========================================================================= Date: Sat, 22 Oct 88 04:20:13 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List Comments: W: Invalid RFC822 field -- "================================================================ =========". Rest of header flushed. From: "Pedro Sepulveda J." Subject: JV Virus... We are a group of student of the 'Universidad de Santiago de Chile' with a special interest, 'Computer Viruses'. Our investigations are oriented on the Jerusalem Virus (also known as the 'Hebrew University Virus'), since that JV only has come at this moment. Due to circumstances of the educational ambient, we want to protect our works and resources. We are disassembling the greater part of the JV. If you are interested in our work and you have information too, we would can to join efforts for to learn of the viruses instead of to be prejudiced for its and so to direct this knowledges for good road. Pedro Sepulveda J. Universidad de Santiago de Chile ========================================================================= Date: Sat, 22 Oct 88 19:27:04 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: SSAT@PACEVM It seems to me that on a pc type system the following steps should stop the virus's that are floating. 1) Make command.com and system files READ-ONLY. 2) Use FLUSHOT (direct from author) 3) Use common sense. The combination of the 3 steps above just caught a virus in a copy of Norton Commander someone sent to me. This is a new and nasty virus and you will hear more as soon as I get the time. ========================================================================= Date: Sun, 23 Oct 88 13:07:17 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Jean Coppola Subject: virus Well we have a little more on the Norton virus. It eats command.com and the system files, as well as destroying both Fat tables and all know backups like Mace utilties and Disk optimizer produce. This is a little more vicious than most because a FULL format of the hard disk is required after being attacked. By full I mean both low level and dos formats must be done. Otherwise the little bugger is still on the disk (boy did we find out the hard way) and will reattack you at a later date. ========================================================================= Date: Sun, 23 Oct 88 18:00:15 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David A. Bader" Subject: Virus Conference I would like to thank the eight out-of-town individuals who I met at the virus conference this weekend in the Lehigh Valley, Pa. I can't say that I learned anything that I didn't read on virus-l, but being able to discuss these topics in a little greater depth and on a closer basis was very informative. I handed out disks to most of the participants with a collection of public domain anti-viral/trojan packages and would appreciate any comments and evaluations of these products sent to me. ( -Especially on FluShot Plus 1.4; it seems as though no one will try this package, even though it has most of the bugs worked out from the older versions.) Thanks a lot, David Bader DAB3@LEHIGH ZDABADE@VAX1.CC.LEHIGH.EDU P.S. To the Calgary Contingency: When Chris and I make our ways out there... we'll be sure to call. ========================================================================= Date: Sun, 23 Oct 88 23:15:20 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: The Virus Conference - thank you Actually David, I'm intreged by your comments: You mentioned something about all that we discussed were old virus-l topics, and I don't believe that's ctrue. Since you weren't present for quite a bit of the conference, you may have missed some of the things we discussed, but we did go over organizations tracking viruses, integrity systems including the Bell-Lapadula, Limited Transistivity, Complexity Based Integrity and Separation (I think we have baredly touched on these on the list), and we did talk about Wroms in greater detail than on the list. We ended up having a total of 14 people show up for the conference (although several people were there only half the ftime). I had gotten worried early on that the conference might have problems, we had two people call and cancel at the last minute, two that said they were coming never showed (JD Where are you?), and two groups that said they'd send representatives didn't. We had the additional progblem that the printer company I usd to print and bind the books seems to have broken their tape binding machine and we had to give out the book in loose form in folders. However, as one person stated "Its easier to talk, discuss subjects and get points across in smaller groups", and I think it went quite well. We had an excellent group of people with a greatly varied knowledge of the subject viruses I do want to say thanks to everyone who came! It was really appreciated, and I hope you all took something out of the conference. The conference ended up being more informal than oformal and I believe that worked quite well with this group of people. Its always interesting to meet people who you have been discussing subjects with for some months without meeting then face to face. Thanks goes to Chris Haller of Cornell who corrected many of my spelling atrocities (that word isn't even close is it?