zermelo@eddie.MIT.EDU (L Richard Duffy) (09/22/88)
A friend just called me to relate a distressing story. He was reading
the current (Sept. 19, I think) issue of _Time_, specifically an article
about a Pakistani company called Brain Computer Services, or something
similar. This company has apparently planted some viruses in pirated
software which has wide circulation, apparently capable of wreaking
great data devastation. Well, later that afternoon my friend noticed
that the volume label on one of his floppies at work had been somehow
changed to "(c) Brain", and he also found a message giving the phone
number in Pakistan for this company (which I gather will decontaminate
your software for a fee).
The friend asked me for advice; he and his colleagues have enormous
amounts of pirated stuff which they use with their extensive databases,
etc. Obviously he's afraid that data might start evaporating or
changing sometime soon, and wants any and all advice. Since I've
never dealt with a virus myself, I thought I'd broadcast a general
request for such advice, especially if any of you have experienced
this particular virus. By the way, all the equipment he has is
IBM PCs and clones.
Please e-mail any useful information (rather than posting here).
Thanks a lot.
........................................................................
Internet: zermelo@eddie.mit.edu
UUCP: {ihnp4 | allegra | gatech | decvax!genrad}!mit-eddie!zermelo
BITNET: zermelo%eddie@mitvma.bitnet
VoiceNet: 617-253-4045 (or -6668)krause@uicsrd.csrd.uiuc.edu (09/22/88)
>/* ---------- "Anyone infected by "Brain" virus?" ---------- */ > ... >The friend asked me for advice; he and his colleagues have enormous >amounts of pirated stuff which they use with their extensive databases, >etc. Obviously he's afraid that data might start evaporating or >changing sometime soon, and wants any and all advice. Since I've > ... >Internet: zermelo@eddie.mit.edu Somehow I don't feel sorry for your friend. He wants advice? Tell him to go out and buy legal copies of his software. Sheesh. James Krause UUCP: {ihnp4,uunet,convex}!uiucuxc!uicsrd!krause ARPANET: krause%uicsrd@uxc.cso.uiuc.edu CSNET: krause%uicsrd@uiuc.csnet BITNET: krause@uicsrd.csrd.uiuc.edu
animaldb@neabbs.UUCP (DRIES BESSELS) (09/23/88)
Hello Richard, I read an article just yesterday about this brain virus. It was written by an englishman who runs a data recovery laboratory. You might want to contact him (he lives/works in England) his address and phone (also BBS) is: Dr Alan Solomon 31, Holloway Lane Amersham Bucks HP6 6DJ or phone 0494 728095 BBS 0494 724946 I will try to post the complete article from him about the brain virus afterwards. Good Luck Dries Bessels Amsterdam, Holland
animaldb@neabbs.UUCP (DRIES BESSELS) (09/23/88)
Hello Richard, here is part of the article. The rest was about the question if this virus could infect a DEC computer. Not really usefull in this context so I chose only the description of the virus QOUTE The Brain virus does neither of these. Instead, it attaches itself to the boot sector of the diskette, and patches the boot process to execute the virus code. But the virus is too big for the boot sector, so the body of the virus is stored further down the diskette. To avoid detection, it isn't stored as a file; instead it is stored as 3K of bad sectors. If you know DOS, this is a real giveaway, as a diskette with bad sectors will have a minimum of 5K bad. When DOS finds a bad sector on formatting the diskette, it marks the whole track as bad. If you boot from an infected diskette, you get an infected computer. If you have an infected computer, then any diskette that you put in drive A becomes infected, simply by accessing the diskette. Even a simple DIR will infect the diskette, or even logging on to the drive if you have $P$G in your prompt. If you then look at the boot sector of the infected diskette using Norton, PC Tools or any other simple disk sector editor, you'll see a normal boot sector. That is because the virus intercepts the attempt to read the boot sector, and feeds back a copy of the original boot sector which it has stored in its body. It also uses this original boot sector to complete the boot process, after it has installed itself. The big question is what does it do when it detonates. The answer is that it