VIRUS-L%LEHIIBM1@isaak.UUCP ("Virus Discussion List") (01/30/90)
VIRUS-L Digest Tuesday, 30 Jan 1990 Volume 3 : Issue 25 Today's Topics: PC Magazine Free Utility: PCDATA (PC) ADAPSO Virus Book Security and Internet Worms (Source Code) Article on Cliff Stoll Did Morris try to stop the worm? Yet Another WDEF Infection (Mac) VAX Virus request and UMNEWS (general) Yankee Doodle Virus Prophylactic anti-viral suggestion Possible new virus?? NUCLEUR WAR. Universal virus detectors Re: Virus request Re: Virus request Re: WDEF at University of Rochester (Mac) re: 'Virus request' from Taiwan WDEF Infection (Mac) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, document, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@SEI.CMU.EDU. - Ken van Wyk --------------------------------------------------------------------------- Date: 25 Jan 90 11:53:00 -0500 From: "zmudzinski, thomas" <zmudzinskit@imo-uvax.arpa> Subject: PC Magazine Free Utility: PCDATA (PC) PC Magazine, Vol 9 No 3, February 13, 1990, pp. 263-283, contains an article by Wolfgang Stiller, "Protect Your Data with PCDATA, the Data Integrity Toolkit". Stiller has put together an impressive array of eight (8) programs and nineteen (19) BAT files designed "to detect and recover from all data integrity threats, including viruses". This toolkit is available "free" (i.e. no-fee bannerware) from "PC MagNet" on CompuServe. (Buy the magazine to get the documentation.) Would one or more of our virus gurus please download these utilities and try them out? I'm sure we'd all like to know how these stand up to various viruses. /s/ Tom Zmudzinski Standard Disclaimer: DCS Data Systems "Shill for these people? McLean, Virginia Heck, I don't even know them!" TomZ @ IMO-UVAX.DCA.MIL ------------------------------ Date: Mon, 29 Jan 90 10:58:50 -0500 From: Gene Spafford <spaf@cs.purdue.edu> Subject: ADAPSO Virus Book "Computer Viruses: Dealing with Electronic Vandalism and Programmed Threats" by Eugene Spafford, Kathleen Heaphy, and David Ferbrache. 1989, 109 pages. Published by ADAPSO. The book has been written to be an accessible resource guide for computer users and managers (PC and mainframe). It presents a high-level discussion of computer viruses, explaining how they work, who writes them, and what they do. It is not intended to serve as a technical reference on viruses, both because the audience for such a work would be limited, and because such a reference might serve to aid potential virus authors. The goal of the book is to dispell some common myths about viruses (and worms, trojan horses, et. al.), and provide simple, effective suggestions for how to protect computer systems against these threats. It furthermore stresses that most systems face greater threats from other areas, so the proper attitude to take is to strengthen overall security; concrete suggestions for enhancing overall security are also presented. The appendices provide extensive references to other publications, security organizations, anti-viral software sources, applicable (U.S.) state and Federal laws against computer crime, and detailed descriptions of all IBM and Apple Macintosh viruses known as of 1 October 1990. Although written for ADAPSO members, almost any computer user should find it instructive. The appendices are an excellent source of further information, addresses and phone numbers, and pointers to software. At least one university professor has indicated he will use the book in a security course, and some law enforcement agencies are also considering using the book for instructional purposes. The authors are interested in comments and feedback about the book, especially in areas where information might be added. You can contact them by sending mail to "virus-book@cs.purdue.edu" Table of Contents: Preface Executive Summary Introduction Programmed Threats Definitions Damage Authors Entry Summary What is a Computer Virus? Names A History Lesson Formal Structure How do viruses spread? The three stages of a virus's life Replication strategies Recognizing a viral infection Dealing with Viruses Prevention Detection of a viral infection Recovery Summary Security A definition of security Security as a goal Risk assessment Some General Approaches Summary Legal Issues Criminal laws Civil suits Summary Attitudes Further Information on Viruses Characteristic lengths Names of Known Viruses Known IBM PC viruses by Characteristics Known Apple Macintosh Viruses Characteristic resources for Mac viruses Information on Anti-Viral Software Selected reviews of Anti-viral Software Easily obtained software Internet Archives Other Places to Look Further Information on Legal Aspects of Viruses Federal Laws State Laws Other Sources of Information Further Reading and Resources Organizations and Associations