cliff@WSU-ENG.ENG.WAYNE.EDU (Cliff Stallings) (09/22/89)
Is anyone aware of any significant information about the MS-DOS virus which is suppose to attack on Columbus Day (Oct. 9). I have heard numerous versions of what is suppose to happen and wish to advise our MS-DOS users on the network. Thanks in advance for your help, cliff@wsu-eng.eng.wayne.edu (313) 577-3824
CMH117@PSUVM.BITNET (09/28/89)
This is just another one of those articles meant to increase public fear of viruses and/or increase anti-virus program sales! Please keep this kind of garbage in comp.viruses, or whatever it is! 8
solensky@interlan.interlan.COM (Frank Solensky) (09/28/89)
The following is the text of an article in the September 11 issue of
PC Week, reproduced without edification or explicit permission -- I couldn't
find any sort of copyright message anywhere in that issue, so I assume that
it is legal to distribute this..
-- Frank Solensky
Racal InterLan
=============================================================================
Experts Warn of Datacrime Virus, Plan Prevention
by Evan O. Grossman
-------------
As the so-called Columbus Day virus nears it critical date, computer-
security experts are recommending a number of preventive measures to stop its
spread.
To guard against the virus, which is expected to be unleashed in
infected computers on or around Oct. 12, experts are encouraging PC users to
manually check their new and existing .COM files for corruption and to
implement special security software that protects files against the strain.
The virus replicates through the execution of infected .COM files
found in system utilities.
Imported from Europe
The Columbus Day virus, also known as the Datacrime virus, is one of
the first to target MS-DOS computers. It was reportedly unleashed a few months
ago in Europe and has recently begun to attack some PC sites in the United
States.
The damage occurs when a contaminated program causes the virus to
destroy data on a hard disk's track 0, requiring that the disk be reformatted
with a low-level formatting program, experts said.
"It's nasty and it's well-written. You need to take extraordinary
measures right now in order to stop it," warned Tom Patterson, senior analyst
for security operations at Centel Federal Systems Corp., a systems integrator
in Reston, Va.
To ensure that none of his company's computers are infected, Patterson
has manually checked the length and content of every .COM file to make sure
that they're free of the virus strain.
The virus adds either 1,168 or 1,280 byt5es to the files it infects,
so users can guard against the contamination by checking a file's true length
against their original DOS master disks, computer-security experts said. The
virus does not attack COMMAND.COM or any other .COM file whose seventh
character is a "D".
Patterson and other security experts suggest that once a particular
computer has been found to be uncontaminated, any software that is installed
thereafter should first be examined on a secure system.
Centel is also developing software that searches disks for the
Datacrime virus' code, but Patterson warned that users should not limit their
preventive measures to this software, since it is not designed to detect other
strains.
Users who want to take the highest security precautions can use special
software, such as Comsec-II from American Computer Security Industries Inc.
(ACSI), which can make all .COM files execute-only, thereby eliminating the
danger of the infection.
Such security software can also run special "checksum" tests on files
to make sure that they haven't been modified, according to Winn Schwartau, of
ACSI in Nashville, Tenn.
Accompanying the article is a diagram with the main points in the article:
Diagnosis and Prevention of the Datacrime "Columbus Day" Virus
Symptoms:
.COM files (other than COMMAND.COM) increase in size by 1,168 or 1,280 bytes.
Prognosis:
When an infected program is run on or after October 12, the virus will make
data stored on the hard disk inaccessible.
Rx:
. Regularly check that all .COM files are the appropriate length.
. Test all .COM programs on a secure computer before allowing their use on
other systems.
. Run security software that restricts .COM files to execute-only.
. Backup data files regularly, just in case.