From: CRDGW2::CRDGW2::MRGATE::"SMTP::CUNYVM.CUNY.EDU::VIRUS-L%LEHIIBM1.BITNET" 7-SEP-1989 17:41 To: MRGATE::"ARISIA::EVERHART" Subj: VIRUS-L Digest V2 #188 Message-Id: <8909072136.AA15991@crdgw1.ge.com> Received: from PSUVM.BITNET by CORNELLC.cit.cornell.edu (IBM VM SMTP R1.2.1MX) with BSMTP id 3778; Thu, 07 Sep 89 17:31:01 EDT Received: from PSUVM.LISTSERV by PSUVM.BITNET (Mailer R2.03B) with BSMTP id 3196; Thu, 07 Sep 89 17:33:26 EDT Date: Thu, 7 Sep 89 16:36:58 EDT Reply-To: VIRUS-L%IBM1.CC.LEHIGH.EDU@CORNELLC.cit.cornell.edu Sender: Virus Discussion List From: "The Moderator Kenneth R. van Wyk" Subject: VIRUS-L Digest V2 #188 Comments: To: VIRUS-L@ibm1.cc.lehigh.edu To: Multiple recipients of list VIRUS-L VIRUS-L Digest Thursday, 7 Sep 1989 Volume 2 : Issue 188 VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, document, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@SEI.CMU.EDU. - Ken van Wyk Today's Topics: Re: locked macintosh disks Introduction to the anti-viral archives Amiga anti-viral archive sites Apple II anti-viral archive sites Atari ST anti-viral archive sites Documentation anti-viral archive sites IBMPC anti-viral archive sites Macintosh anti-viral archive sites list of unix sites VM Virus Warning (IBM VM/CMS) --------------------------------------------------------------------------- Date: 07 Sep 89 18:16:29 +0000 From: nitrex!rbl@uunet.UU.NET ( Dr. Robin Lake ) Subject: Re: locked macintosh disks In article <0001.8908281204.AA22127@ge.sei.cmu.edu> 3XMQGAA@CMUVM writes: |>In reply to Dan Carr's question. No, when you lock a macintosh disk and stick |>in the drive, there is absolutley no way for the virus to infect the disk. It was my understanding that the locked disk signal is read by software, not by the Mac's hardware. The standard device driver(s) for the floppy may prevent writing to a locked disk, but a virus could override the driver(s) and infect the disk --- if my understanding is correct. Rob Lake BP Research uunet!nitrex!rbl [Ed. VIRUS-L veterans will recognize this topic, much to their consternation. Please folks, let's *PLEASE* not flood the "airwaves" with hearsay. If someone has something that can be substantiated (preferably via a citation from a vendor's technical document) to offer on this, then please do so - otherwise, please let us all RUN LIKE MAD AWAY FROM THIS TOPIC.] ------------------------------ Date: 07 Sep 89 20:18:18 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Introduction to the anti-viral archives # Introduction to the Anti-viral archives... # Listing of 06 September 1989 This posting is the introduction to the "official" anti-viral archives of virus-l/comp.virus. With the generous cooperation of many sites throughout the world, we are attempting to make available to all the most recent news and programs for dealing with the virus problem. Currently we have sites for Amiga, Apple II, Atari ST, IBMPC and Macintosh microcomputers, as well as sites carrying research papers and reports of general interest. We are also in the process of organizing a number of sites for Unix anti-viral and general security issues. More information on that as things progress. If you have general questions regarding the archives, you can send them to this list or to me. I'll do my best to help. If you have a submission for the archives, you can send it to me or to one of the persons in charge of the relevant sites. If you have any corrections to the lists, please let me know. ------------------------------ Date: 07 Sep 89 05:55:00 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Amiga anti-viral archive sites # Anti-viral archive sites for the Amiga # Listing last changed 08 August 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Amiga index for the virus archives can be retrieved as request: amiga topic: index For further details send a message with the text help The administrative address is ms.uky.edu Sean Casey Access is through anonymous ftp. The Amiga anti-viral archives can be found in /pub/amiga/Antivirus. The IP address is 128.163.128.6. pd-software.lancaster.ac.uk Steve Jenkins No access details yet. uxe.cso.uiuc.edu Mark Zinzow Lionel Hummel The archives are in /amiga/virus. There is also a lot of stuff to be found in the Fish collection. The IP address is 128.174.5.54. Another possible source is uihub.cs.uiuc.edu at 128.174.252.27. Check there in /pub/amiga/virus. ------------------------------ Date: 07 Sep 89 05:55:53 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Apple II anti-viral archive sites # Anti-viral archive sites for the