greenber@utoday.UU.NET (Ross M. Greenberg) (12/07/89)
(In addition to contacting Ed Wilding, you may also contact me: I'm an
editorial board member.. Ross M. Greenberg, greenber@utoday.uu.net)
- -------- Call For Papers and Submissions for Virus Bulletin------
Anyone wishing to write on any of these topics, or wishing
to receive the Virus Bulletin notes for contributors should
contact Edward Wilding, Editor, Virus Bulletin, Haddenham,
Aylesbury HP17 8JD, UK. Tel. 0844 290396., Tel Int. +44
844 290396., Fax 0844 291409,. Fax Int. +44 844 291409.
For circulation to Virus Bulletin Editorial Board and all
interested parties.
Virus Bulletin copy submission deadlines 89/90.
Issue 1.6 December 1989 Friday 1st December 1989
Issue 1.7 January 1990 Friday 22nd December 1989
Issue 1.8 February 1990 Friday 19th January 1990
Issue 1.9 March 1990 Friday 23rd February 1990
Issue 1.9 April 1990 Friday 23rd March 1990
Issue 1.10 May 1990 Friday 20th April 1990
(Please note that the copy deadline for Issue 1.7 (January
1990) is before the Christmas recess).
Forthcoming Subjects
The following is a list of possible articles in forthcoming
editions. These are only suggestions and I welcome other
ideas or more extended examination than listed.
1. Should we trust public domain anti-virus software?
There are many arguments both for and against public domain
anti-virus software - this article should attempt to outline
its pros and cons and provide some guidelines for
prospective users.
2. Practical steps for non experts in dealing with a
network computer virus attack. What should be done
immediately by systems administration in the face of such an
attack?
3. Procedural steps to preventing computer virus infection.
A checklist of procedures and rules which if observed will
minimise the risk of a virus attack.
4. Anti-virus software evaluation in a corporate
environment. By which criteria do large corporate
microcomputer using organisations judge such software. Is
there consensus on this point?
5. How do you test the value of an anti-virus package
without having access to computer viruses?
6. 'Lab' viruses versus 'real world' viruses. Is it
necessary for researchers to create viruses? What are the
benefits and does experimentation present any dangers?
7. Towards a common terminology and nomenclature. 1701,
Fall, Cascade, Hailstorm, 1704 - how do we overcome the fact
that there is no agreement or consensus about naming or
classifying viruses? Why is this? Equally, can we develop
an agreed glossary of terms about the types of virus and
their methods of infection?
8. Does commercial interest on the part of the 'virus
industry' worldwide inhibit the anti-virus war?
9. Case studies. I should very much like to recieve good
case studies which detail an actual virus attack, its
impact, and the methods used to clear the infected system
and restore operations. Specifics about the organisation
need not be stated but a clear description of the affected
computer environment is necessary.
10. Worm programs. Classifying network vulnerabilities
and/or analysis of recent worm programs such as Internet or
the two well known NASA SPAN attacks. Are there any
universal procedures or methods to prevent such attacks
and/or control them?
11. Statistics about virus attacks. Will it ever be
possible to collate accurate data about the propagation of
computer viruses? Refusal to report incidents means that at
best we can only guess about the spread of specific viruses.
Can we tell how fast a virus will spread by its design?
12. Mainframe viruses/ replicative attack programs. Fact
or fantasy? Specific incidents would be helpful. What
factors have served to suppress mainframe virus writing /
propagation / reports? Patches (to increase general
security) for specific machines would be welcome.
13. Forensic evidence. Most countries have no effective
legislation to combat computer misuse. Even if laws to
criminalise virus creation are introduced (such as that
recommended by the Law Commission, UK, or implemented by the
state of California, USA) the courts will face a difficult
task in prosecuting. Are methods available to trace or
identify computer virus writers? Would this evidence be
sufficient to convict in a court of law?
- ---
Virus dissections (the analysis of a specific computer
virus) are always welcome. These should not exceed 2200
words. Also details for programmers providing virus
hexadecimal patterns, infective length, entry point and
offset.