jack@cs.glasgow.ac.uk (Mr Jack Campin) (04/27/88)
I had not heard about the StuffIt virus rumour till I saw it in this
newsgroup. I am not ordinarily paranoid about such things, but I just got the
following behaviour: I was using StuffIt 1.31 to unpack a recursively PackIted
file, or rather I had already done the unpacking and was scanning through the
intermediate level files to note down the hierarchical structure. After doing
a few files I got the sort of crash that sounds like your Mac being executed
by firing squad, with an accompanying flurry of dashes on the screen. Now I
find I have two folders, one on a hard disk and the other on a floppy, which
ought to have the same size - the files in them appear identical - but which
actually differ by 1K (the hard disk one being larger).
This suggests to me that something obscure has happened to my DeskTop file.
I believe this is what one of the known viruses does. I have looked around a
bit with Vaccination to no effect; I have Virus Warning INIT and Vaccine but
with no documentation on what either of them does (was there any?) I have no
intention of using them. The version of StuffIt I am using came directly off
the net.
I am running System B1-3.2 (and will not change to a 4.x version until Apple
produces one with a superset of its functionality!) and Finder B1-5.3.
Informed comments, anyone?
--
ARPA: jack%cs.glasgow.ac.uk@nss.cs.ucl.ac.uk USENET: jack@cs.glasgow.uucp
JANET:jack@uk.ac.glasgow.cs useBANGnet: ...mcvax!ukc!cs.glasgow.ac.uk!jack
Mail: Jack Campin, Computing Science Dept., Glasgow Univ., 17 Lilybank Gardens,
Glasgow G12 8QQ, SCOTLAND work 041 339 8855 x 6045; home 041 556 1878Fabian_Fabe_Ramirez@cup.portal.com (04/30/88)
Jack, Please note that only a "tampered" version of StuffIt v1.20, that originated somewhere in Texas, caused this "problem" with StuffIt! If you got v1.31 from another source or from a direct download from CompuServe, it isn't "infected." Ray has recently released version 1.40A and it isn't "infected" either. If you have an "infection," I'd recommend using either Interferon 2.0 and Ferret 1.1 to "diagnose" your stuff. Fabian Ramirez fabian_fabe_ramirez@cup.portal.com sun!cup.portal.com!fabian_fabe_ramirez
jack@cs.glasgow.ac.uk (Mr Jack Campin) (05/03/88)
Expires: Sender: Followup-To: Keywords: In article <4964@cup.portal.com> Fabian_Fabe_Ramirez@cup.portal.com writes: >Please note that only a "tampered" version of StuffIt v1.20, that originated >somewhere in Texas, caused this "problem" with StuffIt! If you got v1.31 from >another source or from a direct download from CompuServe, it isn't "infected." >If you have an "infection," I'd recommend using either Interferon 2.0 and >Ferret 1.1 to "diagnose" your stuff. Thanks, Fabian. I'm glad to have been proved wrong on that one. However: those antiviral programs, and certain others people have mentioned to me in email, have not appeared on the net. Surely they are a higher priority than some of the dross that comp.binaries.mac has been putting out lately? (An umpteen-part Hypercard stack for filling in American tax forms, broadcast to the entire WORLD???) How about posting them? I assume it's a waste of time trying to prod comp.binaries.mac into action, so why not misc.security? - that's a moderated newsgroup too, hence somewhat trustworthy. Ultimately we are likely to need a sci.med.binaries.mac :-). -- ARPA: jack%cs.glasgow.ac.uk@nss.cs.ucl.ac.uk USENET: jack@cs.glasgow.uucp JANET:jack@uk.ac.glasgow.cs useBANGnet: ...mcvax!ukc!cs.glasgow.ac.uk!jack Mail: Jack Campin, Computing Science Dept., Glasgow Univ., 17 Lilybank Gardens, Glasgow G12 8QQ, SCOTLAND work 041 339 8855 x 6045; home 041 556 1878
jack@cs.glasgow.ac.uk (Mr Jack Campin) (05/03/88)
Expires: Sender: Followup-To: Keywords: Newsgroups: comp.sys.mac Subject: Re: StuffIt 1.31 and virus paranoia Summary: Expires: References: <1035@crete.cs.glasgow.ac.uk> <4964@cup.portal.com> Sender: Reply-To: jack@cs.glasgow.ac.uk (Jack Campin) Followup-To: Distribution: Organization: PISA Project, Glesga Yoonie Keywords: In article <4964@cup.portal.com> Fabian_Fabe_Ramirez@cup.portal.com writes: >Please note that only a "tampered" version of StuffIt v1.20, that originated >somewhere in Texas, caused this "problem" with StuffIt! If you got v1.31 from >another source or from a direct download from CompuServe, it isn't "infected." >If you have an "infection," I'd recommend using either Interferon 2.0 and >Ferret 1.1 to "diagnose" your stuff. Thanks, Fabian. I'm glad to have been proved wrong on that one. However: those antiviral programs, and certain others people have mentioned to me in email, have not appeared on the net. Surely they are a higher priority than some of the dross that comp.binaries.mac has been putting out lately? (An umpteen-part Hypercard stack for filling in American tax forms, broadcast to the entire WORLD???) How about posting them? I assume it's a waste of time trying to prod comp.binaries.mac into action, so why not misc.security? - that's a moderated newsgroup too, hence somewhat trustworthy. Ultimately we are likely to need a sci.med.binaries.mac :-). -- ARPA: jack%cs.glasgow.ac.uk@nss.cs.ucl.ac.uk USENET: jack@cs.glasgow.uucp JANET:jack@uk.ac.glasgow.cs useBANGnet: ...mcvax!ukc!cs.glasgow.ac.uk!jack Mail: Jack Campin, Computing Science Dept., Glasgow Univ., 17 Lilybank Gardens, Glasgow G12 8QQ, SCOTLAND work 041 339 8855 x 6045; home 041 556 1878
macman@ethz.UUCP (Danny Schwendener) (05/04/88)
In article <4964@cup.portal.com> Fabian_Fabe_Ramirez@cup.portal.com writes: >If you have an "infection," I'd recommend using either Interferon 2.0 and >Ferret 1.1 to "diagnose" your stuff. We haven't seen these utilities on this side of the Misty Mountains. :-) Could someone post them to us ? We have a few thousand Macintoshes here and really need them! Thanks in advance. +-----------------------------------------------------------------------+ | Mail : Danny Schwendener, ETH Macintosh Support Center | | Swiss Federal Institute of Technology, CH-8092 Zuerich | | Bitnet : macman@czheth5a UUCP : {cernvax,mcvax}ethz!macman | | Ean : macman@ifi.ethz.ch Voice : yodel three times | +-----------------------------------------------------------------------+