padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) (04/13/91)
In my previous alert on the EMPIRE virus, I had not yet seen the
second sector with the transposed text. Since then I have received
this also and thanks to WordStar (plug) here is the decrypted text.
Note that each sentance is a single line and relies on text-wrapping
by the terminal for legibility.
After study, I suspect that the virus was written at first,
possibly with a different message, and had this message inserted
later, possibly by a different person - is this a quote ?
Warmly,
Padgett
Text of encrypted message follows:
I'm becoming a little confused as to where the "evil empire" is these
days.
If we paid attention, if we cared, we would realize just how unethical
this mpending war with Iraq is, and how impure the American motives
are for wanting to force it.
It is ironic that when Iran held American hostages, for a few lives
the Americans were willing to drag negotiation on for months; yet when
oil is held hostage, they are willing to sacrifice hundreds of
thousands of lives, and refuse to negotiate .......padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) (04/15/91)
Since the last posting (Virus-L and Valert-L), yet another strain of
the EMPIRE virus has appeared. For the moment it would seem that the
University of Alberta (Canada) is the only victem. The second strain
has the same charactoristics except that this one is encrypts each
infection differently.
For the moment, the best detection is by the intitial JMP which is the
same in both strains and is the viruses signature to itself. "EA 9F 01
C0 07" - jmp 07C0:019F, this will pick up both.
Warmly,
PadgettCCTR132@csc.canterbury.ac.nz (Nick FitzGerald) (04/17/91)
In VIRUS-L Digest V4 #62 padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) wrote: > In my previous alert on the EMPIRE virus, I had not yet seen the >second sector with the transposed text. Since then I have received >this >[deletions] >Text of encrypted message follows: > >I'm becoming a little confused as to where the "evil empire" is these >days. >[rest of virus message deleted] If it's not too late, I would respectfully suggest that "Evil Empire" is a better name for this virus as it is more easily identified when the beasty does trigger and display its message, _AND_ it is a "more unique" name. Tim also sent me a copy of this virus, and it has an interesting feature when it infects a HD with a controller that writes to the MBR. A week or so ago, it was mentioned that some XT HD controllers write up to 17 bytes (yep, 17!) of guff to the MBR immediately before the 64 bytes reserved for the partition table. Well, my XT at home has just such a controller and when that machine is infected with the Empire virus (I'll use this name for now to avoid/prevent confusion) the HD is rendered unbootable. This is because the HD controller seems to always slip its mystery bytes into a write to 0,0,1, including the viral infection write. As the Empire virus code requires all of the MBR sector apart from the last 66 bytes, its code is corrupted by these 17 mystery bytes, and it doesn't execute correctly, hanging the machine at boot-up. - --------------------------------------------------------------------------- Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337
lev@slced1.Nswses.Navy.Mil (Lloyd E Vancil) (04/18/91)
padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) writes: >this also and thanks to WordStar (plug) here is the decrypted text. ......later, possibly by a different person - is this a quote ? >Text of encrypted message follows: > >I'm becoming a little confused as to where the "evil empire" is these >days. > >If we paid attention, if we cared, we would realize just how unethical >this mpending war with Iraq is, and how impure the American motives >are for wanting to force it. > >It is ironic that when Iran held American hostages, for a few lives >the Americans were willing to drag negotiation on for months; yet when >oil is held hostage, they are willing to sacrifice hundreds of >thousands of lives, and refuse to negotiate ....... I believe this is a garbled and partial quote from Ron Kovick who claimed to speak for All Vietnam Vets. I won't bore the net with my opinion of this individual, Suffice it to say I don't agree with his attitude. I doubt Mr Kovick would use a virus to spread his drek, but I'm sure the freaks and fops that follow people like this think they are "nobel warriors" "striking a blow." #$%^&*()Bleck!!@#$%^&* - ------------------------------------------------------------------------------- | * suned1!lev@elroy.JPL.Nasa.Gov sun!suntzu!suned1!lev | | . lev@suned1.nswses.navy.mil + . | | + * S.T.A.R.S.! The revolution has begun! * |