fetrow@bones.biostat.washington.edu (Dave Fetrow) (11/04/88)
In news.announce.important warnings on an Internet virus were made. It was expected only to infect SUN and Vaxen. It can partly infect an IBM RT as well....at least to the extent that an RT can accept the virus files and run at least one virus process. (We found the virus on most of our RTs. We are running ACIS/AOS not AIX) It may not be virulent on an RT but sysops should know enough to check and delete virus files and processes. BITNET: dfetrow@uwarita -- david d. fetrow -- UUCP: uw-beaver!entropy!fetrow INTERNET: fetrow@bones.biostat.washington.edu (cond ((lovep you (quote LISP)) (honk)) (t nil))
hkbirke@mit-amt (Hal Birkeland) (11/05/88)
In article <1044@entropy.ms.washington.edu> fetrow@bones.biostat.washington.edu (Dave Fetrow) writes: > >It was expected only to infect SUN and Vaxen. It can partly infect an IBM >RT as well....at least to the extent that an RT can accept the virus files >and run at least one virus process. (We found the virus on most of our RTs. >We are running ACIS/AOS not AIX) > > It may not be virulent on an RT but sysops should know enough to check and >delete virus files and processes. > >BITNET: dfetrow@uwarita -- david d. fetrow -- david has summarized the situation very well... IBMs are succeptable to some aspects of the virus, but not all. For example, my RT running ACIS 4.3 w/NFS was not fully struck by the virus either. The sendmail i am running has debug turned off which defeats the initial attack by the virus. furthermore, the machine doesn't appear in any .rhosts files or hosts.equiv. just remember, any UNIX machine running sendmail can get the first stage of the virus (the mailer -> sed -> cc -> net communications to get the rest of the virus) but it seems that only VAXen and Sun 3's will actually compile and run it (at least we couldn't infect our RT even though we tried). --hal REMEMBER: fix fingerd fix sendmail run viruscheck on passwords (so accounts aren't broken into) discourage .rhosts files strip hosts.equiv to the vare minimum INSTALL THE CONDOM (the directory /usr/tmp/sh owned by root, protected as 000 with a couple of files in it with the same protection. Therefore, the virus can't get a toehold) Thank god that it didn't infect HP9000s3x0 workstations running HP-UX6.0 hkbirke@media-lab.media.mit.edu
ehrlich@shire.cs.psu.edu (Dan Ehrlich) (11/06/88)
In article <3259@mit-amt>, hkbirke@mit-amt (Hal Birkeland) writes: >In article <1044@entropy.ms.washington.edu> fetrow@bones.biostat.washington.edu (Dave Fetrow) writes: >> > fix sendmail > run viruscheck on passwords (so accounts aren't broken into) Where can I get a copy of 'viruscheck'? Thanks in advance. -- Dan Ehrlich <ehrlich@shire.cs.psu.edu> | Disclaimer: The opinions expressed are The Pennsylvania State University | my own, and should not be attributed Department of Computer Science | to anyone else, living or dead. University Park, PA 16802 |