VIRUS-L Digest Thursday, 11 Jan 1990 Volume 3 : Issue 9 Today's Topics: An interesting article (Gen'l) Shrink Wrap...still safe? Re: Questioning ethics at computing sites 10th Annual Conference SCANV55 (PC) Harddisk destroying virus ?? (Atari ST) WDEF (Mac) Fractal Virus Alert! (PC) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, document, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@SEI.CMU.EDU. - Ken van Wyk --------------------------------------------------------------------------- Date: Wed, 10 Jan 90 12:31:37 -0500 From: dmg@lid.mitre.org (David Gursky) Subject: An interesting article (Gen'l) I am told that in the November '89 issue of the American Mathematical Monthly, to the effect that no completely safe computer virus test is possible. The proof is suppose to be short, and along the lines of the various proofs of the Halting problem. ------------------------------ Date: Wed, 10 Jan 90 00:00:00 +0000 From: "Craig W. Fisher" Subject: Shrink Wrap...still safe? At a meeting yesterday some people made comments that some viruses have been found in shrink-wrapped diskettes. This did surprise me as we have been using a rule of thumb to stick to shrink wrapped software to help avoid viruses. What comments &/or advice do you have for this situation? Thanks, Craig PS: I almost typed shrink warpped...interesting freudian slip! Acknowledge-To: ------------------------------ Date: Wed, 10 Jan 90 20:45:06 +0000 From: sfalken@mondo.engin.umich.edu (Steven Falkenburg) Subject: Re: Questioning ethics at computing sites Jeff_Spitulnik@um.cc.umich.edu writes: [stuff deleted] >It was apparent from the response, >that the virus had been here such a short time (a few days?) that no >one was doing anything yet. I expected a public announcement of some >sort informing users that they may be infected and that they run the >risk of being infected when they use the UM public facilities. No >announcement was made. Furthermore, as a specialist employed to >preside over a public computing facility (most of the computers are >Macs), I expected to be both informed that there was a new virus as >well as instructed what to do about it I heard nothing. Two weeks >after the WDEF virus hit UM, most users were still not aware of it. I >would forward the message on to the appropriate policy makers if he >was not in the position to deal with it himself. I have not received >a response to my message nor have I heard any public mention of the >WDEF virus. Users continue to infect the disks in my lab and be >infected by the disks in my lab and, as far as I know, other public >facilities at the Universtiy of Michigan. The virus persists here. > What should be done to rid UM of the WDEF virus or of any virus for >that matter? How does the bureaucracy at your institution handle it? >I question the ethicality of a laissez-faire attitude on viruses at >any institution. > > Jeff Spitulnik As a Macintosh support person and programmer for the Computer Aided Engineering Network at the University of Michigan, I think I should try to clarify the response by U of M to the WDEF virus crisis. The University of Michigan has two major computer support organizations: the Computer Aided Engineering Network (CAEN) provides support for the Engineering students and faculty, while the U of M Computing Center (several organizations under the Information Technology Division) provide computing support to the rest of the University. As one of the first sites in the country to be hard-hit by the WDEF virus, we at CAEN acted immediately by searching out possible solutions to the virus. Virtually every CAEN lab mac was infected (about 160 hard disks). The virus was first disassembled by a member of Mac Support, and another employee tailored one of the virus removal patches (the one written by Juri Munkki (sp)) to meet our needs. This vaccine was then installed on all of the lab machines, and copies of Disinfectant 1.5 were put on the lab software servers. We then put notices in the labs and an article in our newsletter. All of this action occured within 1 week of our discovery of the WDEF virus, and we are now protected from it. I can't speak for the Computing Center's public facilities sites, as we are in a different unit of the university. We did give them a copy of our modified WDEF vaccine, but they chose not to use it, as far as I know. In other words, the entire University was not ignoring the problem, as the previous poster implies. We believe we now have the tools in place