_) Also, Steve Okay from the Source took notes on his laptop throughout the 3 days and apparently will be making the mnotes available in the future. Because it was lengthy, I believe it will take him some time to confvert his notes to something readable. (Please excusse my typing, I seem to be missing the backspace key) Thanks to all who made this conference psossible! Loren Keim ========================================================================= Date: Sun, 23 Oct 88 23:41:43 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: The Book / Effects of the Conference Reading through my notes and letters to me, several people have asked if I think we'll see any effects of the conference. I'd like to forward this statement through the list to everyone who did come and ask them if they think it helped them. For me, I got a number of ideas and quite a bit of help on correcting mahny of the ideas I had previously. Joe Sieczkowski gave us some unique ideas on Unix protection schemes, which I greatly enjoyed and we may see something come of that over the next year. I believe the group helped him to look at different aspects of what he wanted to do . Hopefully we've also given people that little bit of information that they might need to help prevent viruses in the future. I believe there were a few good points about network security, and we may see more security at some colleges through networks due to some of our discussions. I really felt it was much easier to disucss the problems in group than to write them in short letters over the net. As for the book, we've gotten numerous request s for it. We have located another printer and gotten some prcice quotes today for anyoje interested. I want to point out that the price I am setting the book / notes at is about 5 prercent higher than MY cost. I'm doing that to cover the expense of the conference (I ran into the hole on it slightly), and to make sure I am covered, as I always seem to underestimate the costs. I'm pointing aout that I'm not making money off this for the simple reason that we can't advaertize over bitnet and I've already had one woarning that I may not do so . The book is broken down into a few sections: - Introduction to Computer Viruses (Definitions, Detection methods) - Background and Experiments (From Von Neumann through Kraus through Cohen, including Computer VWorms, Core Wars and so on) - Major Viruses and Resultant Detection Schemes (Mainframe and Micro viruses including the source code to the Christma Exec which now should be powerless and has been published elsewhere, and a look at 2 versions of the Brain, Lehigh, Aldus and the Israeli) - Early Defense Methods (Partition Models and Flow Models) - Practical Defense Methods (Comlplexisty Based Integrity and other ideas) - The Future (Secure Systems in danger, dangers viruses pose) and 4 appendices : - Term Glossary - List of Known Viruses - Viruses in the Classroom - Virus Law I will also include a paper that Pam Kane sent me. (Those of you who have already gotten thr packet, as I said, I am going to enhance the "Furture " Section, and niclude the 3 missing appendices in the mail this week) The known viruses section is a bit schetchy in that it doesn't include quite a few viruses in existance. I would like to see a break down or flow chart of how each virus works from a reputable source before I s include it, so anyone who has worked with one recently, please send me what you can to LKK0 at LEHIGH. I do inlcude a number of viruses howevera and their breakdowns). Prices: The Book - Tape Bound / Soft Back / Printing on Right apage only... 18.50 The Bok - Tape Bound / Soft Back / Printing on Left apage only (some requested this bcause its easier to take notes on the right)... 22.50 (The publisher has to actually physically turn hafl of it around and wants more to do that) The Book - Spiral Bound / Soft Back / Printed on Right... 20.00 The Book - Spiral Bound / Soft Back / Printed on Left... 22.50 The Book - Har d Bound / Hard Spine / Printed on Right... 45.00 The Book - Hard Bound / Hard Spine / Printed on both sides... 48.00 The Book - Spiral Bound / Printed on both sides... 22.50 The Book - Tape Bound / Soft Back / Printed on both sides ... 