VIRUS-L%LEHIIBM1@isaak.UUCP ("Virus Discussion List") (01/30/90)
VIRUS-L Digest Tuesday, 30 Jan 1990 Volume 3 : Issue 25
Today's Topics:
PC Magazine Free Utility: PCDATA (PC)
ADAPSO Virus Book
Security and Internet Worms (Source Code)
Article on Cliff Stoll
Did Morris try to stop the worm?
Yet Another WDEF Infection (Mac)
VAX Virus request and UMNEWS (general)
Yankee Doodle Virus
Prophylactic anti-viral suggestion
Possible new virus?? NUCLEUR WAR.
Universal virus detectors
Re: Virus request
Re: Virus request
Re: WDEF at University of Rochester (Mac)
re: 'Virus request' from Taiwan
WDEF Infection (Mac)
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's
LEHIIBM1.BITNET for BITNET folks). Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- Ken van Wyk
---------------------------------------------------------------------------
Date: 25 Jan 90 11:53:00 -0500
From: "zmudzinski, thomas" <zmudzinskit@imo-uvax.arpa>
Subject: PC Magazine Free Utility: PCDATA (PC)
PC Magazine, Vol 9 No 3, February 13, 1990, pp. 263-283, contains an
article by Wolfgang Stiller, "Protect Your Data with PCDATA, the Data
Integrity Toolkit". Stiller has put together an impressive array of
eight (8) programs and nineteen (19) BAT files designed "to detect and
recover from all data integrity threats, including viruses". This
toolkit is available "free" (i.e. no-fee bannerware) from "PC MagNet"
on CompuServe. (Buy the magazine to get the documentation.)
Would one or more of our virus gurus please download these utilities
and try them out? I'm sure we'd all like to know how these stand up
to various viruses.
/s/ Tom Zmudzinski Standard Disclaimer:
DCS Data Systems "Shill for these people?
McLean, Virginia Heck, I don't even know them!"
TomZ @ IMO-UVAX.DCA.MIL
------------------------------
Date: Mon, 29 Jan 90 10:58:50 -0500
From: Gene Spafford <spaf@cs.purdue.edu>
Subject: ADAPSO Virus Book
"Computer Viruses: Dealing with Electronic Vandalism and Programmed
Threats" by Eugene Spafford, Kathleen Heaphy, and David Ferbrache.
1989, 109 pages. Published by ADAPSO.
The book has been written to be an accessible resource guide for
computer users and managers (PC and mainframe). It presents a
high-level discussion of computer viruses, explaining how they work,
who writes them, and what they do. It is not intended to serve as a
technical reference on viruses, both because the audience for such a
work would be limited, and because such a reference might serve to aid
potential virus authors.
The goal of the book is to dispell some common myths about viruses
(and worms, trojan horses, et. al.), and provide simple, effective
suggestions for how to protect computer systems against these threats.
It furthermore stresses that most systems face greater threats from
other areas, so the proper attitude to take is to strengthen overall
security; concrete suggestions for enhancing overall security are also
presented.
The appendices provide extensive references to other publications,
security organizations, anti-viral software sources, applicable (U.S.)
state and Federal laws against computer crime, and detailed
descriptions of all IBM and Apple Macintosh viruses known as of 1
October 1990.
Although written for ADAPSO members, almost any computer user should
find it instructive. The appendices are an excellent source of
further information, addresses and phone numbers, and pointers to
software. At least one university professor has indicated he will use
the book in a security course, and some law enforcement agencies are
also considering using the book for instructional purposes.
The authors are interested in comments and feedback about the book,
especially in areas where information might be added. You can contact
them by sending mail to "virus-book@cs.purdue.edu"
Table of Contents:
Preface
Executive Summary
Introduction
Programmed Threats
Definitions
Damage
Authors
Entry
Summary
What is a Computer Virus?
Names
A History Lesson
Formal Structure
How do viruses spread?