Government Agencies Journals and Newsletters Other Readings A copy can be ordered from ADAPSO 1300 North Seventeenth St. Suite 300 Arlington, VA 22209 USA Attn: Mr. John Gracza Single copies are $30. Copies ordered on university stationary or on stationary of ADAPSO member companies is only $20, and $16 for the second and subsequent copies. Requests for review copies or special considerations should be addressed directly to John Gracza. Copies have been given away to ADAPSO member companies, and various state and Federal law enforcement agencies, so check with others in your organization to see if a copy isn't already available for review. Overseas orders will be shipped surface mail. Overseas orders that are to be shipped air mail should include an additional $10 for postage. All payment should be in US dollars, no cash or stamps. ------------------------------ Date: 29 Jan 90 13:24:00 -0400 From: "Andrew D'Uva" <aduva@guvax.georgetown.edu> Subject: Security and Internet Worms (Source Code) It seems that the information revolution has brought with it great problems. These vast interconnected networks and systems now allow us to transfer data and programs quickly and at little cost. The problem lies in the fact that their level of integration opens them to infection by worms and trojen horses. We have even had people ask for source code for these programs! Is the solution, as Don Ingli wrote, to set up some form of reporting mechanism to track these requests? Sadly, I believe it is. In the United States a certain level of privacy has been granted as a constitutional right. That privacy, however, is not given rights status when it may be demonstrated to contravene the public good. In the case of willful and malicious network destruction/overload/etc, we can only hope that the network authorities will take pains to trace these people. The problem, as I see it, is that no unified network authority exists. We can hardly expect to fight the problem without a centralized "clearing house" for virus information. This list serves as one such clearing house. However--we still have not (as far as I know) set up a worldwide security group dedicated to addressing problems like these. Internet is so large that this would be hard to do. Yes, I believe that viral source code ought to be distributed and studied-but under controlled conditions. The universities offer the best hope of such a controlled setting. These problems must be addressed. If, as we do in national security issues/clearances, the focus remains on preventing the outflow of information we risk losing these battles. - ------------------------------------------------------------------------------- - - Andrew D'Uva Georgetown University Washington, D.C. Internet: ADUVA@GUVAX.GEORGETOWN.EDU or 76106.3120@CompuServe.COM Bitnet : ADUVA@GUVAX CompuServe: 76106,3120 ------------------------------ Date: 29 Jan 90 21:50:16 +0000 From: mel@milton.u.washington.edu (Mary Ellen Lee) Subject: Article on Cliff Stoll I hope someone will correct me if there's a better newsgroup for this: The February issue of Smithsonian magazine has a breezy little article on Cliff (Cuckoo's Egg) Stoll. Nice coverage of the man, the book, and the "popularization" of computers in general. It's on page 20. ------------------------------ Date: Mon, 29 Jan 90 09:08:48 -0800 From: Jim Gillogly <jim%blaise@rand.org> Subject: Did Morris try to stop the worm? Geof Cooper said: > One thing that makes me wonder: A newspaper article claims that Morris > wanted to stop the worm when it started to get out of control, and > decided that he wasn't able to. When the Internet group started to > try and control it, why didn't he offer to help? The following message was sent the morning after the network worm started. My understanding is that it was sent by a friend of Morris. Checking the "Received" times suggests that it it didn't arrive in time to do any good. Jim Gillogly --------- Forwarded message ------------- Received: from SRI-NIC.ARPA by rand.org; Sat, 5 Nov 88 03:20:10 PST Received: from RELAY.CS.NET by SRI-NIC.ARPA with TCP; Fri, 4 Nov 88 23:23:24 PS T Received: from cs.brown.edu by RELAY.CS.NET id aa05627; 3 Nov 88 3:47 EST Received: from iris.brown.edu (iris.ARPA) by cs.brown.edu (1.2/1.00) id AA12595; Thu, 3 Nov 88 03:47:19 est Received: from (128.103.1.92) with SMTP via tcp/ip by iris.brown.edu on Thu, 3 Nov 88 03:34:46 EST Message-Id: <8811030834.AA10454@iris.brown.edu> Date: Thu, 3 Nov 88 03:34:13 EST From: foo%bar.arpa@RELAY.CS.NET To: tcp-ip@SRI-NIC.ARPA A Possible virus report: There may be a virus loose on the internet. Here is the gist of a message Igot: I'm sorry. Here are some steps to prevent further transmission: 1) don't run fingerd, or fix it to not overrun its stack when reading arguments. 