21.00 For anyone who wants a copy oin the US... please send 4.50 to cover P&S... I will return the unused portion if any. In Canada or Germany (or anywher for that matter, I just happen to have people in both who want copies) I don't have a n exact quote yet on mailing costs so hold off a little while. Send it to : Loren K Keim P.O. Box 2423 Lehigh Valley, Pa 18001 Incidently, when I talk about defense methods in the book, I just describe them, I don't prove them matehematially, although I've been asked at times to do so. I will be trying to put together a book later this year (with much better editing) which will be about defense methods, including some ideas I've had and several that have been send to me (with full report going to the author of each) and will be shoing the math. I ll try to pubisdh that if I can. If yo have any questiosn, don't hesitate to write:... Loren Keim ========================================================================= Date: Mon, 24 Oct 88 02:35:00 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: GREENY Subject: Dissertation Copy? Does anyone know of where I could obtain a copy (if this is possible...) of Fred Cohen's dissertation on "Computer Viruses -- Theory and Experiments"? Thanx in advance.... Bye for now but not for long Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@cunyvm.cuny.edu Disclaimer: Do I really need one? ========================================================================= Date: Mon, 24 Oct 88 03:01:00 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: GREENY Subject: even *MORE* on hardware damage All this talk of "programs" causing damage to hardware has caused a few of the ole cobwebs to clear out of the history section of my brain which caused a story that I heard a long long time ago in a CS101 class to surface.. "...It seems that a programmer who delighted in taking excessively long lunch hours discovered a way to shut down the computer for hours at a time. It happened that the programmer -- in those days also being somewhat of an Electrical Engineer -- discovered exactly which MAGNETIC CORE was closest to the High-Temp shutdown sensor, and wrote a program which continously wrote an alternating pattern of binary 0's and 1's to *THE* core, until it got hot enough to trigger the High-Temp shutdown sensor. The sensor, being decieved into thinking that the entire machine was overheating, promptly shut it down" ...An oldie, but a goodie... Bye for now but not for long Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@cunyvm.cuny.edu Disclaimer: If you happen to still have some core memory machines being used and you pull this trick -- forget where you read this! :-> ========================================================================= Date: Mon, 24 Oct 88 13:19:00 PDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: SUE@UWAV1.ACS.WASHINGTON.EDU Subject: ANTI-VIRUS PROGRAM ARCHIVE < I THOUGHT THE FOLLOWING MIGHT BE OF INTREST TO VIRUS-L MEMEBERS....> From: IN%"ADVISE-L@NDSUVM1" "User Services List" 24-OCT-1988 13:00 Subj: Re: Virus... Date: Fri, 21 Oct 88 23:39:29 CDT From: David Boyes The archive server at RPICICGE (and indirectly SIMTEL20.ARMY.MIL) maintains a huge collection of anti-viral programs that should prove equal to most viroid strains. Directions for using the RPI archive server can be found in the latest issues of NetMonth (published by the famous Chris Condon [BITLIB@YALEVM] and available from better servers near you, esp. LISTSERV@MARIST). If you have access to the Internet, the files are stored on simtel20.army.mil, IP address 26.0.0.74. Log in as user ANONYMOUS, password is your real userid and node. All the virus-related files are stored in the directory PD1:. For those of you getting the programs via the Internet, remember that SIMTEL20.ARMY.MIL is a DEC-20 and uses 36-bit words. You *must* use TENEX mode when you FTP the files or you *will* get garbage -- issue the TENEX command before doing the GET for the file you want. ---------- David Boyes (713) 527-4852 |BITNET: DBOYES@RICE Systems Group |Internet: dboyes@icsa.rice.edu ICSA - Rice University | UUCP: [your fav backbone]...!psuvax1!uncle-bens.rice.edu!dboyes ========================================================================= Date: Mon, 24 Oct 88 16:10:34 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Kevin Trojanowski Subject: RE: CMU and the virus I just talked with a friend of mine who happens to be a student at CMU about viruses, and CMU did indeed get hit. I'm not sure what virus it was, but it infected their Macs, including some file servers. It seems the virus got onto one of the servers, and a new version of software for a class was to be distributed. Their distribution method is such that the software is placed on the server, and all students needing it can then copy from the server for their own uses. Well, the server containing the distribution copy of Genie (a Pascal interpreter of sorts) was contaminated, and thus an infested copy of Genie got quickly and widely spready around campus. I know this is somewhat sketchy, but it's all I have for now. Perhaps someone a little closer to the Pittsburgh area can get more information? ========================================================================= Date: