padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) (11/30/90)
>From: "Jan C. Zawadzki" <S72UZAW@TOE.TOWSON.EDU> >Subject: Sunday V. in Turbo C 2.00: is false alarm possible? (PC) Yes, and can be triggered by several actions. It is not common though. We just had a badly confused machine report the WHALE. Since a check of memory came up clean and the flagged files had not grown after a cold boot, our tech was able find a bad RAM chip that was causing the erratic operation. PPROPER TRAINING OF TECHNICAL PEOPLE IS ESSENTIAL (i know, it's not polite to shout). FYI, the SUNDAY is a Jerusalem varient, .COM and .EXE files grow, and it goes resident as a conventional TSR, unnamed, and occupies slightly over 2k in memory. - -------------------------------------------------------------------- >From: Marc TARDIF <S004@HECMTL01.BITNET> >Subject: Washing machine (PC) This is an old "joke" file and is harmless by itself. Being a .COM file it is easily infected and this may be where two of the infections came from. The STONED is a boot sector infector and can (officially) only be contracted by booting with an infected floppy in drive A. My guess is that someone deliberately infected your machine since three-on-a-disk is odd to say the least. - ------------------------------------------------------------------- >From: "Otto.Stolz" <RZOTTO@DKNKURZ1.BITNET> >Subject: Lateral Thinking As usual, Otto has made excellent points & I would recommend re-reading his posting. Why are there no/few mainframe viruses ? - Worms are easier to write. Of course sometimes the viral writers go to absurd lengths to try to hide their wares while leaving their backsides open to the winds. "Stealth" viruses are a case in point: 4096, Flip, Whale, Joshi as well as Brain, Stoned, Yale/Alameda all move the TOM making detection trivial, but few seem to bother to look. (Ignorance is curable, though). Part of the problem is that the virus writer just needs to come across an interesting point in "The DOS Programmer's Reference" to come up with something new, while we have to be aware of all the "holes" and undocumented features in the O/S and below to be able to respond. The hardest thing in the world to determine is what something is not. The destruction I have had to correct from such viruses rarely stems from the code itself, rather it is the mistakes in the code that cause the real trouble. Fortunately, there seems to be little in the way of originality in malicious software, however, since it is matched by an equal lack of observation by most users (some time ago I came across a nice little trojan that had been unnoticed by the people who had it on their PCs. It was 270k long and had been written in Clipper) such irritants are widespread. What makes it hard to sleep sometimes is not the viruses I know, but those that I can imagine. Padgett - still 10 miles north of DisneyWorld