Subject: VIRUS-L Digest V3 #54 From: VIRUS-L@IBM1.CC.Lehigh.Edu VIRUS-L Digest Tuesday, 6 Mar 1990 Volume 3 : Issue 54 Today's Topics: RE: Viruses and Copyrights (Part 2) Bye Re: Scanning MAC diskettes on a PC Bug in F-PROT (PC) F-PROT mailing list (PC) New files on MIBSRV (PC) request for virus info. Contest announcement VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@SEI.CMU.EDU. Ken van Wyk --------------------------------------------------------------------------- Date: 05 Mar 90 00:00:00 -0500 From: "David.M.Chess" Subject: RE: Viruses and Copyrights (Part 2) Olivier Crepin-Leblond writes: > The Brain virus was written by Mohammed Farooq Alvi in Lahore > (Pakistan) and was used initially to protect their own software from > being pirated. This is a myth, I think. I can't think of any feature of the virus that would help protect software from being pirated. Viruses are basically irrelevant to copy-protection. DC ------------------------------ Date: 05 Mar 90 18:42:00 +0700 From: T762102@DM0LRZ01.BITNET Subject: Bye! Hello everybody again! Unfortunately, it's already time for me to leave for Bulgaria. It was really a delight to share with you. I hope, that I was at least a little useful for the computing society (is it true Ken?), providing you with information about the nasties, developed in Bulgaria. Now you have even a package, that will protect you from them (isn't it Frisk?). Unfortunately (again :-) ), there is no e-mail in Bulgaria. However, you can still send me messages to this address. For the next two months there will be another person from Bulgaria here. I've instructed him how to receive my messages and how to store them on a diskette. When he returns in Bulgaria, he will bring them to me. For this time (2 months) I'll stay subscribed to VIRUS-L also (OK Ken?). That person (BTW, his name is Rumen Iankov) will unsubscribe me when he leaves. Of course, this means that you'll have only a one-way contact with me. If you find this unsufficient, here is my postal mail address: Vesselin Bontchev bl. 26, vh. "W", ap. 51 ul. "Kestenova gora" kv. "Emil Markov" 1404 Sofia Bulgaria Tel: (003592) 58-62-61 Please note, that the mail is very slow and very unreliable in Bulgaria. Oh, yes, and happy virus hunting! Sincerely yours, Vesselin Vladimirov Bontchev (a Bulgarian antivirus researcher) ------------------------------ Date: Tue, 06 Mar 90 01:12:47 -0500 From: Howard Haruo Fukuda Subject: Re: Scanning MAC diskettes on a PC MAINT@UQAM.BITNET (Peter Jones) writes: >After reading how the WDEF virus on the MAC propagates when an >infected disk is inserted in the MAC, I would like to suggest the >approach of using a PC with a 3 1/2 drive to scan the MAC diskettes >and check for viruses. Assuming the PC hardware can read everything >the MAC can, this would be safer, IMHO, than using a MAC for this >task, for the chance of a virus being able to infect both a MAC and a >PC seem remote. I don't think a PC equiped with a 3.5" drive can read a Mac formatted disk. A Mac formats the disk to 800K by using a variable speed controller which puts more data on the outer rings of the disk than on the inner ones. I'm not sure if it's possible to override the ROM on a PC, but this would be pretty extreme measures. IMHO it's not really neccessary to do this. Again: >After reading how the WDEF virus on the MAC propagates when an >infected disk is inserted in the MAC,[...] This is a misleading simplification. WDEF spreads when a disk is inserted if the Finder or MultiFinder is running (and when the disk is opened). If an application is running and not with MultiFinder, WDEF doesn't spread it's infection. So a Mac running Disinfectant (or a commercial equivalent) w/o MultiFinder is quite capable of stopping infections. - -Howard Internet: hf07+@andrew.cmu.edu ------------------------------ Date: Tue, 06 Mar 90 11:24:11 +0000 From: frisk@rhi.hi.is (Fridrik Skulason) Subject: Bug in F-PROT (PC) I would just like to warn the users of F-PROT 1.07 of a bug in the F-SYSCHK program - it will fail to detect some viruses although they are active in memory. Version 1.08 (which I am sending out today) corrects this problem. - -- Fridrik Skulason University of Iceland | Technical Editor Virus Bulletin (UK). | ? E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 | ------------------------------ Date: Tue, 06 Mar 90 14:11:42 +0000 From: frisk@rhi.hi.is (Fridrik Skulason) Subject: F-PROT mailing list (PC) I have created a mailing list for anybody interested in receiving updates to F-PROT by E-mail as soon as new viruses appear. Drop me a note if you would like to be placed on the list. If you can not handle XXencoded postings please let me know, and I'll send you a copy of XXdecode. - -frisk Fridrik Skulason University of Iceland | Technical Editor Virus Bulletin (UK). | ? E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 | ------------------------------ Date: Tue, 06 Mar 90 09:04:53 -0600 From: James Ford Subject: New files on MIBSRV (PC) The following files have been placed on MIBSRV.MIB.ENG.UA.EDU (130.160.20.80) for anonymous FTP in the directory pub/ibm-antivirus: File Description - ---- ----------- scanv59.zip - Scan 3.1V59, McAfee's scan program scanrs59.zip - Scan 1.4V59, McAfee's tsr scan program cleanp59.zip - Clean 3.1V59, McAfee's clean-up virus remover. netscn59.zip - Netscan V59, McAfee's scan for networks. These files were downloaded directly from Homebase BBS on 3/5/90 at 11:40pm. The files the replace (----v58.ZIP) will remain on the server until 3/9ish/90 in case requests for them are pending at BITFTP@PUCC. - ---------- Anger is a wind which blows out the lamp of the mind. - ---------- James Ford - JFORD1@UA1VM.BITNET, JFORD@MIBSRV.MIB.ENG.UA.EDU University of Alabama in Tuscaloosa. ------------------------------ Date: 06 Mar 90 19:27:17 +0000 From: hleong%orange.UUCP@ucsd.edu (Hong-Va Leong) Subject: request for virus info. I am going to write a term paper on the threats of virsus to computer security systems. Is there any reference materials to this topic? Only a general survey plus some future trends is needed. Personal opinions are welcomed. Thanks. - ----------------------------------------------------------------------- :-) H.V. Leong A indifferent netter, (-: Dept. of Comp. Sci. A hot field, Univ. of Calif. A popular U. for HKer, Santa Barbara A small UC campus. ------------------------------ Date: 06 Mar 90 20:50:43 +0000 From: spaf@cs.purdue.edu (Gene Spafford) Subject: Contest announcement The National Center for Computer Crime Data notes with interest the considerable controversy engendered by the trial and guilty verdict in the case of Robert T. Morris. In order to expand and focus the conversation, we announce the "If I were the Robert Morris case judge" essay contest. We will award $100 to the best essay of 250 words or less suggesting the appropriate sentence for Mr. Morris. Security Magazine has agreed to publish the winning essay in its May issue. Contestants need not be familiar with the federal guidelines for sentencing, but should assume, for the purpose of their essay, that the judge can impose any sanctions he or she thinks reasonable. All essays must be received by the National Center for Computer Crime Data, 1222-B 17th Avenue, Santa Cruz, CA, 95062 by March 28, 1990. J.J. Buck BloomBecker, Esq. Director [The real sentencing for Mr. Morris will be May 4. I am not affiliated in any way with the NCCCD --spaf] - -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253