The three stages of a virus's life
Replication strategies
Recognizing a viral infection
Dealing with Viruses
Prevention
Detection of a viral infection
Recovery
Summary
Security
A definition of security
Security as a goal
Risk assessment
Some General Approaches
Summary
Legal Issues
Criminal laws
Civil suits
Summary
Attitudes
Further Information on Viruses
Characteristic lengths
Names of Known Viruses
Known IBM PC viruses by Characteristics
Known Apple Macintosh Viruses
Characteristic resources for Mac viruses
Information on Anti-Viral Software
Selected reviews of Anti-viral Software
Easily obtained software
Internet Archives
Other Places to Look
Further Information on Legal Aspects of Viruses
Federal Laws
State Laws
Other Sources of Information
Further Reading and Resources
Organizations and Associations
Government Agencies
Journals and Newsletters
Other Readings
A copy can be ordered from
ADAPSO
1300 North Seventeenth St.
Suite 300
Arlington, VA 22209 USA
Attn: Mr. John Gracza
Single copies are $30. Copies ordered on university stationary or on
stationary of ADAPSO member companies is only $20, and $16 for the
second and subsequent copies.
Requests for review copies or special considerations should be
addressed directly to John Gracza. Copies have been given away to
ADAPSO member companies, and various state and Federal law enforcement
agencies, so check with others in your organization to see if a copy
isn't already available for review.
Overseas orders will be shipped surface mail. Overseas orders that
are to be shipped air mail should include an additional $10 for
postage.
All payment should be in US dollars, no cash or stamps.
------------------------------
Date: 29 Jan 90 13:24:00 -0400
From: "Andrew D'Uva" <aduva@guvax.georgetown.edu>
Subject: Security and Internet Worms (Source Code)
It seems that the information revolution has brought with it great
problems. These vast interconnected networks and systems now allow us
to transfer data and programs quickly and at little cost. The problem
lies in the fact that their level of integration opens them to
infection by worms and trojen horses. We have even had people ask for
source code for these programs! Is the solution, as Don Ingli wrote,
to set up some form of reporting mechanism to track these requests?
Sadly, I believe it is. In the United States a certain level of
privacy has been granted as a constitutional right. That privacy,
however, is not given rights status when it may be demonstrated to
contravene the public good. In the case of willful and malicious
network destruction/overload/etc, we can only hope that the network
authorities will take pains to trace these people. The problem, as I
see it, is that no unified network authority exists. We can hardly
expect to fight the problem without a centralized "clearing house" for
virus information. This list serves as one such clearing house.
However--we still have not (as far as I know) set up a worldwide
security group dedicated to addressing problems like these. Internet
is so large that this would be hard to do.
Yes, I believe that viral source code ought to be distributed and
studied-but under controlled conditions. The universities offer the
best hope of such a controlled setting. These problems must be
addressed. If, as we do in national security issues/clearances, the
focus remains on preventing the outflow of information we risk losing
these battles.
-
-------------------------------------------------------------------------------
- -
Andrew D'Uva
Georgetown University
Washington, D.C.
Internet: ADUVA@GUVAX.GEORGETOWN.EDU or 76106.3120@CompuServe.COM
Bitnet : ADUVA@GUVAX
CompuServe: 76106,3120
------------------------------
Date: 29 Jan 90 21:50:16 +0000
From: mel@milton.u.washington.edu (Mary Ellen Lee)
Subject: Article on Cliff Stoll
I hope someone will correct me if there's a better newsgroup for this:
The February issue of Smithsonian magazine has a breezy little article
on Cliff (Cuckoo's Egg) Stoll. Nice coverage of the man, the book, and
the "popularization" of computers in general. It's on page 20.
------------------------------
Date: Mon, 29 Jan 90 09:08:48 -0800
From: Jim Gillogly <jim%blaise@rand.org>
Subject: Did Morris try to stop the worm?
