mccarrol@topaz.rutgers.edu (<MC>) (01/01/88)
Well folks, theres yet ANOTHER virus on the loose. This one allows you 5 boots of the virus disk, then erases the entire disk, and says "The Ram Man Was Here". Anyone else for nuking the asshole who started all this? I just lost major amounts of work.. I was writing a term program, and the disk it was on was destroyed.. Took out the backup, booted it, and it died... If anyone at CA wants me to send them a disk with THIS virus on it, let me know.. <MC> -- "It is a principle of the music/to repeat the theme |Mark C. Carroll Repeat/and repeat again/as the pace mounts. /------/Rutgers U CS Student The theme/is difficult/but no more difficult |ARPA :CARROLL@AIM.RUTGERS.EDU than the facts to be/resolved"-WC Williams |Usenet:mccarrol@topaz.rutgers.edu
dykimber@phoenix.Princeton.EDU (Daniel Yaron Kimberg) (01/01/88)
In article <17234@topaz.rutgers.edu> mccarrol@topaz.rutgers.edu (<MC>) writes: >Well folks, theres yet ANOTHER virus on the loose. This one allows you >5 boots of the virus disk, then erases the entire disk, and says >"The Ram Man Was Here". >Anyone else for nuking the asshole who started all this? I just lost Do you know if the program virustest will detect it? Someone should write a virustest that checks disks. -Dan p.s. i'm in favor of of killing whoever did it, by the way.
rminnich@udel.EDU (Ron Minnich) (01/01/88)
In article <1425@phoenix.Princeton.EDU> dykimber@phoenix.Princeton.EDU (Daniel Yaron Kimberg) writes: >In article <17234@topaz.rutgers.edu> mccarrol@topaz.rutgers.edu (<MC>) writes: >>Well folks, theres yet ANOTHER virus on the loose. This one allows you >>5 boots of the virus disk, then erases the entire disk, and says >>"The Ram Man Was Here". >>Anyone else for nuking the asshole who started all this? I just lost > >Do you know if the program virustest will detect it? Someone should write >a virustest that checks disks. and where is a good place to get virustest? I have kind of lost track of this thread. Also, the first letter indicates that the virus came in on a fish disk containing microemacs. Do i read that right? Do you think it was in the microemacs, or on the boot track of the disk, ... any ideas? Is there a virustest that lets you check lots of disks at once? You know, 'put in a disk', it checks it, 'put in a disk' sort of loop? Maybe we need to start a 'kill a rat' program. And i mean people, not code. How did you lose your backup disk? I am still unclear on the whole sequence. And how can a company lose a whole product? This seems kind of weird; did they only have one backup disk, and not have a string of backup disks? If so they were being a little careless anyway (he says, looking at his piles of unbacked-up disks. On the other hand, i'm not a company ... around here we have piles and piles of backups, and at companies i know you take one backup a month and put it somewhere safe). Seems we are going to have to get used to write-locked workbench disks, and write-lock everything that can be. Damn. -- ron (rminnich@udel.edu)
dougl@ism780c.UUCP (Doug Leavitt) (01/02/88)
In article <914@louie.udel.EDU> rminnich@udel.EDU (Ron Minnich) writes: Much stuff deleted... > How did you lose your backup disk? I am still unclear on the >whole sequence. And how can a company lose a whole product? This >seems kind of weird; did they only have one backup disk, and not >have a string of backup disks? If so they were being a little >careless anyway... I personnally haven't been hit by the virus yet (then again I no longer use ANY disk without either formatting or Vchecking it first). I did have the opportunity to talk to Jim Sach's personally about a month ago. It seems that he got hit by the bad virus program. As a result IF there EVER is a 20,000 League's Under the Sea Game, it won't be out for at least another YEAR or so. It seems that the virus program trashed his WORK disks AND ALL his BACKUPS! As I recall he was approximately a YEAR into the project when it was all lost. I don't know about everyone else, but if I just lost almost a full WORK YEAR'S effort down the tubes because of a destructive virus, I would be EXTREMELY PISSED! I think it is time for people to get together and actively start squelching this problem before it starts affecting the amiga as a computer. Lets think for a moment what we have here. The comp.sys.amiga group could be thought of as the largest amiga user group or gathering in the country. I'm also sure that many of the people on the usenet are also members of local amiga groups (I'm a member of 2 personally). Secondly most if not all of the amiga owners reading this group are or have become very knowledgable on the amiga because of the information passed through comp.sys.amiga. There are a number of things I have learned with the help of other on the net, it seems time for me and any others interested in protecting their investments before it gets out of hand. Here are some things I have thought of to start cleaning up this mess: 1) GET PEOPLE INFORMED. Next time anyone goes to a user group meeting make sure there is a virus update announcement. Many of the people in my user groups already have heard about the first virus. I personally plan to start warning people in my user groups about the new virus's destructive capabilities. When a new and updated Vcheck comes out (FROM Commodore, lets not accept substitutes) get it distributed to user group BBS's and other sources as fast as possible. Also tell people that it exists. 