[1667] in Virus_Discussion_List
VIRUS-L Digest V10 #90
daemon@ATHENA.MIT.EDU (VIRUS-L/comp.virus Moderator)
Tue Aug 12 22:08:04 1997
Date: Wed, 13 Aug 1997 01:25:42 +0100
Reply-To: virus-l@Lehigh.EDU
From: "VIRUS-L/comp.virus Moderator" <moderator@virus-l.demon.co.uk>
To: "Computer Virus Discussion List" <virus-l@Lehigh.EDU>
VIRUS-L Digest Wednesday, 13 Aug 1997 Volume 10 : Issue 90
Today's Topics:
Do I need different scanners for different OSes?
Congratulations to Central Command Inc. NOT
Request for any antivirus source codes
Get free virus detection software -- download from Dave Central
special email scanner searched
CVP antivirus tutorial available on the Web
TECH_VIR_F-L
Macro Virus List June 30, 1997
Interview with Symantec's Alex Haddox!
Win FREE AntiVirus software from Symantec!
VTC test "1997-07" published?
Auto-scanning for diskette viruses under Unix (UNIX)
Re: POLL: Decrypting Password Protected DOC files (WORD)
MS-WORD MACRO virus called CAP (WORD)
Unknown Macro virus (WORD)
another Word macro virus ??? (WORD)
Unknown virus (WIN95)
Dr Solomon's S.O.S. takes hours .... (WIN95)
Possible virus (WIN95)
Mcafee and Novell Client 32 (WIN)
Unknown Possible Virus (WIN)
McAfee Wscan (WIN)
shell for McAfees SCAN for DOS (PC)
FORM_A (PC)
FORM on a 68030 CNC machine??? (PC)
help w/ HOT.A VIRUS plz... (PC)
AntiExe virus (PC)
McAfee VShield (PC)
Virus Traces (PC)
McAfee VirusScan 3.0 Setup Problem-Recovery Disk (PC)
Re: Reconstructing MBR after Monkey-B infection (PC)
[@AOL Trojans] (PC)
Linking Two Executable Files (PC)
Re: Anticmos removed, comp jacked (PC)
MARZIA-BARACUDA (PC)
I need a boot program and a protection!!! (PC)
Belorussia Virus (PC)
Unidentified (new?) virus-like behaviour (PC)
belorussia virus ????? (PC)
HELP! Hard drive set to "NON-DOS" partition (PC)
Help wanted on Fient virus! (PC)
Re: Invircible (PC)
REQ: Educated Opinion (PC)
Re: "Need some milk" message (PC)
Underground extract: System X [long]
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is its gatewayed and non-digested USENET
counterpart. Discussions are not limited to any one hardware/software
platform--diversity is welcomed. Contributions should be relevant,
concise, polite, etc. (The complete set of posting guidelines is
available by FTP on ftp.infospace.com/pub/virus-l (IP 206.129.166.107)
or upon request.) Please sign submissions with your real name; clearly
faked or anonymous postings will not be accepted. Some antivirus
documentation, and a full set of back-issues are also archived at
ftp.infospace.com, which is also the home of our FAQ (Frequently Asked
Questions) document.
Administrative mail (e.g., comments or suggestions) should be sent to
me at: nick@virus-l.demon.co.uk. (Beer recipes should still be sent to
Ken van Wyk at: krvw@mnsinc.com.)
VIRUS-L subscribers wanting help with list-processor commands should
send a message to listserv@lehigh.edu with the command "info virus-l"
in the body of the message (the listserv ignores Subject: lines).
All submissions should be sent to: VIRUS-L@lehigh.edu.
Nick FitzGerald
----------------------------------------------------------------------
Date: Fri, 20 Jun 1997 17:22:33 -0700
From: Dennis Maurer <dmaurer@netcom.com>
Subject: Do I need different scanners for different OSes?
X-Digest: Volume 10 : Issue 90
A question I was unable to find in the FAQ...
I have a very basic understanding of viruses, but there are
several types of detecting programs.
I run a scanner on EVERY new file (not just programs) I
receive, but does the type of scanner make any difference ?
For example, do I need to run a scanner that is designed
for Windows or OS/2 or does my simple DOS version (updated
every few months, of course) work just as well.
I have only DOS scanners (F-prot) and wonder if the few
times I run Windows if I am unprotected ?
I also have F-prot running as a TSR and wonder if the same
applies, or do I need Windows, OS/2, Win95 TSRs as well ?
Regards,
Dennis M. Maurer
------------------------------
Date: Tue, 17 Jun 1997 16:05:48 GMT
From: 4u@interquest.de (Bob Appleton)
Subject: Congratulations to Central Command Inc. NOT
X-Digest: Volume 10 : Issue 90
Let me congratulate your webmaster for effectively excluding from your
website http://www.command-hq.com all email only users, Lynx users, sight
impaired users, etc. I'll bet he's enrolled in all the latest tech courses
for clueless bozos whose only concern is their ability to strut and say,
"Look here at what I've done". And NO I do not want to upgrade to the
latest browsers, which usually have more bugs than a manure pile.