Geof Cooper said:
> One thing that makes me wonder: A newspaper article claims that Morris
> wanted to stop the worm when it started to get out of control, and
> decided that he wasn't able to. When the Internet group started to
> try and control it, why didn't he offer to help?
The following message was sent the morning after the network worm started.
My understanding is that it was sent by a friend of Morris. Checking the
"Received" times suggests that it it didn't arrive in time to do any good.
Jim Gillogly
--------- Forwarded message -------------
Received: from SRI-NIC.ARPA by rand.org; Sat, 5 Nov 88 03:20:10 PST
Received: from RELAY.CS.NET by SRI-NIC.ARPA with TCP; Fri, 4 Nov 88 23:23:24 PS
T
Received: from cs.brown.edu by RELAY.CS.NET id aa05627; 3 Nov 88 3:47 EST
Received: from iris.brown.edu (iris.ARPA) by cs.brown.edu (1.2/1.00)
id AA12595; Thu, 3 Nov 88 03:47:19 est
Received: from (128.103.1.92) with SMTP via tcp/ip
by iris.brown.edu on Thu, 3 Nov 88 03:34:46 EST
Message-Id: <8811030834.AA10454@iris.brown.edu>
Date: Thu, 3 Nov 88 03:34:13 EST
From: foo%bar.arpa@RELAY.CS.NET
To: tcp-ip@SRI-NIC.ARPA
A Possible virus report:
There may be a virus loose on the internet.
Here is the gist of a message Igot:
I'm sorry.
Here are some steps to prevent further transmission:
1) don't run fingerd, or fix it to not overrun its stack when reading
arguments.
2) recompile sendmail w/o DEBUG defined
3) don't run rexecd
Hope this helps, but more, I hope it is a hoax.
qui
------------------------------
Date: Mon, 29 Jan 90 13:01:38 -0500
From: "Gregory E. Gilbert" <C0195@UNIVSCVM.BITNET>
Subject: Yet Another WDEF Infection (Mac)
WDEF A has made it to The University of South Carolina. So far I have
only seen one person who has been infected. I am sure their will be more.
If anyone has any ideas how to control it in our Microlabs I would
appreciate hearing from them (any other experiences too.) Thanks and
happy hunting.
Greg
Postal address: Gregory E. Gilbert
Computer Services Division
University of South Carolina
Columbia, South Carolina USA 29208
(803) 777-6015
Acknowledge-To: <C0195@UNIVSCVM>
------------------------------
Date: Mon, 29 Jan 90 18:24:57 -0500
From: V2002A@TEMPLEVM.BITNET
Subject: VAX Virus request and UMNEWS (general)
Hi,
Having been a UMNEWS user for 2+ years, I thought that VIRUS-L
should know that ALL users of UMNEWS are required to register by E-MAIL
in order to use the service. When a new user issues the REGISTER
command the first time, they are sent a copy of the policy for using
UMNEWS.
The policy states explicitly that illegal and unethical use
of UMNEWS will not be tolerated. It also states that in registering,
the user has read and understood the policy document.
Clearly the request for a VAX virus was in direct violation of
the UMNEWS policy and the requestor stands a good chance of losing
all access to UMNEWS.
The policy document is available from UMNEWS@MAINE on bitnet.
The file name is UMBB POLICY
Andy Wing
Senior Analyst
Temple University School of Medicine
------------------------------
Date: Mon, 29 Jan 90 17:06:20 -0400
From: "Ghassan N. Alkhoja" <ALKHOJA@GWUVM.BITNET>
Subject: Yankee Doodle Virus
To all Virus experts,
Does anyone out there have any experience with the Yankee Doodle virus.
One of the departments on-campus here at GWU is infected with that virus.
I would appreciate all help that you can provide. Thank you.
