LUKEN@IBM1.CC.Lehigh.EDU (The Moderator Kenneth R. van Wyk) (05/19/89)
VIRUS-L Digest Thursday, 18 May 1989 Volume 2 : Issue 119
Today's Topics:
VIRUS-L/comp.virus goes on vacation.
Data-tweaking viruses?
Re: The only good virus is a dead one
Article on a Macro Virus
Sentry Program (PC)
---------------------------------------------------------------------------
Date: Thu, 18 May 89 10:15:06 EDT
From: Ken van Wyk <luken@ubu.CC.Lehigh.EDU>
Subject: VIRUS-L/comp.virus goes on vacation.
Next week (May 20-28), I'll be in the U.S. Virgin Islands on a
sailboat, far away from any telephone and (more importantly) any
computer. VIRUS-L/comp.virus will be off-line for the duration of my
trip. I apologize for any inconvenience that this may cause.
Note that you can continue sending messages to the list. Ubu (my
trusty but rusty computer) will continue to collect the messages, and
I'll digest them all when I return. Also, should anyone have an
urgent need to report a virus, VALERT-L will continue to run.
This is probably a good time to point out that VALERT-L, as with any
non-moderated LISTSERV group, does receive occasional subscription
requests, etc. Please, don't respond to these - just ignore them.
The list is to be used only for urgent virus alerts, and violators
will be asked to leave.
Thanks,
Ken van Wyk
------------------------------
Date: 17 May 1989, 16:24:07 EDT
From: David M. Chess <CHESS@YKTVMV.BITNET>
Subject: Data-tweaking viruses?
In a recent article ("Managing the Virus Threat", ComputerWorld,
1989/2/13) John McAfee writes "Many viruses subtly modify data rather
than instigate widespread destruction. They target information in a
PC spreadsheet or database or other data files. The may move a
decimal place to the left or the right, add or take away a zero... or
make other modifications that are difficult to trace and easy to
overlook." (Typos mine)
I've always mentioned that as a possibility in my talks, but I've
never encountered a virus that actually did it. Has anyone else here?
I know Mr. McAfee doesn't read this list himself, but does anyone
listening know of a virus that does this sort of thing? The closest I
can think of that's been reported here is the IBM PC probably-virus
that Ross Greenberg reported back on March 16th, that garbled (in a
way) DBase files. But it didn't have the effect of changing them
subtly; they were either perfect, or quite extensively scrambled. If
there are now many viruses that do it, I definitely want to update my
talks!
Any information would be appreciated.
DC
------------------------------
Date: Thu, 18 May 89 10:58:15 BST
From: Neil Youngman <nyo@CS.EXETER.AC.UK>
Subject: Re: The only good virus is a dead one
Further to my previous posting, I would add that "good" viruses could
be abused in all sorts of ways. Alan Solomon had a virus infect one of
his anti-viral programs (according to Computing magazine). Someone
could use one as cover for more destructive code, or "borrow" the code
it used to replicate.
It has also been pointed out to me that the virulence of the Internet
worm was not accidental, according to an official inquiry.
-- Neil Youngman,
Computer Science Dept, Exeter University, Prince of Wales Road,
Exeter, Devon, EX4 4PT, UK.
UUCP: nyo@expya.uucp JANET: nyo@uk.ac.exeter.cs
"The lights are on but Mr Brain is not at home!"
------------------------------
Date: Thu, 18 May 89 10:49:23 PDT
From: rogers@marlin.nosc.mil (Rollo D. Rogers)
Subject: Article on a Macro Virus
In the May 1989 Volume 8 Number 3 of Computers & Security there appears an
article called "A Macro Virus".
This article is interesting and suggests that this type of virus does
exist out there and it infects Spreadsheets. The article indicates the
macro virus might be designed to alter a single value in a specific
column each time the worksheet is loaded.
However, they "did not" actually have a copy of a macro virus in hand.
They also give details on how to detect such a virus in a Spreadsheet.
REgards, RollO~~
------------------------------
Date: Thu, 18 May 89 15:23:27 EDT
From: Claude Goldman <CLAUDE@BROWNVM.BITNET>
Subject: Sentry Program (PC)
I have a few questions about Sentry. I do not have viruses so I am
checking it out by changing existing programs like recloning list.com
or changing a chracter in a file. What do people on this list think
of this program. Does it set a return code that can be checked with
errorlevel in bat files. If so what are they. Lastly the doc is not
clear on what files it checks. Do it check only exe and com files or
does it check other files. For example it did not report I changed a
bat file. In particular does it check sys and overlay files. The doc
for copy I have says its release 2.
Acknowledge-To: <CLAUDE@BROWNVM>
------------------------------
End of VIRUS-L Digest
*********************