2) recompile sendmail w/o DEBUG defined 3) don't run rexecd Hope this helps, but more, I hope it is a hoax. qui ------------------------------ Date: Mon, 29 Jan 90 13:01:38 -0500 From: "Gregory E. Gilbert" <C0195@UNIVSCVM.BITNET> Subject: Yet Another WDEF Infection (Mac) WDEF A has made it to The University of South Carolina. So far I have only seen one person who has been infected. I am sure their will be more. If anyone has any ideas how to control it in our Microlabs I would appreciate hearing from them (any other experiences too.) Thanks and happy hunting. Greg Postal address: Gregory E. Gilbert Computer Services Division University of South Carolina Columbia, South Carolina USA 29208 (803) 777-6015 Acknowledge-To: <C0195@UNIVSCVM> ------------------------------ Date: Mon, 29 Jan 90 18:24:57 -0500 From: V2002A@TEMPLEVM.BITNET Subject: VAX Virus request and UMNEWS (general) Hi, Having been a UMNEWS user for 2+ years, I thought that VIRUS-L should know that ALL users of UMNEWS are required to register by E-MAIL in order to use the service. When a new user issues the REGISTER command the first time, they are sent a copy of the policy for using UMNEWS. The policy states explicitly that illegal and unethical use of UMNEWS will not be tolerated. It also states that in registering, the user has read and understood the policy document. Clearly the request for a VAX virus was in direct violation of the UMNEWS policy and the requestor stands a good chance of losing all access to UMNEWS. The policy document is available from UMNEWS@MAINE on bitnet. The file name is UMBB POLICY Andy Wing Senior Analyst Temple University School of Medicine ------------------------------ Date: Mon, 29 Jan 90 17:06:20 -0400 From: "Ghassan N. Alkhoja" <ALKHOJA@GWUVM.BITNET> Subject: Yankee Doodle Virus To all Virus experts, Does anyone out there have any experience with the Yankee Doodle virus. One of the departments on-campus here at GWU is infected with that virus. I would appreciate all help that you can provide. Thank you. Ghassan N. Alkhoja Sr. Programmer/Analyst Computer Information and Resource Center The George Washington University ------------------------------ Date: 29 Jan 90 19:19:22 +0000 From: G.Toal@edinburgh.ac.uk Subject: Prophylactic anti-viral suggestion Dear net friends, here is a suggestion which may help protect against trojans and viruses -- I haven't seen it mentioned on virus-l (although I've only been reading it since the start of the Aids scare - the first time I've been personally affected by viruses) so if I'm repeating an old idea please forgive me. I use a computer made in the UK called the Acorn Archimedes -- it is a proprietary RISC cpu, but I can use it with MSDOS programs because it comes with a pretty good MSDOS emulator: a combination of a CPU emulator, device emulator, and operating system emulator. (The device emulator attempts to pass low-level calls like disk i/o through to the Archimedes' disk controller, the MSDOS emulator runs an emulated ROM but also passes some BDOS commands through to the host filing system -- for instance, drive F: could come off a network drive in Archimedes format, not MSDOS. [The various parts of the emulation are all implemented in software, I should make clear...] It occurred to me that a similar program could be run on a *genuine* MSDOS machine in order to provide a safety wrapper around any programs which were run on that machine. (Ie it would still be an emulator, but it would have a head-start in performance because the emulated CPU & the real CPU were very similar :-) ) This 'emulator' (I'll call it a 'CPU condom' from now on) would therefore be able to guarantee that any memory access only came from emulated memory -- no program would be able to muck around with real memory. It would only allow access to the devices which the user chose to allow (eg, clock - yes, disk controller - no); and it would trap all higher-level BDOS/BIOS calls in order to ask the user (say by switching to an alternate screen display and back again) whether he/she wanted to allow any particular file to be written to. The CPU condom would probably not be able to allow a full 640K to the running program - I don't know - that's for MSDOS experts to work out. With a program like this, you would be able to run any unknown code with complete confidence. It could be parameterized so that particular programs being run always were allowed to write only to specific directories, to save users having to say 'yes' or 'no' every time a file was being written. Unfortunately, I don't have the expertise to write this myself, (I know very little of MSDOS or 808X's and really don't want to waste brain-cells learning it ;-) ) but the readership of this list is sufficiently wide that