Ghassan N. Alkhoja
Sr. Programmer/Analyst
Computer Information and Resource Center
The George Washington University
------------------------------
Date: 29 Jan 90 19:19:22 +0000
From: G.Toal@edinburgh.ac.uk
Subject: Prophylactic anti-viral suggestion
Dear net friends,
here is a suggestion which may help protect against trojans and viruses --
I haven't seen it mentioned on virus-l (although I've only been reading
it since the start of the Aids scare - the first time I've been personally
affected by viruses) so if I'm repeating an old idea please forgive me.
I use a computer made in the UK called the Acorn Archimedes -- it is a
proprietary RISC cpu, but I can use it with MSDOS programs because it comes
with a pretty good MSDOS emulator: a combination of a CPU emulator, device
emulator, and operating system emulator. (The device emulator attempts to
pass low-level calls like disk i/o through to the Archimedes' disk controller,
the MSDOS emulator runs an emulated ROM but also passes some BDOS commands
through to the host filing system -- for instance, drive F: could come off
a network drive in Archimedes format, not MSDOS. [The various parts
of the emulation are all implemented in software, I should make clear...]
It occurred to me that a similar program could be run on a *genuine*
MSDOS machine in order to provide a safety wrapper around any programs
which were run on that machine. (Ie it would still be an emulator, but
it would have a head-start in performance because the emulated CPU &
the real CPU were very similar :-) )
This 'emulator' (I'll call it a 'CPU condom' from now on) would therefore
be able to guarantee that any memory access only came from emulated memory --
no program would be able to muck around with real memory. It would only allow
access to the devices which the user chose to allow (eg, clock - yes,
disk controller - no); and it would trap all higher-level BDOS/BIOS calls
in order to ask the user (say by switching to an alternate screen display
and back again) whether he/she wanted to allow any particular file to
be written to.
The CPU condom would probably not be able to allow a full 640K to
the running program - I don't know - that's for MSDOS experts to work out.
With a program like this, you would be able to run any unknown code
with complete confidence. It could be parameterized so that particular
programs being run always were allowed to write only to specific directories,
to save users having to say 'yes' or 'no' every time a file was being
written.
Unfortunately, I don't have the expertise to write this myself, (I
know very little of MSDOS or 808X's and really don't want to waste brain-cells
learning it ;-) ) but the readership of this list is sufficiently wide
that writing such a system may appeal to someone.
Over & out,
regards,
Graham Toal <gtoal@ed.ac.uk>
PS If written portably, an MSDOS emulator which did solely file I/O
and screen/keyboard I/O would be usable on other systems -- especially
useful for things like unpacking self-extracting .exe files on unix
mainframes -- almost impossible otherwise. (I have countless numbers
of archive unpackers on our local Unix machine to save telephone
bandwidth when I fetch something from a server and discover I only
want 15% of the archive it came in!)
------------------------------
Date: 30 Jan 90 01:03:10 +0000
From: munnari!dbrmelb.oz.au!steveo@dbrmelb.dbrhi.OZ (Stephen Oakes)
Subject: Possible new virus?? NUCLEUR WAR.
A Friend Of A Friend had this happen on his XT upon booting from the
Hard Disc. A message appeared saying something like:
" Welcome Home !!!!
I have had a good rest, have you?
Now, lets get down to business.
Do you want ... THERMO NUCLEUR WAR!
Press any Key to continue.
"
(I'm not sure if "NUCLEAR" was originally mispelt, or copied down
incorrectly)
The FOAF immediately switched his computer off, and is now preparing
to reformat his Hard disc. If this is a virus, it probably came form
games software which the FOAF copied from A Friend. I know nothing
about where the FOAFOAF gets his software.
Anyone know anything about this one?
Stephen Oakes : steveo@dbrmelb.dbrhi.oz
------------------------------
Date: Mon, 29 Jan 90 23:34:00 -0500
From: Leichter-Jerry@CS.YALE.EDU
Subject: Universal virus detectors
All this debate about whether virus detection is equivalent to the
halting problem, whether real CPU's are best modeled and FSA's or
Turing machines, and so on, is interesting but in a deep sense
completely irrelevant.