2) LETS START TRACKING IT. The best way to squelch this problem is to start finding the source(s). I'm sure if we could name names, and show proof, Commodore could and would prosecute. Let's start doing so. Here's some of the things that I think can be done: a) start Vchecking everything. b) if you find a contaminated disk check it's source for a contaminated copy. c) if the source has a contaminated copy, have that person check his/her source and pass you back any information that he finds out. d) start reporting sources to Commodore and the rest of the Usenet. How about putting the words VIRUS TRAILS or maybe YAVT (Yet Another Virus Trail) in the subject line and keywords of the header. 3) STARVE THE SOURCES. Information transfer goes two ways. normally if I get info/programs from a source I usually send things along (It's usually some form of 2 way street). If a source is found, let's stop accepting or sending info in that direction. It can get pretty lonely if no one will sell or give you programs/pictures/etc. for your amiga. Also what fun is it if you can't sell/give/show any of your creations to someone else. I think this is an appropriate penalty for someone writing virus programs. (They tried making your machine worthless, this seems like an appropriate punishment befitting the crime.) If you were a member of a user group in Switzerland that just found out that you'll never get another fish disk because one of your cohorts was responsible for vandalizing thousands of other users disks, do you think the sources will be part of the general amiga community for long? I don't. 4) LET'S WORK WITH COMMODORE! CATS is always helping us, lets help them control the problem as much as possible. If you have an infected disk or you think you have found a new infestation, send it to CATS. This will be the only way we can keep ahead of the virus writers it to help Commodore investigate a new strain. I've sent a number of disks all over the country. It only costs $.56 plus $.20 or $.30 for a padded envelope. This shouldn't cripple anybodys checking account. From my archives thats: Bill Koester c/o CBM 1200 Wilson Drive West Chester, PA 19388 5) BECOME JUST A LITTLE BIT PARANOID. Being paranoid isn't necessarily good, but remembering to vcheck any foreign disks should help to control the problem and start in tracking down the sources. Lets see how much power and how many bright minds the Usenet can bring together to solve this problem. As always any additional suggestions, comments etc... are welcome, and in this case I think they are necessary. Doug Leavitt Interactive Systems Corp. dougl@ism780c.isc.com { sdcrdcf, uunet, oliveb } !ism780c!dougl
haitex@pnet01.cts.com (Wade Bickel) (01/02/88)
dougl@ism780c.UUCP (Doug Leavitt) writes: >seems time for me and any others interested in protecting their investments >before it gets out of hand. > >Here are some things I have thought of to start cleaning up this mess: > >1) GET PEOPLE INFORMED. Next time anyone goes to a user group > meeting make sure there is a virus update announcement. Many > of the people in my user groups already have heard about the > first virus. I personally plan to start warning people in my > user groups about the new virus's destructive capabilities. > When a new and updated Vcheck comes out (FROM Commodore, lets > not accept substitutes) get it distributed to user group > BBS's and other sources as fast as possible. Also tell people > that it exists. > Seems like a good idea to me. C= really should take the initiative on this. They have the most to lose and the best access to Amiga owners. We should gripe at them if they don't do a good job at this. >2) LETS START TRACKING IT. The best way to squelch this problem > is to start finding the source(s). I'm sure if we could name > names, and show proof, Commodore could and would prosecute. > Let's start doing so. Here's some of the things that I think > can be done: > Be realistic! Most people got a hold of this thing because they were using pirated software. So most of the sources are illegal and would require the admission of a criminal act on the part of the victim. I'm sorry for people who contracted this innocently. If somebody really lost a years work and aquired the virus innocently my heart goes out to them. I have at time lost as much as two weeks work (a bad drive did it) and it is a really depressing experiance. However we should recognize that this is just a result of rampant software piracy in the Amiga market, both by individuals and corporations. I would be curious to see a study come about exploring the degree of piracy using the virus as an reference. I think we should recognize that the heart of the problem lies in in the fact that a good percentage of the people cannot be trusted to be honest if there are no penaties for cheating. I have little sympathy for a software theif, and if you associate with and exchange data with a thief knowingly, too bad! I have not yet run across the virus, and am getting concerned. Has it gotten into any commercial software? I recommend that C= release a program which identifies contaminated disks but does not fix them! Where can I get a copy of whatever diagnostic program that currently exists? Thanks, Wade. UUCP: {cbosgd, hplabs!hp-sdd, sdcsvax, nosc}!crash!pnet01!haitex ARPA: crash!pnet01!haitex@nosc.mil INET: haitex@pnet01.CTS.COM