writing such a system may appeal to someone. Over & out, regards, Graham Toal <gtoal@ed.ac.uk> PS If written portably, an MSDOS emulator which did solely file I/O and screen/keyboard I/O would be usable on other systems -- especially useful for things like unpacking self-extracting .exe files on unix mainframes -- almost impossible otherwise. (I have countless numbers of archive unpackers on our local Unix machine to save telephone bandwidth when I fetch something from a server and discover I only want 15% of the archive it came in!) ------------------------------ Date: 30 Jan 90 01:03:10 +0000 From: munnari!dbrmelb.oz.au!steveo@dbrmelb.dbrhi.OZ (Stephen Oakes) Subject: Possible new virus?? NUCLEUR WAR. A Friend Of A Friend had this happen on his XT upon booting from the Hard Disc. A message appeared saying something like: " Welcome Home !!!! I have had a good rest, have you? Now, lets get down to business. Do you want ... THERMO NUCLEUR WAR! Press any Key to continue. " (I'm not sure if "NUCLEAR" was originally mispelt, or copied down incorrectly) The FOAF immediately switched his computer off, and is now preparing to reformat his Hard disc. If this is a virus, it probably came form games software which the FOAF copied from A Friend. I know nothing about where the FOAFOAF gets his software. Anyone know anything about this one? Stephen Oakes : steveo@dbrmelb.dbrhi.oz ------------------------------ Date: Mon, 29 Jan 90 23:34:00 -0500 From: Leichter-Jerry@CS.YALE.EDU Subject: Universal virus detectors All this debate about whether virus detection is equivalent to the halting problem, whether real CPU's are best modeled and FSA's or Turing machines, and so on, is interesting but in a deep sense completely irrelevant. With simple hardware support, one can design a system in which all viruses are trivial detectable. Technique: The hardware will maintain, in both memory and on disk, an "is executable code flag". For practicality, assume this is done on a block-by-block basis say in units of a K. The hardware enforces the following rules: 1. Any attempt to execute code from a memory block which is not marked executable fails. 2. The only way to write into a block of memory that is marked executable is from a disk block marked executable. 3. Any attempt to write to a disk block marked executable fails. (To write to such a block, the executable flag must first be cleared.) 4. Any disk block can be marked executable at any time. Memory blocks are marked executable only by reading execu- table disk blocks into them. 5. Associated with every disk block is a time stamp. When a block is marked executable, the hardware updates its time- stamp. 6. The system comes with physical ROM blocks, marked exe- cutable, which contain at least the code needed to display the timestamps on all executable blocks. One could obviously come up with a simpler system - e.g., just keep a timestamp on EVERY block - but this one is close to practical. The sticky spot is 4, which makes it impossible to build executable code without going through the disk. Building disk caches for such a system would also be a complex undertaking. On the other hand, the rules are so simple that one could attain a very high degree of confidence that the hardware was enforcing them correctly. Why does this work, despite all the proofs? (Note that it works just fine even if the disk is assumed to be infinite, in which case the machine is a Turing machine. If you are worried about the theoretical problem of repeated time-stamps - just use variable-length time-stamps, which are no problem on an infinite disk.) It works because none of the standard models have anything that corresponds to the timestamp: Memory that can be written by the system, but not by externally-controllable code within the system. -- Jerry ------------------------------ Date: 30 Jan 90 04:45:11 +0000 From: annala%neuro.usc.edu@usc.edu (A J Annala) Subject: Re: Virus request >> > Dose anyone have a idea about VAX Virus? Or interesting on >> > it? I think the most difficult point is how to spread it >> > out. So if someone has any bright idea, contact with me. > >What as a whole can the computer industry do to help prevent individuals >like this from the potential releasing of these viruses(viri?) into the >vast networks?? Should it be illegal to own or transmit virus source >(for non-security personnel)?? Also, should there be an international >watchdog agency set up to investigate such requests?? Should the >CIA/FBI/FCC be involved in cooperation with IBM/DEC/AT&T/etc.. to form a >task force along with our list's virus expert? Has anyone contacted this >person's administration along with MAINE's and BITNIC/BITNET administration? >Right now, its up to us to report these requests and its the