: ubu!luken@lehi3b15.csee.lehigh.edu Subject: Abacus book In briefly looking over the Abacus book, Computer Viruses: A High Tech Disease, I see that the book is fairly interesting, but (imho) much seems to have been lost in the translation from German into English. In English, the book appears to be a fairly random scattering of information on viruses, including the infamous source code examples. Even so, it's worthwhile reading; Mr. Burger (the author) has some interesting things to say, and his examples are worth keeping a copy of. I would be interested to see whether the publishing of these examples has any real effect on computer virus activity. As people become more aware of the virus threat and take suitable precautions, I should think that any virus author would have to be more clever than to use an existing example if s/he has any expectations of his/her creation spreading any significant amount. Perhaps this is an overly idealistic attitude. It is interesting to note that Mr. Burger didn't include the source code for all of his examples. Specifically, when discussing the VIRDEM virus demo program which has been available since the Chaos Computer Congress in December 1986, he says, "Unfortunately the source code cannot be published because with the help of the source code anyone would be able to change the manipulation task and have a non-overwriting virus in 8088 assembly language." Ironically, he goes on to give several 8088 assembly language examples. Ken ------------------------------ Date: Tue, 21 Feb 89 15:01:09 MST From: Chris McDonald ASQNC-TWS-R 678-4176 Subject: Closed virus list proposal David, I would like to contribute these thoughts to your proposal. First, there is a large range of government users who subscribe to Virus-L who are outside the commercial and industrial concerns identified in your proposal. These "government" subscribers may not be academic researchers, but could be certified to meet whatever "trust" criteria might be important. This assumes that "trust" can somehow be established by "suitable authentication" and that authentication and trust are somehow related in the first place. Second, the real value of Virus-L and VALERT-L lies in their ability to disseminate information quickly and with a rather high degree of reliability and integrity. I wonder if the establishment of yet another list will not result in the eventual demise of these lists because individuals will choose to post only "non-sensitive" information to these lists; while reserving the "sensitive" material for your proposed addition. This assumes one can define sensitive to everyone's satisfaction. Third, one has seen rather detailed information posted to the INTERNET on specific viruses, their symptoms, their strengths, their weaknesses, and finally their eradication. Whether such discussion has led the authors of viruses to modify their product or to specifically combat the countermeasures is admittedly a difficult question to answer. But, if such information had not been readily available, most of us without the current Virus-L mailing would have had to suffer through an infection with little background on control strategies or on detection and recovery techniques. The fact that "sensitive" information is available on Virus-L, RISKS-FORUM and other mailings is a reality which I think benefits all of us. The issue of network encryption and host/user authentication are real problems. But, if one waits until those problems have cost-effective solutions, we will have assisted the virus authors in my opinion. I do not wish to engage in a debate over what is "sensitive" or not, but I note this fact. Both Gene Spafford and MIT have distributed reports on the recent INTERNET Worm. Those analyses identify technical vulnerabilities which typically have been reserved for a small circle of system administrators and WIZARDS. But most of us on the INTERNET are not in that circle, nor are we WIZARDS. I applaud the subject reports precisely because they represent a conscious attempt to distribute information. I think an additional list, which would have to rely on a moderator to extract material for posting elsewhere, would have the opposite effect and would impede distribution. Four, I think we in the US are already as a matter of Federal statute and executive policy equipped to support the collection and distribution of that really "sensitive" data to which you refer. The National Security Agency and the National Computer Security Center already provide support to the government, university and private sectors. The National Institute of Science and Technology has the charter to provide comparable support to the government, university and private sectors in the area of unclassified computer processing. I have no reason to question either the competency or the sincerity of those individuals tasked with such responsibilities. In fact, I have always been impressed with their professionalism. Finally, I really like the idea of a "clearing house" on virus information. I think we already have the foundation in Virus-L and in the general effort of Ken and others at Lehigh. I really think it is too difficult a task to determine the criteria of "trust" and to then implement and maintain the administrative tasks associated with that criteria. Therefore, I would prefer to defer the establishment of an additional list at this time. Thanks for the opportunity to express my thoughts, Chris McDonald White Sands Missile Range ------------------------------ Date: Fri, 3 Feb 89 00:21:46 MST Sender: SECURITY Digest From: Lazlo Nibble Subject: Re: Who *benefits* from viruses? >From SECURITY Digest........... - ----------------------------Original message---------------------------- > So, some kind person comes along and starts to distribute a virus. > This makes everyone SO SCARED of accepting a non shrink-wrapped diskette > that the piracy problem just goes away ... It's already happened, at least in the Apple pirate community. Last summer, CyberAIDS and Festering Hate, two Apple //-specific viruses, were released into the pirate community. They were real killers, and Festering Hate is apparently still floating around in some quarters. But even though the pirate community was hit (and hit HARD -- several of the largest pirate BBSes in the country were knocked down before anyone even knew what was happening) things are still trundling happily along today. There are no simple solutions to software piracy. All the ones I've heard that sounded to me like they might work involved measures so draconian that only the most singleminded anti-pirate types would consider them feasable. Nothing short of a complete reprogramming of society's views on WHO OWNS INFORMATION is going to put an end to it, and frankly I don't see that happening in my lifetime . . . laz (cs1552ao@charon.unm.edu) ------------------------------ Date: Wed, 22 Feb 89 10:02:02 EDT From: "A. Goldberg" Subject: Student's Disks (MAC) At The University of Kentucky, although we have very few Mac's, and they are exclusively in one room (so this may or may not be applicable to E_DAVIES@HVRFORD), before disks are allowed to be used they must be checked by a consultant to be virus-free. Last spring aparently (I was not here at the time) we ran into a similar problem. However, there are a number of Mac's on campus that are not available to general student use, and as a result many of those users don't realize that virus's even exist -- which obviously leads to a lot of virus's floating around campus...but the machines available for general use are virus-free. Hope this helped E_DAVIES (and others) Adam Goldberg - CS0250A2@UKCC.BITNET ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253