doesn't really matter, because clever hackers will already be modifying it, and anyway it isn't the only virus around. The safest thing is to assume the worst. This is a total corruption of all data and backups, which could be accomplished by simply writing a byte of zero at random intervals to a random location on the disk. By the time the problem is discovered, the corrupted data will have propagated over all the backups. Dr Alan Solomon 31, Holloway Lane Amersham Bucks HP6 6DJ or phone 0494 728095 BBS 0494 724946 UNQOUTE PLease contact this guy for more info, think he is one of the best people to consult on this. Let me know what happens... Agan, good luck, dries bessels Amsterdam, Holland
fsg@holos0.UUCP (Frank Glass) (09/23/88)
In article <10111@eddie.MIT.EDU>, zermelo@eddie.MIT.EDU (L Richard Duffy) writes: > > a Pakistani company ...has apparently planted some viruses in pirated > software which has wide circulation, ... > > [a] friend asked me for advice; he and his colleagues have enormous > amounts of pirated stuff which they use with their extensive databases, > etc. Obviously he's afraid ... > Fascinating. A _computer_ virus which selects users of pirated software. A vigilante virus! As desirable as this may seem (1/2 smile), it's probably a hoax. > Please e-mail... _True_ information (as opposed to rumors) on issues such as viruses SHOULD be posted to the net, provided that such postings do not become redundant. -- Frank Glass Holos Software, Inc. Voice: (404) 496-1358 UUCP: ...!gatech!holos0!fsg
DOHC@TUCCVM.BITNET (Bob Roberds) (09/26/88)
>> Fascinating. A _computer_ virus which selects users of pirated software >> >>. >> >A vigilante virus! As desirable as this may seem (1/2 smile), it's probably > >a hoax. Fascist pig (1/16 smile)! I'm a software author AND a pirate and DAMN PROUD OF IT!
steve@dad.UUCP (Steve Cook) (09/26/88)
in article <1380@holos0.UUCP>, fsg@holos0.UUCP (Frank Glass) says: > > Fascinating. A _computer_ virus which selects users of pirated software. > A vigilante virus! As desirable as this may seem (1/2 smile), it's probably > a hoax. There was an article this last week in either Time or US News about computer viruses. They described the Pakistani virus. Seems these two brothers started copying commercial software and selling it real cheap. Seems its not illegal in Pakistan. But copies that they sold to tourists they included a virus, justifying it by saying that it was illegal in other countries so therefore these tourists were pirateersfor buying cloned software. Kind of convoluted logic there... They also mentioned the "Peace" virus which showed up on Mac's a couple months ago. -- Seems like just yesterday..... {hplsla,uw-beaver}!tikal!dad!steve
ray@micomvax.UUCP (Ray Dunn) (09/26/88)
In article <10111@eddie.MIT.EDU> zermelo@eddie.MIT.EDU (L Richard Duffy) writes: >.... Well, later that afternoon my friend noticed >that the volume label on one of his floppies at work had been somehow >changed to "(c) Brain", and he also found a message giving the phone >number in Pakistan for this company (which I gather will decontaminate >your software for a fee). > >The friend asked me for advice; he and his colleagues have enormous >amounts of pirated stuff which they use with their extensive databases, ^^^^^^^^^^^^^^^^^^^^^^^^^ >etc. Obviously he's afraid that data might start evaporating or >changing sometime soon, and wants any and all advice. Hey! At last! A virus that appears to have done the world some good - evaporate away dear data! (no...no smiley face) -- Ray Dunn. | UUCP: ..!philabs!micomvax!ray Philips Electronics Ltd. | TEL : (514) 744-8200 Ext: 2347 600 Dr Frederik Philips Blvd | FAX : (514) 744-6455 St Laurent. Quebec. H4M 2S9 | TLX : 05-824090
scott@hpcvca.HP.COM (Scott Linn) (09/28/88)
/ hpcvca:comp.sys.ibm.pc / animaldb@neabbs.UUCP (DRIES BESSELS) / 12:44 pm Sep 22, 1988 / +Hello Richard, +I read an article just yesterday about this brain virus. It was +written by an englishman who runs a data recovery laboratory. +You might want to contact him (he lives/works in England) +his address and phone (also BBS) is: +Dries Bessels +Amsterdam, Holland ---------- Maybe you should check the Sept. 25 issue of Time Magazine. There is an article on viruses, and it lists the authors of the Brain virus to be two Pakistani brothers.