randy@bcsaic.UUCP (Randy Groves) (01/03/88)
Does CATS have a copy of this new virus yet?? I have not hit either virus yet but have not heard any news from CATS on the newest scourge. -- -randy groves - Boeing Advanced Technology Center UUCP: ..!uw-beaver!uw-june!bcsaic!randy USNail: Boeing Computer Services CSNET: randy@boeing.com PO Box 24346 M/S 7L-68 VOICE: (206)865-3424 Seattle, WA 98124
grr@cbmvax.UUCP (George Robbins) (01/03/88)
In article <2243@crash.cts.com> haitex@pnet01.cts.com (Wade Bickel) writes: > dougl@ism780c.UUCP (Doug Leavitt) writes: > >seems time for me and any others interested in protecting their investments > >before it gets out of hand. > > > >Here are some things I have thought of to start cleaning up this mess: > > > >1) GET PEOPLE INFORMED. Next time anyone goes to a user group > > meeting make sure there is a virus update announcement. Many > > of the people in my user groups already have heard about the > > first virus. I personally plan to start warning people in my > > user groups about the new virus's destructive capabilities. > > When a new and updated Vcheck comes out (FROM Commodore, lets > > not accept substitutes) get it distributed to user group > > BBS's and other sources as fast as possible. Also tell people > > that it exists. > > > > Seems like a good idea to me. C= really should take the > initiative on this. They have the most to lose and the > best access to Amiga owners. We should gripe at them if > they don't do a good job at this. It seems that we have been doing our part. We could of course make the ROM software stupider so none of this would work, and lots of productive applications would be closed off. > >2) LETS START TRACKING IT. The best way to squelch this problem > > is to start finding the source(s). I'm sure if we could name > > names, and show proof, Commodore could and would prosecute. > > Let's start doing so. Here's some of the things that I think > > can be done: > > Be realistic! Most people got a hold of this thing because > they were using pirated software. So most of the sources are > illegal and would require the admission of a criminal act on > the part of the victim. BULSHIT! Why make this assumption and make excuses for the virus perpetrators? > I'm sorry for people who contracted this innocently. If > somebody really lost a years work and aquired the virus innocently > my heart goes out to them. I have at time lost as much as two > weeks work (a bad drive did it) and it is a really depressing > experiance. If the noses of the virus perpetrators were within range of the fist of someone who had just got burned, then perhaps there might be a quick end to the problem. Perhaps the first experimentors really didn't understand the consequences, but you can be pretty sure the copycats do. Hopefully, they will boast to the wrong person and find out about the fist vs. nose part. > However we should recognize that this is just a result of > rampant software piracy in the Amiga market, both by individuals > and corporations. I would be curious to see a study come about > exploring the degree of piracy using the virus as an reference. > I think we should recognize that the heart of the problem lies in > in the fact that a good percentage of the people cannot be trusted > to be honest if there are no penaties for cheating. I have little > sympathy for a software theif, and if you associate with and > exchange data with a thief knowingly, too bad! The victim is just as likely to be Joe A. Average exchanging public domain software at a user's group or Fred Fish or even little me, rather than this data criminal of yours. Why burden them with what you preceive to be the sins of the Amiga community? > I have not yet run across the virus, and am getting concerned. > Has it gotten into any commercial software? You're lucky so far. Perhaps your "holier-than-thou" attitude would change if you had run into one of these unpleasant occurances. > I recommend that C= release a program which identifies > contaminated disks but does not fix them! Where can I get > a copy of whatever diagnostic program that currently exists? Please observe the postings of Bill Koester, who is doing what he he can. Of course, he is only one person and can only react after people start getting hurt. It's up to you people out there to impress upon your peers that this sort of thing is not appreciated. Sorry if this comes across as a class A flame, but I think you should reconsider your attitude with respect to this problem... -- George Robbins - now working for, uucp: {uunet|ihnp4|rutgers}!cbmvax!grr but no way officially representing arpa: cbmvax!grr@uunet.uu.net Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)
ken@umbc3.UMD.EDU (Ken Spagnolo ) (01/04/88)
