VIRUS-L Digest Monday, 12 Mar 1990 Volume 3 : Issue 56 Today's Topics: Many WDEF reports --Why? Etymology of the word "virus" Reading MAC diskettes on a PC Possible New VIRUS Or Just H/W Problem ? (Amiga) Virus management software Viruses and Copyrights Information Request Unidentified Virus (PC) Re: Scanning MAC diskettes on a PC Viruses using Hamming (PC) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@CERT.SEI.CMU.EDU. Ken van Wyk --------------------------------------------------------------------------- Date: 07 Mar 90 12:13:43 -0500 From: Pat Ralston Subject: Many WDEF reports --Why? David Chess on Feb 13th said the he was I don't' think it's necessary for everybody to report >every sighting of WDEF....I gave up trying to keep >track of all the sightings.... Sooo, I am confused. I really want to help. I will report any (first occurrence) of a virus here on my campus if you-all want me to, and if it IS indeed helpful. I will stay off the electrons and not clog up the list with needless reports if that is more helpful. Of course, any one on this list can (and will) respond to my query but PLEASE IDENTIFY yourself. If you are a REAL virus tracker please say so...If you aren't please note that also. ------------------------------ Date: Fri, 09 Mar 90 08:54:16 -0500 From: "Dr. Martin Erdelen" Subject: Etymology of the word "virus" Greetings to the many classical linguists reading VIRUS-L :-) , would somebody please tell me the etymology of the word "virus" and therefrom deduce the correct declination (esp. genitive & plural)... I know this has been discussed before, but I'd like to get some truely technical information. My dictionary of Latin & Greek word elements in biology is strangely un-verbose on this matter. Could it be that "virus" is an artificial term in the first place? Thanks for enlightening me. Virulentally, MArtin (~ , , (___/__/__-_ Dr. Martin Erdelen EARN/BITNET: HRZ090 at DE0HRZ1A - -Computing Centre- University of Essen +----------------------------------------------+ Schuetzenbahn 70 | | D-4300 Essen 1 | This room left unintentionally non-blank. | W.Germany | | +----------------------------------------------+ ------------------------------ Date: Fri, 09 Mar 90 12:00:58 -0500 From: mlsmith@NADC.ARPA (M. Smith) Subject: Reading MAC diskettes on a PC We have a Zenith 248 (AT Clone) with a card called Matchmaker which is connected to an 800K Macintosh 3 1/2 inch floppy drive. MacIntosh disks can be read and *DATA* files can be transferred to any PC disk. There is also software to convert MacWrite files to either ASCII or Word files (I forget which.) This sounds like what some of you have been asking for, so I will give the address of this company: Micro Solutions, Inc. 132 West Lincoln Hwy. DeKalb, Illinois 60115 (815) 756-3411 The system has worked well except for Port I/O conflict with one of the optical disks on that system. For those into Port conflicts, Matchmaker can be set to 330-335h,340-345h,230-235h or 240-245h. DISCLAIMER: I have no envolvement with Micro Solutions, Inc. other than as a satisfied user. Mark L. Smith, Naval Air Development Center, Code 5053, Warminster, PA 18974 (215)441-2454 mlsmith@nadc.ARPA ------------------------------ Date: 05 Mar 90 04:05:59 +0000 From: robi@attila.esa.oz (RoBeRt KaRp) Subject: Possible New VIRUS Or Just H/W Problem ? (Amiga) [Ed. Re-posted from comp.sys.amiga.hardware.] SYSTEM: Amiga 2000B, 1084s monitor, 2088 Bridge Board, Seagate Hard Disk. SYMPTOM: Screen goes the _BACKGROUND_ colour. DESCRIPTION: This happens at seemingly random times, however, it only occurs when there is some kind of screen activity, e.g. opening or closing a window. It occurs more frequently when the machine has been on for a while. The only way to get the screen back is rebooting. NOTE: I have full control of the computer at all times, I just can't see anything. THINGS ATTEMPTED IN TERMS OF PINPOINTING IT: I've tried every virus checker I could get my hands on, they all come up with nothing. These include kdviii, virusX-3.20, novirus. I've opened up the machine to see if there are any lose chips, but there aren't. I've booted