hollombe@ttidca.TTI.COM (The Polymath) (09/28/88)
In article <42900022@uicsrd.csrd.uiuc.edu> krause@uicsrd.csrd.uiuc.edu writes: }>The friend asked me for advice; he and his colleagues have enormous }>amounts of pirated stuff which they use with their extensive databases, }>etc. Obviously he's afraid that data might start evaporating or }>changing sometime soon, and wants any and all advice. ... } } Somehow I don't feel sorry for your friend. He wants advice? }Tell him to go out and buy legal copies of his software. Sheesh. This week's issue of _Time_ magazine has computer viruses (viri?) as its cover story. The article goes into some detail about the Brain virus, aka the Pakistani Virus. It seems it was invented by a couple of Pakistani computer store owners to punish _American_ software pirates. They were selling pirated software our of their shop in Lahore to both Pakistanis and Americans, but only the Americans got the infected versions. Their reasoning: Pakistani copyright law doesn't protect computer software, so their Pakistani customers weren't breaking the law, but the American tourists and students were pirates and had to be punished. The virus will eventually destroy the data on your friend's disk. Use a disk editor to salvage what you can before its too late. I hope your friend learns a lesson about pirating. Too bad the Pakistanis won't learn it too. -- The Polymath (aka: Jerry Hollombe, hollombe@ttidca.tti.com) Illegitimati Nil Citicorp(+)TTI Carborundum 3100 Ocean Park Blvd. (213) 452-9191, x2483 Santa Monica, CA 90405 {csun|philabs|psivax}!ttidca!hollombe
gmat@wuibc.UUCP (Gregory Martin Amaya Tormo) (09/29/88)
In article <3644@dad.UUCP> steve@dad.UUCP (Steve Cook) writes: >in article <1380@holos0.UUCP>, fsg@holos0.UUCP (Frank Glass) says: >> >> Fascinating. A computer virus which selects users of pirated software. >> A vigilante virus! As desirable as this may seem (1/2 smile), it's probably >> a hoax. I DO PROTEST!!!!! The hardest hit from the very real virus are research institutions and educational systems from Israel to the US. Contrary to what appears to be your belief, the majority of software found on BBSs are public domain, the result of hard work by many ametuer programmers whose utilities you might even be using. The old image of the "hacker" running around trading stolen and illegally copyrighted software is a stereotype that could set PC hobbiests back years if leaked from this net. First, All major software manufacturers no longer copy protect their software, a sign that they do not perceive software piracy as the major threat it used to be. Second, the rapid expansion of Fidonet and fido compatible BBSs (over 4000 now) have set high standards in how BBSs are operated and what kind of software is distributed. So even though you only gave your comment half a smile, I hope you will retract it on behalf of all the programmers and users. Yes, some people still pirate software, but the majority of us public domain collectors are honest. Take a second look. David Deitch, Computer Connection dwd0238@wucec1.wustl.bitnet Fido 1:100/22
del@Data-IO.COM (Erik Lindberg) (10/02/88)
In article <295@wuibc.UUCP> dwd0238@wucec1.wustl.bitnet (David Deitch) writes: > First, All major software manufacturers no longer copy protect >their software, a sign that they do not perceive software piracy as the >major threat it used to be. Second, the rapid expansion of Fidonet and > > David Deitch, Computer Connection > dwd0238@wucec1.wustl.bitnet > Fido 1:100/22 Actually, it was my distinct impression that the decision to drop copy protection was primarily motivated by the outrage and protests of legitimate, paying customers over the unreliability and difficulty of using copy protected software. Not to mention a gradual realization that the "code breakers" had become so sophisticated as to make copy protection pointless on any program popular enough to be worth pirating. I doubt if software piracy has diminished a whole lot, if not increased... -- del (Erik Lindberg) uw-beaver!tikal!pilchuck!del