[comp.virus] Documented mainframe viral attacks

spoelhof@newkodak.kodak.com (Gordon Spoelhof) (06/05/90)

As an occasional browser of this newsgroup, I have noticed that discussions
surrounding mainframe viruses tend to be theoretcial in nature.

Questions:

1.  How many mainframe viral attacks are documented?
2.  How many incidents are reported/not reported?
3.  In general, how are the viruses introduced?
4.  What corrective measures had to be taken?
5.  What preventative measures are taken?
6.  What is the level of risk?

Discussion anyone?

Disclaimer:        "Neither my wife nor my employer endorse opinion according
                   to Gordi..."

Internet:          spoelhof@Kodak.COM
Telephone:         716-781-5576
Secretary:         716-724-1365 (Sharon)
FAX:               716-781-5799
US Mail:           Gordon Spoelhof
                   CIS/ITM 2-9-KO
                   Eastman Kodak Co
                   343 State Street
                   Rochester, NY 14650-0724

AGUTOWS@WAYNEST1.BITNET (Arthur Gutowski) (04/18/91)

In Virus-L V4 #63:
>Date:    16 Apr 91 22:38:13 +0000
>From:    braunste@sal-sun12.usc.edu (Gil Braunstein)

>I was wondering whether there are documented cases of viruses
>infecting mainframes or minis (basically not PCs).  ...
> my instructor claims that there have not been any
>documented cases of viruses infecting mainframes that he knows of.  On
>the other hand, another instructor claims to know about some cases but
>one of the few sources that he pointed out was Fred Cohen's paper.

To my knowledge, there are no known mainframe viruses (documented).
Unless you count the VM Xmas EXEC (and others like it) viruses.  I
think these have been classified by most as worms rather than viruses,
because they are stand-alone programs and not parasitic.  Some time
ago (late last year) there was extensive discussion as to the
possibility and feasibility of mainframe viruses.  As a starting
point, you may want to check the Virus-L archives on cert.sei.cmu.edu
for these mainframe discussions.  As for the Cohen paper, that may too
be on the cert archives (if it's available in electronic form--
Ken??).  I think the general consensus then was that viruses were
definitely possible, but not a huge concern given the complexity of
mainframe environments and the different culture associated with
mainframes.

For what it's worth,

[Ed. Sorry,the Cohen papers are not available on our archives; if they
are publicly available electronically, I would be happy to place them
there, though.  If anyone has info on this, please drop me a note.]

Arthur Gutowski
MVS System Programmer
Wayne State University      AGUTOWS@WAYNEST1 (BitNet)
1+1=10                      AGUTOWS@cms.cc.wayne.edu (InterNet)
  -Murphy's Base Law of Addition