from a pristine, untouched workbench 1.3 disk at two times. Firstly upon soft booting, the screen did blank out. Secondly upon cold booting, the screen didn't go blank, however, this could be a coincidence. OTHER INFO: I have a game called Hybris. After playing this for a while, the screen will "fuzz", what I mean is that the graphics seem to get confused and all I see is one big blur on the screen. I have tried this with two independent disks of the game (ie: I borrowed them from two different people). This may or may not have anything to do with the blanking. HELP: If you do know anything about this, or have any kind of helpful comment, please email me. I am at my wits end. My computer has become virtually unusable. If people want, I will summarise and post responses. THANKS: - Robi - -- INTERNET: robi@attila.esa.oz.au ACSnet: robi@attila.esa.oz Fax : (+61) (2) 953 9531 Robert Karp/// Tel : (+61) (2) 953 9488 //// UUCP : uunet!attila.esa.oz.au!robi \XXX/ ------------------------------ Date: Fri, 09 Mar 90 12:18:46 -0400 From: "Daniel P. McGee" Subject: Virus management software At Villanova University, we have been subject to virus problems in the past on some of our public access IBM, Zenith and Apple Mac systems. The most recent encounter has been the STONED virus. I'm looking for virus management software (ie. detecting, cleaning and preventing virus infections) for standalone systems and workstations on a Novell Netware v2.15 network. I'm also interested in any experiences, comments on the VIRUSCAN and other software products from McAfee Assoc. in California. Please reply directly to me because I'm not subscribed to this list. Daniel P. McGee Manager, Academic Computer Services Villanova University MCGEE@VUVAXCOM ------------------------------ Date: Fri, 09 Mar 00 12:28:25 -0500 From: Stuart Milligan Subject: Viruses and Copyrights Yesterday, Kelly Goen commented on the Brain virus author, Mohammed Farooq Alvi. > Just an additional Note: due to a peculiarity in Pakistani law... > there is NO Copyright Law... Pakistan became an adherent of the Berne Convention on 7/5/1948 and an adherent of the Universal Copyright Convention on 4/28/1954. Since they are members of these two prestigious international organizations, I find it difficult to believe they have "NO Copyright Law." Perhaps someone could explain this so-called peculiarity in Pakistani law that voids copyright protection? Curiously, ______________________________________________________________________________ "You need only one paddle for answers; you need both for good questions" -SM _____________________ __ : \______________________BBBBBBB________________________: : : Stuart Milligan : BBBBBBBB : : : Drake Memorial Library : SSSS U U BB BB NN N Y Y : : : SUNY at Brockport : S U U BBBBBBBB N N N Y Y : : : Brockport, NY 14420 : SSSS U U BBBBBBB N N N YYY : : : : S U U BBBBBBBB N N N Y : : : (716) 395-2508 : SSSS UUUUU BB BB N NN Y : : : ___:__________________BBBBBBBB_______________________: : :____________________/ BBBBBBB :__: ------------------------------ Date: 09 Mar 90 19:32:03 +0000 From: rwillis@hubcap.clemson.edu (Richard "Crash" Willis) Subject: Information Request Hello, my name is Richard Willis and I am a Freshman in CompSci at Clemson U in S.C. I am doing a paper on the spread of viruses in the last few years, the increase in sophistication we have seen in them, and the adverse affects they have had, using the Internet Virus as an example. Could anyone recommend or send me information as to the spread of viruses, descriptions of current and past viruses, and examples of some of the more technical viruses in existence currently? Any and all info will be welcomed. Thanks! - -------------------------------------------------------------------------- "...OK, and I press and I'm done!" "Dad, you just erased your entire file." " Is that bad?" -Foxtrot rwillis@hubcap.clemson.edu ------------------------------ Date: 09 Mar 90 23:50:57 +0000 From: mowbray@ac.dal.ca Subject: Unidentified Virus (PC) Subject: Request Info On Unidentified Virus Date: 10 March 1990 From: Paul K. Smith, Dalhousie Univ., Halifax, N.S. Recently in Moncton, N.B. a particularily nasty virus emerged. The person suffering from this had used bulletin boards extensively and indiscriminately. Ergo the source is unknown. The machine infected was a PC AT. The effects of this virus was to fill up the hard drive and RAM with gibberish thus rendering the machine unusable. The following measures were taken in order to get rid of the problem: 1. The hard drive was reformatted.