VIRUS-L Digest Friday, 12 Jan 1990 Volume 3 : Issue 10 Today's Topics: WISE Data Systems shipping STONED infected PC's Re: Shrink Wrap...still safe? Desktop Fractal Design System Virus (PC) 1812 Virus (PC) AIDS trojan questions (PC) Re: Implied Loader Viruses (Mac) Re: Shrink Wrap...still safe? VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, document, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@SEI.CMU.EDU. - Ken van Wyk --------------------------------------------------------------------------- Date: Thu, 11 Jan 90 13:36:00 -0330 From: randy@KEAN.UCS.MUN.CA Subject: WISE Data Systems shipping STONED infected PC's Hi. Hope this is relevant to this list ... We've discoved that the driver diskette shipped with a Wise Data Systems PC is infected with the STONED virus. The system has a tgva VGA card and OAK software on a Wise 386/25 ------------------------------ Date: Thu, 11 Jan 90 11:39:41 -0800 From: well!odawa@apple.com (Michael Odawa) Subject: Re: Shrink Wrap...still safe? > we have been using a rule of thumb to stick to shrink wrapped software > to help avoid viruses. What comments &/or advice do you have for this > situation? Both shrinkwrapped and downloaded software sources have their advantages and risks of contamination. It is our belief that the important factor is not the distribution method by which you acquire your software which will protect you, but the integrity of your sources. While there have been some very serious and regrettable instances of viruses appearing in both shrink-wrapped and downloaded software, these are rare in comparison to the viral propagation that results from software that is "passed around." To achieve maximum protection you should (a) acquire software only from trusted sources, (b) scan and monitor your system for viral activity regularly, and (c) backup often and systematically. Michael Odawa Virus Task Force Software Development Council odawa@well.uucp ------------------------------ Date: Thu, 11 Jan 90 17:33:23 -0000 From: LBA002@PRIME-A.TEES-POLY.AC.UK Subject: Desktop Fractal Design System Virus (PC) As one of the "mugs" (probably translates as "schmuck" stateside?) who ran the Desktop Fractal Design System as soon as it arrived, can I ask any genius out there who works out how to get rid of it to contact me pronto? However I have checked the size of my .EXE files against copies on other machines and I get identical results, plus VIRUS SCAN does not detect any infection. Could it be that not all the disks were infected, or only those distributed in the USA? Rgds, Iain Noble - ----------------------------------------------------------------------------- Iain Noble | LBA002@pa.tp.ac.uk | Post: Main Site Library, JANET: LBA002@uk.ac.tp.pa | Teesside Polytechnic, EARN/BITNET: LBA002%pa.tp.ac.uk@UKACRL | Middlesbrough, INTERNET: LBA002%pa.tp.ac.uk@cunyvm.cuny.edu | Cleveland, UK, TS1 3BA UUCP: LBA002%tp-pa.ac.uk@ukc.uucp | Phone: +44 642 218121 x 4371 - ----------------------------------------------------------------------------- ------------------------------ Date: Thu, 11 Jan 90 17:04:38 -0500 From: IRMSS907@SIVM.BITNET Subject: 1812 Virus (PC) Earlier today we found out that SHRINK-WRAPPED software called The Desktop Fractal Design System by Michael F. Barnsley, Iterated Systems, Inc. (1989) is infected with a virus. The program is sold through Academic Press and they are aware of the problem. VIRSCAN (the IBM product) identified it as the 1813 virus. Seems the EXE and COM files run since the offending software was loaded were all clobbered and their filesizes grew exponentially every time they were loaded. Interestingly enough, none of the network files were affected. Was it was pure luck or that the file attributes on the network COM & EXE files were set to READ ONLY? Oh, where's the aspirin !? Anyway, could somebody do a quick review of the atrocities which will befall us with the 1813 virus? Thanks. Mignon Erixon-Stanford, PROFS & LISTSERV Administratress Smithsonian Institution, Washington, DC. IRMSS907 @ SIVM ------------------------------ Date: Thu, 11 Jan 90 20:06:44 -0500 From: UBY@NIHCU.BITNET Subject: AIDS trojan questions (PC) Now that the dust has settled a bit, does anyone know how much damage was really done by the AIDS trojan? Also, has anyone come up with a good explanation of why it was released in the first place? Jim Blakley ------------------------------ Date: Thu, 11 Jan 90 22:50:24 +0000 From: biar!trebor@uunet.uu.net (Robert J Woodhead) Subject: Re: Implied Loader Viruses (Mac) XRJDM@SCFVM.BITNET (Joe McMahon) writes: >Any resource which appears to be of an executable type which is found >in a "non-application" file will be flagged as an "implied loader". I think this is VERY dangerous. How do you define what an "executable" file is? How about a Hypercard Stack? It is quite possible for a document to have a legal "executable" resource, and any false positive is going to result in the trashing of someone's data. - -- Robert J Woodhead, Biar Games, Inc. !uunet!biar!trebor | trebor@biar.UUCP Announcing TEMPORAL EXPRESS. For only $999,999.95 (per page), your message will be carefully stored, then sent back in time as soon as technologically possible. TEMEX - when it absolutely, postively has to be there yesterday! ------------------------------ Date: Fri, 12 Jan 90 04:27:09 +0000 From: magik@chinet.chi.il.us (Ben Liberman) Subject: Re: Shrink Wrap...still safe? JZH1@MARISTB.BITNET (Craig W. Fisher) writes: >At a meeting yesterday some people made comments that some viruses >have been found in shrink-wrapped diskettes. This did surprise me as >we have been using a rule of thumb to stick to shrink wrapped software >to help avoid viruses. A problem that may show up with shrink warped (sic) software is that sometimes retailers will take back software from customers, and re-shrink warp it, at the store. If the customer tried the software out on an infected machine.... - -- ------------ ------------ ---------------------- Ben Liberman USENET magik@chinet.chi.il.us GEnie,Delphi MAGIK ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253