Apple II # Listing last changed 08 August 1989 brownvm.bitnet Chris Chung Access is through LISTSERV, using SEND, TELL and MAIL commands. Files are stored as apple2-l xx-xxxxx where the x's are the file number. cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Apple II index for the virus archives can be retrieved as request: apple topic: index For further details send a message with the text help The administrative address is pd-software.lancaster.ac.uk Steve Jenkins No access details yet. ------------------------------ Date: 07 Sep 89 05:56:44 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Atari ST anti-viral archive sites # Anti-viral archive sites for the Atari ST # Listing last changed 08 August 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Atari ST index for the virus archives can be retrieved as request: atari topic: index For further details send a message with the text help The administrative address is . pd-software.lancaster.ac.uk Steve Jenkins No access details yet. ssyx.ucsc.edu Steve Grimm Access to the archives is through FTP or mail server. With ftp, look in the directory /pub/virus. The IP address is 128.114.133.1. For instructions on the mail-based archiver server, send help to . ------------------------------ Date: 07 Sep 89 05:57:29 +0000 From: jwright@atanasoff (Jim Wright) Subject: Documentation anti-viral archive sites # Anti-viral archive sites for documentation # Listing last changed 08 August 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The index for the **GENERAL** virus archives can be retrieved as request: general topic: index The index for the **MISC.** virus archives can be retrieved as request: misc topic: index **VIRUS-L** entries are stored in monthly and weekly digest form from May 1988 to December 1988. These are accessed as log.8804 where the topic substring is comprised of the year, month and a week letter. The topics are: 8804, 8805, 8806 - monthly digests up to June 1988 8806a, 8806b, 8806c, 8806d, 8807a .. 8812d - weekly digests The following daily digest format started on Wed 9 Nov 1988. Digests are stored by volume number, e.g. request: virus topic: v1.2 would retrieve issue 2 of volume 1, in addition v1.index, v2.index and v1.contents, v2.contents will retrieve an index of available digests and a extracted list of the the contents of each volume respectively. **COMP.RISKS** archives from v7.96 are available on line as: request: comp.risks topic: v7.96 where topic is the issue number, as above v7.index, v8.index and v7.contents and v8.contents will retrieve indexes and contents lists. For further details send a message with the text help The administrative address is lehiibm1.bitnet Ken van Wyk new: This site has archives of VIRUS-L, and many papers of general interest. Access is through ftp, IP address 128.180.2.1. The directories of interest are VIRUS-L and VIRUS-P. pd-software.lancaster.ac.uk Steve Jenkins No access details yet. unma.unm.edu Dave Grisham This site has a collection of ethics documents. Included are legislation from several states and policies from many institutions. Access is through ftp, IP address 129.24.8.1. Look in the directory /ethics. ------------------------------ Date: 07 Sep 89 05:58:20 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: IBMPC anti-viral archive sites # Anti-viral archive for the IBMPC # Listing last changed 06 September 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The IBMPC index for the virus archives can be retrieved as request: ibmpc topic: index For further details send a message with the text help The administrative address is ms.uky.edu Daniel Chaney This site can be reached through anonymous ftp. The IBMPC anti-viral archives can be found in /pub/msdos/AntiVirus. The IP address is 128.163.128.6. pd-software.lancaster.ac.uk Steve Jenkins No access details yet. uxe.cso.uiuc.edu Mark Zinzow This site can be reached through anonymous ftp. The IBMPC anti-viral archives are in /pc/virus. The IP address is 128.174.5.54. vega.hut.fi Timo Kiravuo This site (in Finland) can be reached through anonymous ftp. The IBMPC anti-viral archives are in /pub/pc/virus. The IP address is 128.214.3.82. wsmr-simtel20.army.mil Keith Peterson Direct access is through anonymous ftp, IP 26.2.0.74. The anti-viral archives are in PD1:. Simtel is a TOPS-20 machine, and as such you should use "tenex" mode and not "binary" mode to retreive archives. Please get the file 00-INDEX.TXT using "ascii" mode and review it offline. NOTE: There are also a number of servers which provide access to the archives at