I wonder how much trouble it would have been to include text-only/no-frames
pages? Guess that takes a back seat to all the latest doo-dad garbage.
WAKE UP - I didn't visit your site for the latest graphic technology; I came
for information which obviously, I didn't get.
Once again, thanks from me and 70+% of the world population. Bob A.
********Remove the word SPAMBLOCK to send me a message********
email4u.txt-getit4u.txt-pix4u.txt-fun4u.txt are found on these fine sites:
ftp://ftp.crl.com/users/iv/iverham/
http://members.aol.com/bombagirl/freeware/
http://inetw.com/home/ak/4useries/
------------------------------
Date: Mon, 16 Jun 1997 14:38:37 +1100
From: JAMBORM@gh-i.gytool.cz
Subject: Request for any antivirus source codes
X-Digest: Volume 10 : Issue 90
Please, can anyone send me or help me find any source codes or realy
good documentation of any antivirus routines esp. Heurestic ones. For
non-commercional purposes only. I'm creating a system monitoring
program and I'd also like to know something about detecting
viruses (in some other way than scanning 'cos I do not want o create
huge library of viruses).
Thanks a lot
Martin Jambor
JamborM@gytool.cz
------------------------------
Date: Fri, 27 Jun 1997 12:24:08 -0700
From: ron@cybernautics.com (Ron Hogan)
Subject: Get free virus detection software -- download from Dave Central
X-Digest: Volume 10 : Issue 90
Choosing virus detection software is one of the most important decisions
you can make about your computer. If you're running Windows, that choice
can be a lot easier. The Dave Central Software Archive has several
freeware, shareware, and demo versions of virus detectors available for
free download. Dave Central provides short descriptions of each program,
so you're not just downloading blindly, and also links to the home pages
for the manufacturers if you want more product info.
Dave Central also has a full selection of other software products
available for free download, covering everything from web design to
email to streaming media. Visit http://www.davecentral.com/ to browse
through the archives and choose the software that's right for you.
Ron Hogan
- ---------------------------------------------------
ron@cybernautics.com
[Moderator's note: While the sentiment behind this kind of thing is
understandable, I'd suggest that downloading AV s/w from the original
vendor site is not only "safer" but you are more likely to get the very
latest updates, or at least see the pointers to them.
Also, several vendors *forbid* redistribution of their evaluation
versions, which are the only ones they make freely available for
download. As several of the better products clearly fall in this
category, Ron/Dave must be offering a quite limited selection, at least
at the top end of the performance scale.]
------------------------------
Date: Wed, 02 Jul 1997 10:05:31 +0200
From: Martin Scharpf GI/D <schamrde@bbraun.com>
Subject: special email scanner searched
X-Digest: Volume 10 : Issue 90
we are a large company and want to scan our email which comes
in from the Internet for viruses.
Are there any special scan programms for email, i.e. in my opinion
such a program has to know all about conversion of attached files
plus compression. I think normal scanners can't cope with email
attachement.
Any comments or solutions?
TIA Martin Scharpf
------------------------------
Date: Wed, 02 Jul 1997 16:41:57 -0500 (EST)
From: "Rob Slade, doting grandpa of Ryan & Trevor" <roberts@mukluk.hq.decus.ca>
Subject: CVP antivirus tutorial available on the Web
X-Digest: Volume 10 : Issue 90
Expanded from my seminar notes, the CVP (Computer Viral Programs) files were
published as a weekly series on Internet and Fidonet between 1991 and 1994.
Eventually they became the basis for the book proper section of "Robert Slade's
Guide to Computer Viruses" (and the title was *not* my idea). I started the
series before the VIRUS-L FAQ was available, but the intent was the same: to
provide newcomers with basic virus and antivirus information, and to answer
some of the more commonly asked questions. If interested, check out:
http://www.freenet.victoria.bc.ca/techrev/mnvrcv.html.
Portions of the history files have been collated and appear on some virus
related Web pages, but as far as I know this is the first time the rest have
been available on the Web. At present these pages simply link a number of the
original CVP files. More will be added later. Eventually I hope to be able to
correct and update some files that need it, but for the most part they are
still reasonably valid.
Currently, there is material for Definitions, Terminology and Myths; the
Beginners Panic Guide to Viral Programs; Computer, and Viral, Functions;
Memoirs and Editorials; and Reader questions.