With simple hardware support, one can design a system in which all
viruses are trivial detectable.
Technique: The hardware will maintain, in both memory and
on disk, an "is executable code flag". For practicality,
assume this is done on a block-by-block basis say in units
of a K.
The hardware enforces the following rules:
1. Any attempt to execute code from a memory block which
is not marked executable fails.
2. The only way to write into a block of memory that is
marked executable is from a disk block marked executable.
3. Any attempt to write to a disk block marked executable
fails. (To write to such a block, the executable flag must
first be cleared.)
4. Any disk block can be marked executable at any time.
Memory blocks are marked executable only by reading execu-
table disk blocks into them.
5. Associated with every disk block is a time stamp. When
a block is marked executable, the hardware updates its time-
stamp.
6. The system comes with physical ROM blocks, marked exe-
cutable, which contain at least the code needed to display
the timestamps on all executable blocks.
One could obviously come up with a simpler system - e.g., just keep a
timestamp on EVERY block - but this one is close to practical. The
sticky spot is 4, which makes it impossible to build executable code
without going through the disk. Building disk caches for such a
system would also be a complex undertaking. On the other hand, the
rules are so simple that one could attain a very high degree of
confidence that the hardware was enforcing them correctly.
Why does this work, despite all the proofs? (Note that it works just
fine even if the disk is assumed to be infinite, in which case the
machine is a Turing machine. If you are worried about the theoretical
problem of repeated time-stamps - just use variable-length
time-stamps, which are no problem on an infinite disk.) It works
because none of the standard models have anything that corresponds to
the timestamp: Memory that can be written by the system, but not by
externally-controllable code within the system.
-- Jerry
------------------------------
Date: 30 Jan 90 04:45:11 +0000
From: annala%neuro.usc.edu@usc.edu (A J Annala)
Subject: Re: Virus request
>> > Dose anyone have a idea about VAX Virus? Or interesting on
>> > it? I think the most difficult point is how to spread it
>> > out. So if someone has any bright idea, contact with me.
>
>What as a whole can the computer industry do to help prevent individuals
>like this from the potential releasing of these viruses(viri?) into the
>vast networks?? Should it be illegal to own or transmit virus source
>(for non-security personnel)?? Also, should there be an international
>watchdog agency set up to investigate such requests?? Should the
>CIA/FBI/FCC be involved in cooperation with IBM/DEC/AT&T/etc.. to form a
>task force along with our list's virus expert? Has anyone contacted this
>person's administration along with MAINE's and BITNIC/BITNET administration?
>Right now, its up to us to report these requests and its the responsibility
>of MAINE to act on requests submitted via UMNEWS.
>
>Can we make it illegal to have virus sources without stomping on our
>constitutional rights?? What about other countries??
>
>Obviously this particular Taiwanese knows little about VAX networking and
>uses of viruses(worms) in those networking facilities.
There are people who write computer programs (including viruses) and there
are people who only use computer programs (including viruses). It would
appear that the originator of the request for a VAX Virus is a member of
the latter group. While it is rather amusing that the requestor could be
so terribly naive as to post his note to a public newsgroup, I seriously
doubt he would be sufficiently competent to introduce a virus into DECNET,
SNA, TCP based networks. Calling out the computer gestapo in this case may
seem a little heavy handed. Perhaps someone would consider sending him a
friendly note explaining the damaging potential of actually introducing one
of the responses to his request into a live computer network. One might be
tempted to highlight the potential administrative/regulatory response to the
actual use of the information gleaned from his request.
NO. One cannot forbid the possession of sources, linkable objects, or even
executables for a virus without doing fundamental harm to the Bill of Rights.