------No effect 2. The hard drive was low level reformatted.------No effect 3. The hard drive was physically disconnected and the system booted from the floppy with a clean DOS-----No effect 4. From the above it would appear that the virus is residing in some other hardware or even a chip possibly the BIOS (??). Not having any experience with viruses I am wondering do these symptoms sound familiar to anybody? I would appreciate anybody who may be familiar with the above and any solutions to the problem. Replies may be addressed to: MOWBBRAY@AC.DAL.CA Thanks in advance Paul K. Smith Soc./Soc. Anthro. Dalhousie Univ. Halifax, N.S. ------------------------------ Date: 10 Mar 90 05:10:30 +0000 From: bro@eunomia.rice.edu (Douglas Monk) Subject: Re: Scanning MAC diskettes on a PC MAINT@UQAM.BITNET (Peter Jones) writes concerning using PC's with 3 1/2" drives to scan Mac floppies for viruses. minich@a.cs.okstate.edu (Robert Minich) in response points out: # 1) PCs cannot read Macintosh formatted floppies, unless you have some sort # of hardware specifically made for that purpose. Such hardware does exist for PCs. In addition, on Atari ST systems (to introduce another variable) the Spectre GCR cartridge would make it possible to safely scan Mac disks when using the ST in native mode (though requiring additional software not provided with Spectre), and when running the emulator, get infected just like any other Mac. Such an environment might be of unique interest in studying viruses, but is really overkill if eliminating and preventing infection is all that is desired. # 2) WDEF travels when an infected disk is inserted into a an UNPROTECTED Mac. And can infect an ST using the Spectre emulator as well, if unprotected. See next point. # 3) [There are free, simple ways to protect against WDEF and other viruses # on standard machines] And such protection works on emulating STs, exactly as one would expect. Again, hardware solutions are overkill at the moment for the restricted purpose of eliminating and preventing infection. There might still be a real use in more involved settings (and may be a real need sometime in the future, who knows?) Doug Monk (bro@rice.edu) Disclaimer: These views are mine, not necessarily my organization's. ------------------------------ Date: 11.03.90 23:12:07 From: "Morton Swimmer" Subject: Viruses using Hamming (PC) I just returned from a talk with Vesselin Bontchev, and must now correct one of my previous remarks. It appears there is indeed a virus that uses Hamming to maintain its integrity: they are the viruses starting with the TP33 in the TP virus strain (Vacsina and one of the Bulgarian Yankee viruses are in this strain.) This is not the only point I must stand corrected at. There were many mechanisms that I had hoped would never be used or that would be too impractical for a virus programmer to use. Unfortunately these have apparently been used in many of the Bulgarian viruses. I think we may see many of these coming over to the West at some point in time. Looking at the viruses I have here, I am shocked by some of the ideas they have implemented and their implications to the computer community. Having experimented a bit with the 4096 and in the light of some of the bulgarian viruses, I see bleak times ahead. In Europe I think we will be swamped by Eastern viruses, by the end of summer, the time a lot of West Germans will have come back from their vacations in the East. This has happened in the past, but with the US. Many vacationers seem to take their disks with them on holiday (dread the thought). Cheers (or not so), Morton Virus Test Center, University of Hamburg ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253