diblasi@mail-gw.ncsl.nist.gov (Thomas DiBlasi) (04/09/91)
Hi, I've been monitoring Virus-l digest since December and now for the first time have a question. Is it possible for a virus, trojan, worm, etc. to infect a hard disk or RAM simply by inserting an infected floppy into a drive without execution?? I thought I saw something on how some PC's /MAC's can recognize the presence of a floppy after insertion without the benefit of an access command being entered.
p1@arkham.wimsey.bc.ca (Rob Slade) (04/12/91)
diblasi@mail-gw.ncsl.nist.gov (Thomas DiBlasi) writes: > Is it possible for a virus, trojan, worm, etc. to infect a hard disk > or RAM simply by inserting an infected floppy into a drive without > execution?? A short answer: on a Mac, yes. However, most of the Mac virus protection programs do automatic detection on disk insertion. On a PC: no. Or at least, not with standard machines. (I use an old NEC laptop for my comm sessions, and it growls at every disk insertion so it must be doing *something*. But most PC's don't.) ============= Vancouver p1@arkham.wimsey.bc.ca | "Is it plugged in?" Institute for Robert_Slade@mtsg.sfu.ca | "I can't see." Research into (SUZY) INtegrity | "Why not?" User Canada V7K 2G6 | "The power's off Security | here."
mike@pyrite.SOM.CWRU.Edu (Michael Kerner) (04/12/91)
That's what WDEF viruses do on the Macintosh - they transfer from the "desktop" file of the infected floppy to the host. However, they are also extremely easy to kill, and don't do any real damage, so they are not (yet) seen as a big threat. Mikey. Mac Admin WSOM CSG CWRU mike@pyrite.som.cwru.edu
CAH0@gte.com (Chuck Hoffman) (04/15/91)
diblasi@mail-gw.ncsl.nist.gov (Thomas DiBlasi) writes: > > Is it possible for a virus, trojan, worm, etc. to infect a hard disk > or RAM simply by inserting an infected floppy into a drive without > execution?? Yes, the WDEF virus on the Macintosh can do this. By the time the icon for the floppy appears on the screen, ALL the disks shown on the screen will have been infected, both hard disks and floppies. WDEF is benign, and is easily deleted, and is detected by Virex before the icon appears on the screen, but the answer to your question is yes. WDEF is the only virus I have been hit with. A friend sent me a text file with a description of (you guessed it) WDEF infections! I also got a shrinkwrapped diskette from a software subscription service which had WDEF on it, but by then I had Virex on the system so the system did not pick up the WDEF. - - Chuck Hoffman, GTE Laboratories, Inc. | I'm not sure why we're here, cah0@bunny.gte.com | but I am sure that while we're Telephone (U.S.A.) 617-466-2131 | here, we're supposed to help GTE VoiceNet: 679-2131 | each other. GTE Telemail: C.HOFFMAN |
F8DY@VAX5.CIT.CORNELL.EDU (04/17/91)
mike@pyrite.SOM.CWRU.Edu (Michael Kerner) writes: > That's what WDEF viruses do on the Macintosh - they transfer from the > "desktop" file of the infected floppy to the host. However, they are > also extremely easy to kill, and don't do any real damage, so they are > not (yet) seen as a big threat. It may be easy to kill (rebuild your desktop!) but it also spreads like wildfire. And it certainly does do "real damage" -- where I work, people have lost papers because WDEF crashed their system and corrupted their files. It causes printing problems, it crashes a Mac II almost immediately, and God help you if you get it on a server! In reply to the original question, CDEF (Mac) also works like this: infecting the desktop file, usually on disk insertion. And since it was written at Ithaca High School, it is _all_over_ Cornell. (Lucky us.) _____________________________________________ | / \ / \ | | / You can't fight | | Mark Pilgrim \ | | | in here -- this |\_______/| | | \_____| is the WAR ROOM! |// \\| f8dy@cornella. |_____/ | (from Doctor /// \\\ cit.cornell.edu | | Strangelove) /// \\\ | \_______________/// \\\_______________/ My thoughts may not be my own, but they're certainly not my employer's.
ingoldsb%ctycal@fsa.cpsc.ucalgary.ca (Terry Ingoldsby) (04/18/91)
p1@arkham.wimsey.bc.ca (Rob Slade) writes: ... > On a PC: no. Or at least, not with standard machines. (I use an old NEC > laptop for my comm sessions, and it growls at every disk insertion so it > must be doing *something*. But most PC's don't.) I recently installed a floppy disk drive on a non-PC computer (actually a Radio Shack Color Computer). I bought the drive without power supply or cabinet and assembled the unit myself. I discovered that the drive would cycle the power on for about 5 seconds every time a disk was inserted, even when the drive was not connected to a computer. It appears to be a feature that makes certain the disk has seated itself properly before any data operations take place. As far as I could tell the computer is not advised of the insertion. Perhaps this is what you are experiencing? - -- Terry Ingoldsby ingoldsb%ctycal@cpsc.ucalgary.ca Land Information Services or The City of Calgary ...{alberta,ubc-cs,utai}!calgary!ctycal!ingoldsb
slandrum@apple.com (Stephen Landrum) (04/19/91)
CAH0@gte.com (Chuck Hoffman) writes: > [ ... ] WDEF is >benign, and is easily deleted, [ ... ] The Hitchiker's Guide to Computer Virii entry for the WDEF virus is "Benign". Ford Prefect and I would like to change the entry to "Mostly Benign". :-) We have a lot of Mac IIci's at work, and there is a bug in WDEF (yea, a bug in a virus :-) ) that causes it to crash the IIci when a disk with WDEF on it is inserted in the floppy drive. Fortunately, this flaw means it never gets installed on the IIci, but it can be frustrating if you don't have some INIT installed that catches WDEF and removes it before it crashes the machine. - -- Stephen H. Landrum VOICE: (415) 813-8909 UUCP: ...apple!ntg!slandrum USNAIL: New Technologies Group Inc. 2468 Embarcardero Way, Palo Alto CA 94303