VIRUS-L Digest Friday, 30 Mar 1990 Volume 3 : Issue 65 Today's Topics: Announcement IFIPSEC '91 Re: Mac file infected with Scores and nVIR -- Usable? (Mac) How to protect a Mac hard disk from infection (Mac) SCANV60.ZIP (PC) 128K, What's it mean? (PC) Information please... (Apple ][) Updated signature files for IBM VIRSCAN? VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@CERT.SEI.CMU.EDU. Ken van Wyk --------------------------------------------------------------------------- Date: Tue, 27 Mar 90 13:56:00 -0500 From: WHMurray@DOCKMASTER.NCSC.MIL Subject: Announcement IFIPSEC '91 Seventh International Conference on Information Security "Creating Confidence in Information Processing" First Announcement and Call for Papers LOCATION The conference will be held in Brighton, a large coastal town in southern England. One of Britain's premier resorts, Brighton is one hour from London by rail, and convenient to both London Airports, The conference will be held at the Metropole Hotel. The hotel is located on the ocean near the town centre. DATES 15-17 May, 1991 ORGANIZERS The conference is being organized by IFIP Technical Committee on Security (TC11) in cooperation with the British Computer Society and the European Region of the EDPAA. It is being sponsored by Digital Equipment Company, Ltd. LANGUAGE The official language of the conference will be English. CONFERENCE SECRETARIAT IFIP/Sec '91 Elsevier Science Publishers Ltd. Mayfield House 256 Banbury Road Oxford OX2 7DH UK Tel: +44 (0)865 512242 Fax: +44 (0)865 310981 Organizing Committee, David t. Lindsay, Chairman Programme Committee, Wyn L. Price, Chairman North American Members of the Programme Committee: Jim H. Finch Peter P. C. H. Kingston Martin Kratz William H. Murray (WHMurray@DOCKMASTER.NCSC.MIL) CONFERENCE OBJECTIVES The conference objectives are: * to emphasize the importance of information security as a critical management reuqirement * to address the need to enhance the integrity and security of computer based systems and data networks * to share knowledge in the development and use of information security management methods and systems security and technical tools * to address the differing, as well as common, interests of management, auditors, security practioners, and the data processing community * to promote international co-operation in the advancement of information and computer security practices and technologies CALL FOR PAPERS Contributions are invited describing practical experience and research on all aspects of computer, network, and information security including business, professional, legal, research and educational areas. (Papers with over-emphasis on specific product marketing will not be accepted.) Abstracts should be more than 200 and less than 1000 words in length, typed, double-spaced, on one side of the sheet. The Committee will select papers based on submitted abstracts. Abstracts are due 31 May 1990. Authors will be notified of acceptance by 30 September 1990 and camera ready copy of the papers will be due 28 February 1991. ADDITIONAL INFORMATION An additional announcement including the programme and registration details will be available in December 1990. For a copy of the official announcement please send name and postal address to: WHMurray@DOCKMASTER.NCSC.MIL ------------------------------ Date: 27 Mar 90 16:40:36 +0000 From: trebor@biar.UUCP (Robert J Woodhead) Subject: Re: Mac file infected with Scores and nVIR -- Usable? (Mac) drz@po.cwru.edu (David Zinkin) writes: >My copy of SideKick for the Mac has been infected with TWO viruses at the >same time -- Scores and nVIR A. Is it possible to make SideKick usable >again? Virex will correctly repair multiply infected applications, and so will Disinfectant, I believe. Virex will tell you about the "newest" infection, repair it, then recheck the file and discover the older infection -- and let you repair that too. Disclaimer : I am the author of Virex, available without a prescription at finer computer stores everywhere. - -- Robert J Woodhead, Biar Games, Inc. !uunet!biar!trebor | trebor@biar.UUCP Announcing TEMPORAL EXPRESS. For only $999,999.95 (per page), your message will be carefully stored, then sent back in time as soon as technologically possible. TEMEX - when it absolutely, postively has to be there yesterday! ------------------------------ Date: Wed, 28 Mar 90 13:15:12 -0500 From: Elizabeth Caruso Subject: How to protect a Mac hard disk from infection (Mac) We are about to receive several Mac machines with hard disks sometime soon and would like to find out what other people are doing to protect their mac systems. Can you tell us what anti virual software you use, by what company and it's cost! Do you know of any good shareware products? Is there a way to make your Mac hard disk read only? **********Please send all information to Alyssa Domershick (AFDBB@CUNYVM) Thank you! ------------------------------ Date: 28 Mar 90 10:16:45 +0000 From: ash@mlacus.oz (Ash Nallawalla) Subject: SCANV60.ZIP (PC) The Association of PC User Groups BBS in CA has a message on the opening screen to the effect that SCANV60.ZIP has been released in a bogus form by someone, and might contain a virus, and that anyone finding it should send a copy to the CVIA BBS. Unfortunately, the APCUG BBS sysop has been unable to find out the file size and date of the alleged bogus version. He is still making enquiries. What concerns me is that a version of the above file has reached Australia allegedly from a "reputable" source in the USA, from which the importer is also obliged to download a Fidonet conference (details not known). Anyway, the file size of this SCANV60.ZIP is 44482 bytes and its date is 03-19-90. I have a copy of this file and have uploaded it to the APCUG BBS for relay to the CVIA. (Aside: BT Tymnet, an APCUG sponsor, gives member groups two free accounts to call CA from most parts of the world for one hour daily) I note from a recent posting about new uploads to SIMTEL20 that the version thereon has a date of 03-21-90 and a file size of 39508 bytes. A user of the APCUG BBS (also claiming to have a reputable copy) gave a listing (probably via SHEZ) where the total column indicates a file size of 43872 bytes (date unknown). Since the above warning has been on the APCUG BBS for about two weeks, but nothing like that has been reported here, I am asking you all if you know something about this one. Does McAfee release more than one version of a given file without changing its version number? - - ash@mlacus.oz.au editor, pc update, melbourne pc user group inc ============================================================================= Ash Nallawalla Tel: +61 3 823-1959 Fax: +61 3 820-1434 ZL4LM/VK3CIT Postal: P.O. Box 539, Werribee VIC 3030, Australia. ------------------------------ Date: Wed, 28 Mar 90 17:53:22 +0700 From: "Craig A. Summerhill" Subject: 128K, What's it mean? (PC) Could some reader of the VIRUS-L list please assist me? I believe that one of our machines (PC/XT running DOS) may have contracted a virus. Here's the scoop as I see it: * within a directory on the machine which contains utility programs (all have .EXE or .COM extensions excluding a few .DOC files which accompany the programs) each utility is exactly 128 bytes larger than the same files on another machine in the office. * the secretary using the machine says she has been experiencing frequent systems crashes within the last two weeks. * One of the utilities is a disk parking utility. When I tried to run it the program ended in a loop. I restored the file from an apparently uninfected machine, and it ran fine. However, after running one of the other utilities in the directory the file had been altered by 128 bytes again. It seems like a pretty clear-cut case of a virus, but my problem is I don't know *which one*. Can any of you that are more experienced suggest which virus may effect .EXE and .COM programs and increase the file size 128 bytes? It seems innert, but I don't know... Also, what anti-viral software (if any) will erradicate it? (And need I say salvage any data files) Please reply directly to me as this is of immediate interest to me, and I am often unable to read VIRUS-L in a timely manner. +---------------------------------------------------------------------------+ : : : Craig A. Summerhill BITNET: SUMMERHI@WSUVM1 : : Assistant Systems Librarian Internet: SUMMERHI@wsuvm1.csc.wsu.edu : : Washington State University IP: 134.121.1.39 : : Pullman, WA 99164-5610 AT&TNET (509) 335-1299 : : : +---------------------------------------------------------------------------+ ------------------------------ Date: 28 Mar 90 23:29:00 -0400 From: "WILLIAM HADLEY" Subject: Information please... (Apple ][) Hello all! I need some information on Apple II viruses. I am writing a paper/book on viruses and I lost my section of notes that covers the Apple II stuff! Any information that you could send me would be great!! PLEASE send to me DIRECT (wlhadley@gmuvax.gmu.edu OR wlhadley@gmuvax.bitnet). I will forward anything that I feel would be of general interest to the list, but there is no need to clutter the list with detailed info. Again, ANYTHING you can send on Apple II viruses will be appreciated. Thanks in advance! Bill Hadley wlhadley@gmuvax.gmu.edu wlhadley@gmuvax.bitnet ------------------------------ Date: Thu, 29 Mar 90 11:42:39 -0000 From: "Pete Lucas, NCS-TLC, Swindon U.K." Subject: Updated signature files for IBM VIRSCAN? Have there been any published updates to the two signature files (SIGBOOT.LST and SIGFILE.LST) for the IBM VIRSCAN program? Both the signature files on my copy are dated 19-09-89. Am I behind the times? >>>Pete>>> ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253