simtel. WSMR-SIMTEL20.Army.Mil can be accessed using LISTSERV commands from BITNET via LISTSERV@NDSUVM1, LISTSERV@RPIECS and in Europe from EARN TRICKLE servers. Send commands to TRICKLE@ (for example: TRICKLE@AWIWUW11). The following TRICKLE servers are presently available: AWIWUW11 (Austria), BANUFS11 (Belgium), DKTC11 (Denmark), DB0FUB11 (Germany), IMIPOLI (Italy), EB0UB011 (Spain) and TREARN (Turkey). ------------------------------ Date: 07 Sep 89 05:59:14 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Macintosh anti-viral archive sites # Anti-viral archive sites for the Macintosh # Listing of 08 August 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Mac index for the virus archives can be retrieved as request: mac topic: index For further details send a message with the text help The administrative address is ifi.ethz.ch Danny Schwendener Interactive access through SPAN/HEPnet: $SET HOST 20766 or $SET HOST AEOLUS Username: MAC Interactive access through X.25 (022847911065) or Modem 2400 bps (+41-1-251-6271): # CALL B050 Username: MAC Files may also be copied via SPAN/HEPnet from 20766::DISK8:[MAC.TOP.LIBRARY.VIRUS] pd-software.lancaster.ac.uk Steve Jenkins No access details yet. rascal.ics.utexas.edu Werner Uhrig Access is through anonymous ftp, IP number is 128.83.144.1. Archives can be found in the directory mac/virus-tools. Please retrieve the file 00.INDEX and review it offline. Due to the size of the archive, online browsing is discouraged. scfvm.bitnet Joe McMahon Access is via LISTSERV. SCFVM offers an "automatic update" service. Send the message AFD ADD VIRUSREM PACKAGE and you will receive updates as the archive is updated. You can also subscribe to automatic file update information with FUI ADD VIRUSREM PACKAGE sumex-aim.stanford.edu Bill Lipa Access is through anonymous ftp, IP number is 36.44.0.6. Archives can be found in /info-mac/virus. Administrative queries to . Submissions to . There are a number of sites which maintain shadow archives of the info-mac archives at sumex: * MACSERV@PUCC services the Bitnet community * LISTSERV@RICE for e-mail users * FILESERV@IRLEARN for folks in Europe wsmr-simtel20.army.mil Robert Thum Access is through anonymous ftp, IP number 26.2.0.74. Archives can be found in PD3:. Please get the file 00README.TXT and review it offline. ------------------------------ Date: Thu, 07 Sep 89 01:00:07 -0500 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: list of unix sites Here is the list of Unix sites as I have it. It obviously is in need of some filling out. Information on access and contents of the archives would be helpful. Also make sure to let me know about any errors in the list. Jim - ------------------------ # Anti-viral and security archive sites for Unix # Listing last changed 06 September 1989 attctc Charles Boykin Accessible through UUCP. cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index For further details send a message with the text help The administrative address is netCS Hans Huebner netCS is a public access Unix site in Berlin which is also accessible through UUCP. sauna.hut.fi Jyrki Kuoppala Accessible through anonymous ftp, IP number 192.26.107.100. ucf1vm Lois Buwalda Accessible through wuarchive.wustl.edu Chris Myers Accessible through anonymous ftp, IP number 128.252.135.4. A number of directories can be found in ~ftp/usenet/comp.virus/*. ------------------------------ Date: Thu, 07 Sep 89 14:40:52 -0500 From: IRMSS907%SIVM.BITNET@VMA.CC.CMU.EDU Subject: VM Virus Warning (IBM VM/CMS) I got this from the PROFS-L discussion list...Mignon Erixon-Stanford *** Forwarding note from KIEFFER --UNCANET 09/06/89 19:48 *** Date: Wed, 6 Sep 89 18:16 PDT A computer virus has just appeared in the CERNVM system in the form of a set of files which copy themselves to your A-disk when you execute the commands RELEASE or DROP. The mechanism is that there is a modified RELEASE EXEC which invokes a module called DVHVIR which copies itself, plus other files, to your A-disk. It is sufficient to be linked to a disk containing these viruses to be vulnerable to them. Some of the copied files pretend to be parts of the directory maintenance system and we do not yet know what damage they may cause. Please take the following action: look for any of the following files on your disks and ERASE them at once RELEASE EXEC DVHGMN EXEC DVHGKB EXEC DMSXMS EXEC DVHVIR MODULE We are attempting to find the source of this virus and are taking other preventative measures. User Support ------------------------------ End of VIRUS-L Digest *********************