Mon, 24 Oct 88 14:16:00 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: KEENAN@UNCAMULT Subject: Re: The Virus Conference - thank you In-Reply-To: Message of 23 Oct 88 21:15 MDT from "Loren K Keim -- Lehigh Univer Loren, I think you did an excellent service in organizing the conference. The three of us from Calgary (Grey Lypowy, Corey Wirun and myself) found it very helpful to be able to work some ideas back and forth without the delays and mis-communications inevitable in this electronic medium. Also, it gave us a good handle on what you guys are doing and, hopefully, you understand what we are up to in Canada. I think a follow-on conference is needed at some point but we should all sit back and digest this one for a while. Tom Keenan ========================================================================= Date: Mon, 24 Oct 88 19:10:23 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Pedro Sepulveda J." Subject: JV Virus... Hi Networkers...! We are a group of student of the 'Universidad de Santiago de Chile' with a special interest, 'Computer Viruses'. Our investigations are oriented on the Jerusalem Virus (also known as the 'Hebrew University Virus'), since that JV only has come at this moment. Due to circumstances of the educational ambient, we want to protect our works and resources. We are disassembling the greater part of the JV. If you are interested in our work and you have information too, we would can to join efforts for to learn of the viruses instead of to be prejudiced for its and so to direct this knowledges for good road. Pedro Sepulveda J. Universidad de Santiago de Chile ========================================================================= Date: Mon, 24 Oct 88 14:51:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: ACS045@GMUVAX Subject: Conf of 1 I myself found the size of the conference to actually be a boon more than anything else...it was a lot easier to disseminate information across a table than across the room, and I found it to be quite informative. Thanks to Loren and all the others who helped make this possible and I'd like to toss in a special thanx to the guys from Calgary and Cornell who helped in carting me around this weekend----it was and is much appreciated. Overall I'd say it was a successful and quite informative meeting..... --------------- Steve Okay ACS045@GMUVAX.BITNET/acs045@gmuvax2.gmu.edu/CSR032 on The Source "Ahhh...the keyboard...how quaint" ========================================================================= Date: Tue, 25 Oct 88 08:44:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Shawn V. Hernan" Subject: RE: CMU and the virus The virus that hit CMU was "nVIR", as named by interferon 3.1. It is apparantly the same one that hit Pitt (which is about a block and a half away) two weeks ago. Incidentally, here at Pitt we seemed to have eradicated the virus very quickly. Thanks to everyone who gave suggestions on informing users about it. They worked well, and we have seen no incidents of the virus since early last week. I know because I take classes at CMU and Pitt. (Perhaps I was the unknowing culprit!?!) Anyway, happy-virus hunting. Shawn Hernan University of Pittsburgh ========================================================================= Date: Tue, 25 Oct 88 13:17:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Shatner and Nimoy in '92! Subject: Once more... OK, I think I've posted this message a dozen times on different groups... IF you have something to say, PLEASE specify what machine you are talking about. I'm specifically thinking of the many references we've had to anti-viral programs (like FLUSHOT) and anti-viral libraries, which NEVER mention what machine they run on. Usually you can assume this means an IBM PC, since only IBM users are arrogant enough to believe that no other machines exist. : ) ========================================================================= Date: Mon, 24 Oct 88 11:31:41 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: SHERK@UMDD Subject: PC disk diagnostics- destructive? In-Reply-To: Message received on Fri, 21 Oct 88 13:02:30 EDT >When I worked for a company which sold PC's we burned them in before >delivery by stressing them as much as possible. One of the things >we did to test drives was to run the diagnostics continuously >overnight. It turned up some defective machines (which we returned) >but I don't remember the ones we sent on to our customers coming >back with problems in the drives at a higher rate than the machines >I fixed which we had not burned in. >Based on this I conclude that the PC diagnostic seek test is >non-destructive (despite the noise). If anyone has any actual >experience to the contrary PLEASE posdown. You are right, it does no harm. In fact, with a little lubrication it doesn't even make much noise. Erik Sherk Workstation Programer University of Maryland ========================================================================= Date: Wed, 26 Oct 88 00:49:44 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Mark S. Zinzow" Subject: UIUC Brain update What has been done about our Brain virus infection: 1) As previously noted the Brain virus was discovered here on Thursday October 20, 1988. Since then, we have guestimated that the infection had spread for at least three weeks undetected. 