Viruses may be an unpopular idea ... but the protection of the right of the
individual to free expression of his ideas ... and the right to share those
ideas with other people is fundamental to the concept of a free society. If
one encroaches on the fundamental right of free speech (including writing)
then one does fundamental damage to our constitutional guarantees. Moreover,
even if you would allow such a prohibition in spite of it's constitutional
implications, the regulation would most likely be unenforceably broad. It
would be all but impossible to distinguish the program category "virus" from
other less virulent programs. Let's keep to prosecuting harmful use of such
material rather than mere possession of unpopular ideas.
AJ
------------------------------
Date: 30 Jan 90 06:34:49 +0000
From: khijol!erc@cs.utexas.edu (Ed Carp, aka Mr. Ed the talking horse...)
Subject: Re: Virus request
woodb!scsmo1!don@cs.UMD.EDU writes:
>He will probably get a few replies as well as some sources. What as a
>whole can the computer industry do to help prevent individuals like
>this from the potential releasing of these viruses(viri?) into the
>vast networks??
Not a whole lot, except to take reasonable security precautions.
>Should it be illegal to own or transmit virus source (for non-security
>personnel)??
No. How would you define the term "security personnel"? I can write
a virus with a little effort. Does this make me a criminal? Of
course not! Similarly, I have a complete set of lockpicking tools.
Does this make me a criminal? Again, the answer is no. It's not the
tool, it's the use of the tool. Remember, you can design a workable
atomic bomb from documents that you can find at most any large public
library. Why should it be different for anything else? Let's not get
swept up in this anti-virus hysteria -- let's see some reason.
>Also, should there be an international watchdog agency set up to
>investigate such requests?? Should the CIA/FBI/FCC be involved in
>cooperation with IBM/DEC/AT&T/etc.. to form a task force along with
>our list's virus expert?
I think this is going a bit overboard. Sounds like paranoid hysteria.
>Has anyone contacted this person's administration along with MAINE's
>and BITNIC/BITNET administration?
>Right now, its up to us to report these requests and its the
>responsibility of MAINE to act on requests submitted via UMNEWS.
Really? Who appointed "us" net.police? Or net.censor?
>Can we make it illegal to have virus sources without stomping on our
>constitutional rights?? What about other countries??
I doubt it.
Right after the Internet virus was released, I saw several postings
requesting source for the virus. Sure, there were probably net.idiots
who wanted to take the source, hack it up, and re-release it, but
there were obviously sincere, rational investigators who wanted to
investigate the virus, tear it apart, figure out just how it worked,
and then build a better virus-catcher. There are people who are out
there who make money by doing this sort of thing. Are you suggesting
that the people who have already become established (known) in the
field have some sort of exclusive on source? Who appointed Gene
Spafford the net.virus.god? This is NOT a flame against Gene, but I
have a dim view of folks who want to set up Gene and others like him
on a pedestal. I respect Gene's abilities in his field, but there are
lots of programmers who can do the same thing.
If someone wants to write a virus, he can sure do it without having
access to source. Who's going to judge? If I ask for source (hey,
Gene, can you mail me the latest source to the Internet virus?), does
that make me automatically suspect? Am I a "bad guy"? I could forge
my mail address, looking like I come from IBM's Virus Research Group
(thinking about it, I don't really *need* to forge THAT), send Gene a
request, then, when I get the source, use it for my own nefarious
purposes. Alternately, I could be doing genuine virus research for
defending AIX against viruses. There IS such work going on, you know.
I could even be legit. I sub-contract for IBM. This gives me access
to IBM's facilities, phones, etc. I could pose as a virus research
(or even BE a virus researcher), get the source, and do whatever.
Just because one is a "security expert" doesn't make them a "good guy"; just
because one isn't doesn't make them a "bad guy".