responsibility >of MAINE to act on requests submitted via UMNEWS. > >Can we make it illegal to have virus sources without stomping on our >constitutional rights?? What about other countries?? > >Obviously this particular Taiwanese knows little about VAX networking and >uses of viruses(worms) in those networking facilities. There are people who write computer programs (including viruses) and there are people who only use computer programs (including viruses). It would appear that the originator of the request for a VAX Virus is a member of the latter group. While it is rather amusing that the requestor could be so terribly naive as to post his note to a public newsgroup, I seriously doubt he would be sufficiently competent to introduce a virus into DECNET, SNA, TCP based networks. Calling out the computer gestapo in this case may seem a little heavy handed. Perhaps someone would consider sending him a friendly note explaining the damaging potential of actually introducing one of the responses to his request into a live computer network. One might be tempted to highlight the potential administrative/regulatory response to the actual use of the information gleaned from his request. NO. One cannot forbid the possession of sources, linkable objects, or even executables for a virus without doing fundamental harm to the Bill of Rights. Viruses may be an unpopular idea ... but the protection of the right of the individual to free expression of his ideas ... and the right to share those ideas with other people is fundamental to the concept of a free society. If one encroaches on the fundamental right of free speech (including writing) then one does fundamental damage to our constitutional guarantees. Moreover, even if you would allow such a prohibition in spite of it's constitutional implications, the regulation would most likely be unenforceably broad. It would be all but impossible to distinguish the program category "virus" from other less virulent programs. Let's keep to prosecuting harmful use of such material rather than mere possession of unpopular ideas. AJ ------------------------------ Date: 30 Jan 90 06:34:49 +0000 From: khijol!erc@cs.utexas.edu (Ed Carp, aka Mr. Ed the talking horse...) Subject: Re: Virus request woodb!scsmo1!don@cs.UMD.EDU writes: >He will probably get a few replies as well as some sources. What as a >whole can the computer industry do to help prevent individuals like >this from the potential releasing of these viruses(viri?) into the >vast networks?? Not a whole lot, except to take reasonable security precautions. >Should it be illegal to own or transmit virus source (for non-security >personnel)?? No. How would you define the term "security personnel"? I can write a virus with a little effort. Does this make me a criminal? Of course not! Similarly, I have a complete set of lockpicking tools. Does this make me a criminal? Again, the answer is no. It's not the tool, it's the use of the tool. Remember, you can design a workable atomic bomb from documents that you can find at most any large public library. Why should it be different for anything else? Let's not get swept up in this anti-virus hysteria -- let's see some reason. >Also, should there be an international watchdog agency set up to >investigate such requests?? Should the CIA/FBI/FCC be involved in >cooperation with IBM/DEC/AT&T/etc.. to form a task force along with >our list's virus expert? I think this is going a bit overboard. Sounds like paranoid hysteria. >Has anyone contacted this person's administration along with MAINE's >and BITNIC/BITNET administration? >Right now, its up to us to report these requests and its the >responsibility of MAINE to act on requests submitted via UMNEWS. Really? Who appointed "us" net.police? Or net.censor? >Can we make it illegal to have virus sources without stomping on our >constitutional rights?? What about other countries?? I doubt it. Right after the Internet virus was released, I saw several postings requesting source for the virus. Sure, there were probably net.idiots who wanted to take the source, hack it up, and re-release it, but there were obviously sincere, rational investigators who wanted to investigate the virus, tear it apart, figure out just how it worked, and then build a better virus-catcher. There are people who are out there who make money by doing this sort of thing. Are you suggesting that the people who have already become established (known) in the field have some sort of exclusive on source? Who appointed Gene Spafford the net.virus.god? This is NOT a flame against Gene, but I have a dim view of folks who want to set up Gene and others like him on a pedestal. I respect Gene's abilities in his field, but there are lots of programmers who can do the same thing. If someone