2) Information files and programs have been obtained from Lehigh, NBBS, Bitnic, and other sources. 3) Files and programs distributed on campus via anonymous ftp from uxe.cso.uiuc.edu (128.174.5.54). 4) Our samples of the Brain virus have been compared to the known original version to determine that we have a mutant which might be more dangerous than the original. Ours has a different message at the beginning, so may behave differently than the known version. Once difference is the string "VIRUS_SHOE RECORD v9.0" shortly after the "Welcome to the Dungeon" message in the boot sector. What remains to be done: 1) A simple summary of all the useful anti-virus measures needs to be written and distributed to PC Users at large and all labs. (This should include information on other viruses and general protection measures.) This document will serve in the interim along with BRAIN.MCPART_T. 2) Our samples of the Brain virus need to be analyzed and disassembled to see how it behaves relative to the original Brain. 3) Some of the programs we have which check for and remove the brain virus need to be evaluated, and/or compiled, debugged, and distributed. We should also check the software available on Simtel20, and Dave Chamber's BBS for his program V-finder. Files Available on Description Source uxe in /micro/pc/virus or pc/virus from anonymous ftp VIRUS-L.FILELIST List of files available from Lehigh U. ListServ@LEHIIBM1 VIRUS-L.LOG88* Logs of Bitnet virus discussion list ListServ@LEHIIBM1 b88* Excerpts from the above for quick reading MARKZ@vmd.cso.uiuc.edu BRAIN.MCPART_T Good article on the first Brain virus ListServ@BITNIC debrain.exe Program to check for and remove Brain sherk@umd5.UMD.EDU virdoc2.txt General virus documentation Homebase BBS review.pro A review of protection software VIRUS-L.LOG8806 README.virus This file zinzow@uxe.cso.uiuc.edu Complete listing of the above directory at the time of this writing: BRAIN.MCPART_T VIRUS-L.LOG8808A VIRUS.CERNY_J CHECKMEM.C VIRUS-L.LOG8808B VIRUS.SHEEHA_M CHKUP14.UUE VIRUS-L.LOG8808C b8804 NOBRAIN.C VIRUS-L.LOG8808D b8805 RISKS.LOG VIRUS-L.LOG8808E b8806 VIRUS-L.FILELIST VIRUS-L.LOG8809A b8807 VIRUS-L.LOG8806A VIRUS-L.LOG8809B book VIRUS-L.LOG8806B VIRUS-L.LOG8809C debrain.exe VIRUS-L.LOG8806C VIRUS-L.LOG8809D dir VIRUS-L.LOG8807A VIRUS-L.LOG8809E readme.debrain VIRUS-L.LOG8807B VIRUS-L.LOG8810A review.pro VIRUS-L.LOG8807C VIRUS-L.LOG8810B virdoc2.txt VIRUS-L.LOG8807D VIRUS-L.LOG8810C VIRUS-L.LOG8807E VIRUS-L.LOG8810D Files Available on Description Source uxe in /micro/pc/exec-pc/new or pc/exec-pc/new fsp_14.arc Flushot Plus 1.4 Exec-PC BBS, Milw. WI Many interesting files are here, but this the one of primary interest. See the files xfer*.arc for complete descriptions of all Exec-PC files through Oct. 17, 1988 including those kept here. (note: Files from Exec-PC are put first in the new directory on uxe, then moved to exec-pc when the next batch is added.) Files Available on Description Source uxe in /micro/pc/mac/virus or pc/mac/virus DUKVACC.TXT Vaccine for "Dukakis" HyperCard virus ListServ@SCFVM (NASA) NVIRVACC.SITHQX Vaccine for nVIR virus ListServ@SCFVM (NASA) -------Electronic Mail----------------------------U.S. Mail-------------------- ARPA: markz@vmd.cso.uiuc.edu Mark S. Zinzow, Research Programmer BITNET: MARKZ@UIUCVMD.BITNET University of Illinois at Urbana-Champaign CSNET: markz%uiucvmd@uiuc.csnet Computing Services Office "Oh drat these computers, they are 150 Digital Computer Laboratory so naughty and complex I could 1304 West Springfield Ave. just pinch them!" Marvin Martian Urbana, IL 61801-2987 USENET/uucp: {ihnp4,convex,pur-ee,cmcl2,seismo}!uiucdcs!uiucuxc!uiucuxe!zinzow (Phone: (217) 244-1289 Office: CSOB 110) ihnp4!pyrchi/ \markz%uiucvmd ========================================================================= Date: Wed, 26 Oct 88 09:11:52 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List Comments: Resent-From: RBCSCG05 From: RBCSCG05 Thought this should be forwarded here !! RECEIVED 26 OCT 1988 @ 9:11 Chris Osterheld Sent: 10/26/88 03:49 Rcvd: 10/26/88 03:49 Number: 4 To: COSTERHD@SFAUSTIN From: MAC-USER Subject: !! VIRUS WARNING !! Date: Wed, 26 Oct 88 08:13:28 ECT Reply-To: EARN Macintosh Users List Sender: EARN Macintosh Users List From: Christian Falk 7-593891 To: Chris Osterheld Today, I received an upgrade disk from High Performance Systems INC, containing STELLA 2.0 for Academe. Both STELLA and System files contained the nVIR-resources.I have noticed the company. Please forward this note ! ========================================================================= Date: Wed, 26 Oct 88 10:11:25 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David M. Chess" Subject: read-only, again SSAT@PACEVM suggests that making command.com and the system files read-only should be part of a virus-protection scheme. While it can't hurt (unless it leads to a false sense of security), and it may prevent you from some accidents, it is trivial (a couple dozen bytes of code) for a virus to alter a file despite the fact that it is marked read-only. All the viruses for PC-DOS that I've seen in fact do this, and aren't even slowed down by a read-only setting. For that matter, except for the Lehigh COMMAND.COM virus, the viruses that I've seen don't touch (or don't have to touch) either COMMAND.COM or any of the system files. The Jersulem virus, for instance, spreads between normal (non-system) EXE and COM files (I forget whether or not it will infect COMMAND.COM given the chance; but it doesn't *have* to be able to). So, as has been said here a couple of times before, read-only is very very little help against viruses. DC ========================================================================= Date: Wed, 26 Oct 88 13:00:00 PDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "JOHN D. WATKINS" Subject: hardware damage Hmm...the space shuttle uses magnetic core memory! So where are the temp sensors... Kevin ========================================================================= Date: Wed, 26 Oct 88 19:36:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Paul Coen Subject: LISTSERV@RPICICGE Quite a few people have been referring to the LISTSERVer at RPICICGE as a source for files (SIMTEL20 redistribution). I thought I'd posd this message John Fisher sent out on PCSERV-L some time ago. >From: BITNET%"FISHER@RPICICGE" "John S. Fisher" 22-SEP-1988 10:25:45.04 >To: Paul Coen >CC: >Subj: Unhappy state of affairs > >Received: From BITNIC(MAILER) by DRUNIVAC with Jnet id 4235 > for PCOEN@DRUNIVAC; Thu, 22 Sep 88 10:25 EDT >Received: by BITNIC (Mailer X1.25) id 4233; Thu, 22 Sep 88 10:29:35 EDT >Date: Thu, 22 Sep 88 09:45:24 EDT >Reply-To: Public domain software servers >Sender: Public domain software servers >From: "John S. Fisher" >Subject: Unhappy state of affairs >To: Paul Coen > >The PC software server available through LISTSERV@RPICICGE (and shadowed by a >few TRICKLE servers) has not been doing very well lately. Well, that is being >polite. This has been one rotten summer for the server. The cheap excuse of >Simtel20 being down for a major part of August is just that, cheap. Had it >been up the whole time, the server here would probably not have noticed. > >The server gets its files via FTP over the internet direct from Simtel20. At >least that is what it tries to do. My system is connected to one of the NSF >regional networks (NYSERNET in this case). That in turn is connected via >gateways to the various other networks that make up the internet. The path >from NYSERNET to MILNET (where Simtel20.ARMY.MIL is to be found) has been >extremely unreliable for quite some time. In the spring of this year the >server was able to move 100-200 files per day in response to requests (with >the balance of requests being satisified from a local cache of popular files). > >For most of the summer the transfer rate has never exceeded 20. For one solid >week now the total number of files transfered is exactly zero. > >The server is providing no service at all. > >Actually, it is providing a disservice by giving the impression it will >really do something. Enough. If by Monday of next week (26 October 88) there >is no ray of hope for improved connectivity between here and Simtel20, service >will be discontinued. There is not necessarily any group of individuals or >network equipment at fault, either; the situation simply is what it is. So, I >should face reality and stop pretending to be able to do something that I can >not. > >Be that as it may, there are many of you out there on Bitnet, running some >flavor of VM, connected to the internet by either FAL or WiscNet, who >actually can get to Simtel20 reliably. I'm looking for volunteers, people >willing and able to provide access to all or some (one even) of the many >archives available at Simtel20. If you have the system, I have the software. > > >Regards, >JSFisher I have not heard any updates on the situation, so I assume little has changed. Has anyone heard differently? +----------------------------------------------------------------------------+\ | Paul R. Coen | | | Bitnet: PCOEN@DRUNIVAC U.S. Snail: Drew University CM Box 392, | | | PCOEN@DREW Madison, NJ 07940 | | | Disclaimer: I represent my own reality. | | +----------------------------------------------------------------------------+ | \ \| \_____________________________________________________________________________\ ========================================================================= Date: Thu, 27 Oct 88 00:17:21 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: GX6692@SIUCVMB Subject: HELP! I was sent to this list by some people from another list (GAMES-L)since I mentioned a virus on that list etc... It seems that our school has just been hit with what has become commonly known as the Pakistan virus. I personally have lost MANY hours of work to this bug. If ANYONE can help me (so that I may help others) on how to deal with this PLEASE let me know ASAP. The virus hit here so bad that we made the St. Louis Post Dispatch (newspaper), Tribune (Chicago newspaper), and a few other lesser newspapers etc... I work at one of the Computer Labs here at school. My job is mostly to help people and distribute software. The problem is that our school software has also been VERY much affected. So you can see that we are up a certain creek without a mode of propulsion. Thanks for all your help in advance... vince laurent GX6692@SIUCVMB ========================================================================= Date: Thu, 27 Oct 88 11:21:00 LCL Reply-To: Virus Discussion List Sender: Virus Discussion List From: "H.Ludwig Hausen +49-2241142426" Subject: Re: Dissertation Copy? Hello, I would like to know this source also. So , please e-mail the address if you get one. Thanks. HL. Hausen o----------------------------------------------------------------------o | GMD Schloss Birlinghoven Telefax +49-2241-14-2618 | | D-5205 Sankt Augustin 1 Teletex 2627-224135=GMD VV | | West GERMANY Telex 8 89 469 gmd d | | E-mail hausen@dbngmd21.BITNET | | Telephone +49-2241-14-2440 or 2426 | o----------------------------------------------------------------------o | GMD (Gesellschaft fuer Mathematik und Datenverarbeitung) | | German National Research Institute of Computer Science | | German Federal Ministry of Research and Technology (BMFT) | o----------------------------------------------------------------------o ========================================================================= Date: Thu, 27 Oct 88 11:12:18 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David M. Chess" Subject: UIUC Brain update > ... Ours has a different message at > the beginning, so may behave differently than the known version. > Once difference is the string "VIRUS_SHOE RECORD v9.0" shortly > after the "Welcome to the Dungeon" message in the boot sector. Although I can't of course know that it's the same thing that you have, it may be somewhat comforting to know that I've seen a virus with the "VIRUS_SHOE" wording in it, and that it proved to be exactly identical to the standard "Brain" virus, except for the unused text areas. The readable parts of the boot record in the variant that I've seen included: Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD v9.0 Dedicated to the dynamic memories of millions of virus who are no longer with us today - Thanks GOODNESS !! BEWARE OF THE er VIRUS : this program is catching program follows after these messeges "Thanks GOODNESS" and "messeges" are the originator's typos, not mine! The string "(c) Brain" had also been replaced with the string "(c) ashar" in one place. But all the code was identical. I first encountered this variant in Paris, and have since seen it in a university in Texas. Don't be too comforted by this, of course! It may well be that someone has taken the original variant and added nasty things to it. So be very careful, and do have your technical-types dig into it. Dave Chess Watson Research ========================================================================= Date: Thu, 27 Oct 88 18:24:08 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Chip McGuill Subject: Detection I need some detailed information on detection and the prevention of viruses on MSDOS computers. Please post to me directly. Thanks. /^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^!^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\ º Chip McGuill ! º º Academic Computer Center ! º º Texas A & M University ! º º 129 Blocker !__________________________________º º College Station, TX 77840 ! Disclaimer: Everything I say º º ! has nothing to do with whom I º º (409) 845-3893 ! work for. º \_________________________________!__________________________________/ ========================================================================= Date: Thu, 27 Oct 88 16:08:19 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: me! Jefferson Ogata Subject: LaserWriters and memory I am forwarding this message about LaserWriters to the list at the author's request. Subject: LaserWriter hacking Some of the LaserWriter's memory is not erased at power-down - I don't know the exact technology used, some sort of EPROM, I suppose. But the password is stored in it. It is possible to change the password (null in most networks) over the AppleTalk so that only you can use the printer. The only fix is to send the machine back for a new, blank, EPROM, since the password protects the printer against future attempts at password modification. I haven't done this; I know about it from someone who worked out how to do it but refrained from trying the experiment. best wishes - jack Jack Campin, Computing Science Department, Glasgow University, 17 Lilybank Gardens, Glasgow G12 8QQ, SCOTLAND. 