Alan_J_Roberts@cup.portal.com (12/13/89)
This is an urgent forward from John McAfee: A distribution diskette from a corporation calling itself PC Cyborg has been widely distributed to major corporations and PC user groups around the world and the diskette contains a highly destructive trojan. The Chase Manhattan Bank and ICL Computers were the first to report problems with the software. All systems that ran the enclosed programs had all data on the hard disks destroyed. Hundreds of systems were affected. Other reports have come in from user groups, small businesses and individuals with similar problems. The professionally prepared documentation that comes with the diskette purports that the software provides a data base of AIDS information. The flyer heading reads - "AIDS Information - An Introductory Diskette". The license agreement on the back of the same flyer reads: "In case of breach of license, PC Cyborg Corporation reserves the right to use program mechanisms to ensure termination of the use of these programs. These program mechanisms will adversely affect other program applications on microcomputers. You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement." Further in the license is the sentence: "Warning: Do not use these programs unless you are prepared to pay for them". If the software is installed using the included INSTALL program, the first thing that the program does is print out an invoice for the software. Then, whenever the system is re-booted, or powered down and then re-booted from the hard disk, the system self destructs. Whoever has perpetrated this monstrosity has gone to a great deal of time, and more expense, and they have clearly perpetrated the largest single targeting of destructive code yet reported. The mailings are professionally done, and the style of the mailing labels indicate the lists were purchased from professional mailing organizations. The estimated costs for printing, diskette, label and mailing is over $3.00 per package. The volume of reports imply that many thousands may have been mailed. In addition, the British magazine "PC Business World" has included a copy of the diskette with its most recent publication - - another expensive avenue of distribution. The only indication of who the perpetrator(s) may be is the address on the invoice to which they ask that $378.00 be mailed: PC Cyborg Corporation P.O. Box 871744 Panama 7, Panama Needless to say, a check for a registered PC Cyborg Corporation in Panama turned up negative. An additional note of interest in the license section reads: "PC Cyborg Corporation does not authorize you to distribute or use these programs in the United States of America. If you have any doubt about your willingness or ability to meet the terms of this license agreement or if you are not prepared to pay all amounts due to PC Cyborg Corporation, then do not use these programs". John McAfee
cdsm@sappho.doc.ic.ac.uk (Chris Moss) (12/15/89)
Alan_J_Roberts@cup.portal.com writes: >This is an urgent forward from John McAfee: > > A distribution diskette from a corporation calling itself >PC Cyborg has been widely distributed to major corporations and >PC user groups around the world and the diskette contains a >highly destructive trojan. Further information from the London "Independent" newspaper 15 Dec bylined by Science Editor Tom Wilkie, titled 'Trojan' threatens 10,000 computers: Fears are growing that more than one mailing list was used todistribute the "Aids Information" computer diskette which is damaging computers. Police said yesterday that they had been "inundated" by thousands of complaints about the disk, which they believe may have been distributed to more than 10,000 addresses in Britain. There are also unconfirmed reports tha delegates to an Aids conference in Sweden have been sent copies of the diskette from London. Experts estimate that the cost of the operation must run to between 8,000 and 10,000 pounds. .. According to Dr Alan Solomon, a leading expert on computer security, the program counts the times a user switches on the machine. After about 90 startups, Dr Solomons said, the damage routine is triggered. The program encrypts the names of all files held on the hard disks and "hides" them. This means that the computer's normal operating software is unable to find anything except one file, "CYBORG.DOC" which contains a demand for payment. According to Steve Robinson of the software company Insoft, the damage routine may be triggered on some machines almost as soon as the program is run. ... >In addition, the British magazine "PC Business World" has >included a copy of the diskette with its most recent publication (I do not confirm the truth of this assertion, but the article continues) PC Business World has produced an "Aidsout" program, written by virus hunter Jim Bates, on a disk which the magazine will distribute free to victims. The program is also available on "Connect" the IBM PC User Group bulletin board. .. (various other symptoms) Experts agree the program is so big and cleverly written that it will take months to tease out all the things it may do. For that reason, users should remove all trace from machines as soon as possible. For free information send a SAE to: IBM PC User Group, PO Box 360, Harrow HA1 4LQ; or Dr. Alan Solomon, S and S, Watermeadow, Chesham, Bucks, HP5 1LP.