to deal with new viruses which will inevitably infect our Macintosh computers. Steven Falkenburg (sfalken@caen.engin.umich.edu) Computer Aided Engineering Network University of Michigan, Ann Arbor [Ed. This again raises an interesting point: how are other Universities and organizations equipped to respond to and/or prevent virus infections? Anyone from groups with policies in place for these things care to comment?] ------------------------------ Date: Wed, 10 Jan 90 16:25:00 -0500 From: MIS Training <0002439796@mcimail.com> Subject: 10th Annual Conference CALL for speakers at MIS TRAINING INSTITUTE 10th Annual Conference on Control, Audit & Security of IBM Systems Oct. 1-4, Washington, DC. This conference is geared toward EDP Auditors, Information security professionals and DP personnel involved with information systems security and control. Subjects cover all major hardware and software platforms from the control, audit, and security perspective. Sessions are 90 minutes minimum and all speakers are required to provide handout material for each session. Please reply via email (MCI ID 243-9796), voice 508-879-7999, FAX 508-872-1153 or USPS 498 Concord St. Framingham, MA 01701 All prospective speakers must reply by 1/31/90. [Ed. To send email to MCI ID 243-9796 from Internet, address it to 0002439796@mcimail.com.] ------------------------------ Date: 10 Jan 90 23:22:13 +0000 From: mbreton@modl01.intel.com Subject: SCANV55 (PC) This is my first post to this or any group within this system. The information I have seen here has been very usefull and I look forward to keeping in touch with this group. I would like to know of a PUBLIC BBS in the US which has SCANNV55 and CLEANV55 for download. If anyone can help me, please let me know. Thank you... Michael - [Ed. Try the HomeBase BBS at - (408) 988-4004] ------------------------------ Date: 11 Jan 90 14:31:55 +0000 From: erwinh@solist.htsa.aha.nl (Erwin d'Hont) Subject: Harddisk destroying virus ?? (Atari ST) A friend of my told me that there is a Virus lose that has a certain effect on the harddisk attached to your atari st. It would have the ability to make the drivehead of your harddisk make a 'headcrash'. Has anyone had some experiences with this virus ???? Erwin ------------------------------ Date: 11 Jan 90 14:05:19 +0000 From: James Cayz Subject: WDEF (Mac) Sounds like those machines need some Eradicat'Em. All of the normal Internet Mac Archive sites have it on-line by now. If you can't get it from there, or the MRC, gimme a yell (x6307 (if no answer try x2335)), but it may take a few hours (maybe a day) for me to get it to you. Does anyone know of a combination Vaccine / Eradicat'Em init (ie, catches everything) that doesn't need a lot of work to set up (ie, like GateKeeper / GK Aid) ? James |James Cayz can be found via: USPS: Educational Technology Laboratory, |E-MAIL (ARPA): cayz@louie.udel.edu : 203 Willard Hall Education Building, |PHONE: +1 302 451-6307 : University of Delaware, Newark DE 19716 ------------------------------ Date: Thu, 11 Jan 90 11:19:25 -0500 From: IRMSS907@SIVM.BITNET Subject: Fractal Virus Alert! (PC) VIRUS ALERT: IBM-compatible personal computers The Vector: THE DESKTOP FRACTAL DESIGN SYSTEM (Michael F. Barnsley) The Desktop Fractal Design System by Michael F. Barnsley, Iterated Systems, Inc. (1989) is infected with a virus. The program is sold through Academic Press and is a companion program to Barnsley's textbook on fractals, "Fractals Everywhere". Academic Press is aware of the problem, and will replace the distribution disk with a clean copy if you return it to them. The virus does not seem to attach itself to the operating system, but increases the length of every .EXE file run after an infected program has been run. The only .EXE file whose length does not increase is the vector, SAT.EXE, the main program of The Desktop Fractal Design System. Other symptoms include displacement of blocks of text on the screen and total disruption of asynch communications. I have also seen "Stack overflow" errors in dBASE since I installed the infected program. I do not know if there are more serious delayed effects. I assume that this was an accidental infection before the program left Iterated Systems. I don't know whether Academic Press is making any effort to contact people who have purchased the program. It's a great program, and probably a lot of people will pass copies to their friends. Watch out for it! ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253