041 339 8855 x6045 wk 041 556 1878 ho ARPA: jack%cs.glasgow.ac.uk@nss.cs.ucl.ac.uk USENET: jack@glasgow.uucp JANET: jack@uk.ac.glasgow.cs PLINGnet: ...mcvax!ukc!cs.glasgow.ac.uk!jack [end of forwarded message] A little info about memory: most computer memory these days is comple- mentary metal-oxide semiconductor (CMOS) technology. Because of power and price, dynamic memory is used for storage. Dynamic memory must be periodically refreshed, or it forgets things. Since this refreshing process requires external logic or an active processor, static memory is used for non-volatile applications. Static memory does not need to be refreshed, but tends to use more power. So CMOS low-power (LP) static memory is used; these devices have an inactive low-power mode that can be maintained for a long time with an onboard battery power supply. EPROMs cannot be re-written after having been programmed, unless they are erased with ultraviolet light. Many distribution EPROMs these days can never be erased, since they are encased in solid epoxy carriers. These devices are technically PROMs, however, they are the same devices as the EPROMs, in cheaper packaging. Eraseable EPROMs come in ceramic carriers with a quartz window on top. EEPROMs can be electrically erased, so they may be used on a board as non-volatile memory, but the support circuitry required to erase them and reprogram them makes such applications impractical. In fact, EEPROMs themselves are pretty impractical, and not widely used. The support circuitry required to program a simple EPROM is impractical as well. Programming any kind of EPROM typically requires a 21V or 25V power supply, and most computers don't need such voltages for any other pur- pose. So onboard EPROM programmers are also quite rare. Here are a few acronyms: CMOS: complementary metal-oxide semiconductor CMOS-LP: complementary metal-oxide semiconductor - low power PROM: programmable read-only memory EPROM: eraseable programmable read-only memory EEPROM: electrically eraseable programmable read-only memory - Jeff Ogata Gee...maybe I should move this over to MEMORY-L... :-) ========================================================================= Date: Thu, 27 Oct 88 18:55:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Dimitri Vulis Subject: Hardware damage A virus does not actually have to _damage_ the hardware; it may achieve the same results by programming it to operate it in such a manner that it appears damaged. For example, suppose a PostScript trojan causes black and white streaks to appear at random on printed pages; you're going to have your printer serviced, and it'll cost you the same (in terms of time and money) as if it were broken. Or, a virus might create bad sectors on a hard disk, causing you to replace the disk. The possibilities are endless, and it's much easier to do (and hence more dangerous) than outright hardware damage. -Dimitri Vulis -Math Dept, CUNY Graduate Center ========================================================================= Date: Fri, 28 Oct 88 10:42:49 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Len Levine Subject: Re: HELP! In-Reply-To: Message from "VIRUS-L@LEHIIBM1.BitNet" of Oct 27, 88 at 12:17 (midnight) > > I was sent to this list by some people from another list (GAMES-L)since >I mentioned a virus on that list etc... > It seems that our school has just been hit with what has become commonly >known as the Pakistan virus. I personally have lost MANY hours of work >to this bug. If ANYONE can help me (so that I may help others) on how >to deal with this PLEASE let me know ASAP. The virus hit here so bad that >we made the St. Louis Post Dispatch (newspaper), Tribune (Chicago newspaper), >and a few other lesser newspapers etc... > I work at one of the Computer Labs here at school. My job is mostly to >help people and distribute software. The problem is that our school software > >has also been VERY much affected. So you can see that we are up a certain >creek without a mode of propulsion. > Thanks for all your help in advance... > > vince laurent > GX6692@SIUCVMB > Not to be unhelpful, but where is this from? + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail len@evax.milw.wisc.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ========================================================================= Date: Fri, 28 Oct 88 16:42:19 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Dorothy White Subject: Re: Dissertation Copy? In-Reply-To: note of Thu, 27 Oct 88 11:21:00 LCL from "H.Ludwig Hausen +49-2241 From: DWHITE AT UMAB I RECEIVED IT