In article <8439@ism780c.UUCP> dougl@ism780c.UUCP (Doug Leavitt) writes: >I personnally haven't been hit by the virus yet (then again I no longer >use ANY disk without either formatting or Vchecking it first). I did [ mucho deletions ] Where can one obtain a copy of Vcheck? (At least I don't *think* I have it here in this mess of disks) Thanx. ken@umbc3.umd.edu
ain@s.cc.purdue.edu (Patrick White) (01/05/88)
In article <675@umbc3.UMD.EDU> ken@umbc3.UMD.EDU (Ken Spagnolo (C)) writes: >Where can one obtain a copy of Vcheck? (At least I don't *think* I have it >here in this mess of disks) Thanx. Vcheck1.2 is avaliable from the Amiga archives on j.cc.purdue.edu -- news/comp/binaries/amiga/volume3/vcheck.uu.sh.Z I can send it to you if you can provide me with a *non-uucp* address to you (internal politics won't allow us to send out sources/binaries via uucp :-( Seems to me I'm going to check into making this a part of my startup sequence on my bootable disks -- slows things down, but hopefully will save me and perhaps you all too. -- Pat White (co-moderator comp.sources/binaries.amiga) UUCP: k.cc.purdue.edu!ain BITNET: PATWHITE@PURCCVM PHONE: (317) 743-8421 U.S. Mail: 320 Brown St. apt. 406, West Lafayette, IN 47906
john13@garfield.UUCP (John Russell) (01/05/88)
In article <914@louie.udel.EDU> rminnich@udel.EDU (Ron Minnich) writes: >And how can a company lose a whole product? This >seems kind of weird; did they only have one backup disk, and not >have a string of backup disks? This is a depressing thought... "gee, my first 5 backup disks won't boot, I'll Ctrl-Amiga-Amiga and put in backup #6". Still, I'd hope that people doing commercial work would have several non- bootable disks with running versions of their program. That way the only thing they might lose to the virus is their copy-protection scheme. I just hope I never try to upload 2 weeks work on a newer version of a program and do a kermit <get> instead of <send> by mistake :-) ! John -- " 'Emergency room'! AUUUGGGH! That's where I'll be going." "It looks like she needs to have this Bonus Round pumped out of her!" -- Pat Sajak consoles an unsuccessful Wheel-of-Fortune contestant
richard@gryphon.CTS.COM (Richard Sexton) (01/07/88)
In article <4339@garfield.UUCP> john13@garfield.UUCP (John Russell) writes: > >I just hope I never try to upload 2 weeks work on a newer version of a program >and do a kermit <get> instead of <send> by mistake :-) ! > I just did that. I R * (if anybody out there is writing a comm program, when a RX is requested, don't just go out and delete an existing file, stick a .bak onto it, or ar very least, prompt with some sort of "Do you REALLY want to overwrite that file, bozo ?" Open fridge. Get egg. Apply to face. -- Well they say my too dark keys are in Santa Fe, or something like that. richard@gryphon.CTS.COM crash!gryphon!richard
rad@masscomp.UUCP (Bob Doolittle) (01/07/88)
In article <2243@crash.cts.com> haitex@pnet01.cts.com (Wade Bickel) writes: >dougl@ism780c.UUCP (Doug Leavitt) writes: >>2) LETS START TRACKING IT. The best way to squelch this problem >> is to start finding the source(s). I'm sure if we could name >> names, and show proof, Commodore could and would prosecute. >> Let's start doing so. Here's some of the things that I think >> can be done: >> > > Be realistic! Most people got a hold of this thing because > they were using pirated software. So most of the sources are > illegal and would require the admission of a criminal act on > the part of the victim. I'm sorry, Wade, but that's off the wall. I, for instance, acquired the virus when taking my machine into an "Authorized Commodore Service Center" here in the Boston area. I don't want to broadcast names, but they do a very major amount of service work for dealers (all over the country), so anybody can get it. The tech I worked with knew about the virus, but didn't have the software to fix it. Sadly, my experience with techs in these places is that they typically don't know more than how to handle a soldering iron, and this one was slamming in different workbench disks like it was going out of style - he had a big box full of variations, and I know they weren't checked. It was just lucky the disks weren't sitting in the pool of Coke at the back of his workbench. I kid you not. And he was touted as their sharpest tech. The virus is a _real_ problem that affects us all, even those of us (are we really so few?) who pay for what they use. Doug is 100% correct, and Commodore needs to send out virus checkers to their dealers and service centers, and educate as best they can. Or they lose a lot of biz. And we need to be diligent about checking our disks and not propogating the problem, especially stores and P.D. disk distributors. P.S. If anyone at Commodore cares, I'll gladly provide the name of the service center where I got the virus. I'm not sure what good it'd do at this stage - it was the "Wonderful" virus which we already know a good deal about and which is not as potentially dangerous as the disk wiper. -- Once in a while you get shown the light UUCP Address: in the strangest of places ...!{ihnp4,ulowell,ucbcad,gatech}!masscomp!rad if you look at it right! -Robert Hunter