- --
Ed Carp N7EKG/5 (28.3-28.5) uunet!cs.utexas.edu!khijol!erc
Austin, Texas (512) 832-5884 "Good tea. Nice house." - Worf
"Love in any language, fluently spoken here" -- sung by Sandi Patti
------------------------------
Date: 30 Jan 90 05:22:52 +0000
From: wcpl_ltd@uhura.cc.rochester.edu (Wing Leung)
Subject: Re: WDEF at University of Rochester (Mac)
WDEF B is found in University of Rochester. Tonight I've found
one of my disk crash due to a problem in the Desktop file. After recovering
it at the Computer Center, we use Disinfectant 1.5 to scan the Desktop file
and WDEF B is found. My friend use it to scan his disks too. The earliest
infection found so far is on 22nd Jan.
Peter
_ _ ____ ____ _ * Internet: wcpl_ltd@uhura.cc.rochester.edu
(/ / // / // ) (/ * BITNET : WCPL_LTD@UORDBV
/ / / // //___/ _/ * DecNet : UORHEP::PETER
/_/_/ //__/ // _/\___/ * UUCP : ...rochester!uhura!wcpl_ltd
------------------------------
Date: Tue, 30 Jan 90 11:54:32 +0000
From: "Dr. A. Wood" <XPUM01@prime-a.central-services.umist.ac.uk>
Subject: re: 'Virus request' from Taiwan
......Re this message:-
From: IN%"UMNEWS@MAINE.BITNET" "Vax discussion" 21-JAN-1990 23:11:59.77
Subj: <Vax 85> Virus on VAX
From: 7811100@TWNCTU01.BITNET
Hi! Does anyone have a idea about VAX Virus? Or interesting on it? I
think the most difficult point is how to spread it out. So if someone
has any bright idea, contact with me. James Huang
......and this reply to it:-
Date: Thu, 25 Jan 90 12:08:35 -0500
From: woodb!scsmo1!don@cs.UMD.EDU
Subject: RE: Virus request
Here is a message from UMNews's Vax discussion list. I thought the
list should know about this. The node is Taiwanese. This is insane.
Obviously this particular Taiwanese knows little about VAX networking
and uses of viruses (worms) in those networking facilities. He will
probably get a few replies as well as some sources. What as a whole
can the computer industry do to help prevent individuals like this
from the potential releasing of these viruses into the vast networks??
Should it be illegal to own or transmit virus source (for non-security
personnel)?? Also, should there be an international watchdog agency
set up to investigate such requests?? Should the CIA/FBI/FCC be
involved in cooperation with IBM/DEC/AT&T/etc.. to form a task force
along with our list's virus expert? Has anyone contacted this person's
administration along with MAINE's and BITNIC/BITNET administration?
<etc etc>
.............................................................................
If James Huang is Taiwanese, then his first and most familiar language
is likely not English but Chinese, and likely he committed no computer
ethical error but merely a language blunder, namely the common capital
offence of 'unclear use of a pronoun'! <WOODB!SCSMO1!DON@CS.UMD.EDU>,
in the course of emptying his flamethrower down the computer link at
the unfortunate Huang, seems to imply that Huang meant "I want to
spread VAX virus". But Huang could also have intended to say "I want
to spread news about how to notice and combat VAX virus"
- - which is what Virus-L is for!!
{A.Appleyard} (email: APPLEYARD@UK.AC.UMIST), Tue, 30 Jan 90 11:25:08 GMT
------------------------------
Date: Tue, 30 Jan 90 08:18:29 -0500
From: Jim Ennis <JIM@UCF1VM.BITNET>
Subject: WDEF Infection (Mac)
Hello,
We had a WDEF infection of our Mac lab at the University of Central
Florida. The person fixing the viruses traced the source back to a
local copy center which has some Mac for use on a hourly basis and
students brought their infected disks from the store to our Mac lab.
The person who kills viruses for us has cleaned up the Macs in our
lab.
-----------------------------------------------------------------------------
Jim Ennis
UCF - Computer Services
JIM@UCF1VM.BITNET
------------------------------
End of VIRUS-L Digest
*********************