wants to write a virus, he can sure do it without having access to source. Who's going to judge? If I ask for source (hey, Gene, can you mail me the latest source to the Internet virus?), does that make me automatically suspect? Am I a "bad guy"? I could forge my mail address, looking like I come from IBM's Virus Research Group (thinking about it, I don't really *need* to forge THAT), send Gene a request, then, when I get the source, use it for my own nefarious purposes. Alternately, I could be doing genuine virus research for defending AIX against viruses. There IS such work going on, you know. I could even be legit. I sub-contract for IBM. This gives me access to IBM's facilities, phones, etc. I could pose as a virus research (or even BE a virus researcher), get the source, and do whatever. Just because one is a "security expert" doesn't make them a "good guy"; just because one isn't doesn't make them a "bad guy". - -- Ed Carp N7EKG/5 (28.3-28.5) uunet!cs.utexas.edu!khijol!erc Austin, Texas (512) 832-5884 "Good tea. Nice house." - Worf "Love in any language, fluently spoken here" -- sung by Sandi Patti ------------------------------ Date: 30 Jan 90 05:22:52 +0000 From: wcpl_ltd@uhura.cc.rochester.edu (Wing Leung) Subject: Re: WDEF at University of Rochester (Mac) WDEF B is found in University of Rochester. Tonight I've found one of my disk crash due to a problem in the Desktop file. After recovering it at the Computer Center, we use Disinfectant 1.5 to scan the Desktop file and WDEF B is found. My friend use it to scan his disks too. The earliest infection found so far is on 22nd Jan. Peter _ _ ____ ____ _ * Internet: wcpl_ltd@uhura.cc.rochester.edu (/ / // / // ) (/ * BITNET : WCPL_LTD@UORDBV / / / // //___/ _/ * DecNet : UORHEP::PETER /_/_/ //__/ // _/\___/ * UUCP : ...rochester!uhura!wcpl_ltd ------------------------------ Date: Tue, 30 Jan 90 11:54:32 +0000 From: "Dr. A. Wood" <XPUM01@prime-a.central-services.umist.ac.uk> Subject: re: 'Virus request' from Taiwan ......Re this message:- From: IN%"UMNEWS@MAINE.BITNET" "Vax discussion" 21-JAN-1990 23:11:59.77 Subj: <Vax 85> Virus on VAX From: 7811100@TWNCTU01.BITNET Hi! Does anyone have a idea about VAX Virus? Or interesting on it? I think the most difficult point is how to spread it out. So if someone has any bright idea, contact with me. James Huang ......and this reply to it:- Date: Thu, 25 Jan 90 12:08:35 -0500 From: woodb!scsmo1!don@cs.UMD.EDU Subject: RE: Virus request Here is a message from UMNews's Vax discussion list. I thought the list should know about this. The node is Taiwanese. This is insane. Obviously this particular Taiwanese knows little about VAX networking and uses of viruses (worms) in those networking facilities. He will probably get a few replies as well as some sources. What as a whole can the computer industry do to help prevent individuals like this from the potential releasing of these viruses into the vast networks?? Should it be illegal to own or transmit virus source (for non-security personnel)?? Also, should there be an international watchdog agency set up to investigate such requests?? Should the CIA/FBI/FCC be involved in cooperation with IBM/DEC/AT&T/etc.. to form a task force along with our list's virus expert? Has anyone contacted this person's administration along with MAINE's and BITNIC/BITNET administration? <etc etc> ............................................................................. If James Huang is Taiwanese, then his first and most familiar language is likely not English but Chinese, and likely he committed no computer ethical error but merely a language blunder, namely the common capital offence of 'unclear use of a pronoun'! <WOODB!SCSMO1!DON@CS.UMD.EDU>, in the course of emptying his flamethrower down the computer link at the unfortunate Huang, seems to imply that Huang meant "I want to spread VAX virus". But Huang could also have intended to say "I want to spread news about how to notice and combat VAX virus" - - which is what Virus-L is for!! {A.Appleyard} (email: APPLEYARD@UK.AC.UMIST), Tue, 30 Jan 90 11:25:08 GMT ------------------------------ Date: Tue, 30 Jan 90 08:18:29 -0500 From: Jim Ennis <JIM@UCF1VM.BITNET> Subject: WDEF Infection (Mac) Hello, We had a WDEF infection of our Mac lab at the University of Central Florida. The person fixing the viruses traced the source back to a local copy center which has some Mac for use on a hourly basis and students brought their infected disks from the store to our Mac lab. The person who kills viruses for us has cleaned up the Macs in our lab. ----------------------------------------------------------------------------- Jim Ennis UCF - Computer Services JIM@UCF1VM.BITNET ------------------------------ End of VIRUS-L Digest *********************