======================
roberts@decus.ca rslade@vcn.bc.ca slade@freenet.victoria.bc.ca
"If you do buy a computer, don't turn it on." - Richards' 2nd Law of Security
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)
============= for back issues:
AV contacts : http://www.freenet.victoria.bc.ca/techrev/mnvr.html
list, reviews,: http://www.freenet.victoria.bc.ca/techrev/quickref.html
review FAQ and: http://www.freenet.victoria.bc.ca/techrev/avrevfaq.html
AV tutorial : http://www.freenet.victoria.bc.ca/techrev/mnvrcv.html
http://csrc.ncsl.nist.gov/virus/virrevws/
ftp://ftp.cs.ucr.edu/pub/virus-l/docs/reviews
Viral Morality: http://www.bethel.edu/Ideas/virethic.html
Book reviews: http://www.freenet.victoria.bc.ca/techrev/mnbk.html
http://www.freenet.victoria.bc.ca/techrev/review.html
http://www.webwaves.com/books/slade
ftp://x2ftp.oulu.fi/pub/books/slade
http://mag.mechnet.com/mne/books/reviews/slade/
gopher://gopher.technical.powells.portland.or.us:70
http://www.utexas.edu/computer/vcl/bkreviews.html
Book columns: http://www.freenet.victoria.bc.ca/techrev/mnbkc.html
Freebie Mags: http://www.freenet.victoria.bc.ca/techrev/magazine.html
RobertS Rules of Internet Order: http://www.techbabes.com/zine/rules.html
http://www.brandonu.ca/~ennsnr/Resources/order.html
------------------------------
Date: Wed, 09 Jul 1997 11:22:00 -0500
From: "Rob Slade, doting grandpa of Ryan & Trevor" <roberts@mukluk.hq.decus.ca>
Subject: TECH_VIR_F-L
X-Digest: Volume 10 : Issue 90
Hi Nick,
It is normal for you to be the first to know the creation of an
equivalent of VIRUS-L but in the language of MOLIERE.
The effective opening date for TECH_VIR_L will be the first week of
September but subscriptions are now possible.
Effectively, many people in France, Belgium and Quebec was annoyed by
the English language :-(
This Listserv will be moderated by Marc Blanchard (TrendMicro) and me.
I hope that VIRUS-L and TECH_VIR_F-L will work in the same way and
that the profitable exchanges will be numerous...
To subscribe to Tech_vir_f-L, send e-mail to
envoi.techvirf-l@mail.dotcom.fr with the following subject :
SUBSCRIBE your-email-adress
For example:
SUBCRIBE nick@virus-l.demon.co.uk
To be removed from the Tech_vir_f-L mailing list, send a message to
envoi.techvirf-l@mail.dotcom.fr with the following subject :
UNSUBSCRIBE your-email-adress
For example:
UNSUBCRIBE nick@virus-l.demon.co.uk
Francois PAget
McAfee
AV Research - Europe
------------------------------
Date: Thu, 10 Jul 1997 18:29:48 +0200
From: Klaus Brunnstein <brunnstein@rz.informatik.uni-hamburg.d400.de>
Subject: Macro Virus List June 30, 1997
X-Digest: Volume 10 : Issue 90
=========================================
SUMMARY:
Macro Virus List (PC + Macintosh)
according to VTC name specification
including (PC) In-The-Wild Indication
=========================================
Vesselin Bontchev @ FSI
+ Klaus Brunnstein, Uni-Hamburg
+ Joern Dierks, VTC Uni-Hamburg
+ Thomas Buck, VTC Uni-Hamburg
VTC = Virus Test Center
Status: June 30, 1997
>>> Copyright (c) 1997 University of Hamburg, Germany <<<
The number of known macro viruses in June 1997 grew again significantly:
with 18 new strains 132 new viruses, growth was significantly reduced as
compared to previous months (e.g. 37 new strains with 246 new viruses in
May). Only 22 months after Microsoft shipped the first Word macro virus
(Concept.A), the 1000th macro virus was reported around June 20, 1997.
Strains with fastest growth include Showoff (+15) as well NPAD and
CAP (+12) whereas growth of Wazzu (+5) and Concept (+3) is moderate.
The "list of known macro viruses", dated June 30, 1997, reports in
detail about all known macro-related malware. Here are the essential
statistical data:
Word + Other = Total (New)
--------------------------------------------------------------
Number of Strains 214 + 15 = 229 ( 18)
Number of Viruses 1051 + 14 = 1065 (132)
Number of Trojans 21 + 7 = 28 ( 0)
Number of Generators 10 + 0 = 10 ( 0)
Number of Intendeds 22 + 1 = 23 ( 0)
Number of Jokes 0 + 1 = 1 ( 0)
--------------------------------------------------------------
Remarks: (*)=(viruses+trojans+intendeds+jokes)
The following 14 new WORD macro virus strains have been reported in June 1997:
Balrog.A:Sp, Childish.A, Dracula.A, Goldsecret.A, Illiterate.A, Panjang.A,
Red.A:De, Schumann.A, Since.A, Socks.A, Underground.A, Vampire.A:-B.Tw(2),
Veneno.A:Sp, Vicinity.A-B:De(2)
In addition, 4 new virus strains replicating under WORD97 have been reported:
Calendar.A, Cmd.A, Sparkle.A, Rehenes.A
The following 132 variants of previously known macro viruses have been
reported in June 1997:
Alien.F, Alliance.B, Anarchy.6093, Bandung.AP-AR(3), Bismark.E, Box.C:Tw,
CAP.B,C,N-W(12), Clock.I:De, Colors.BC-BK(9), Concept.AT-AV(3),
CVCK1.I, DMV.F, Dzt.E-F(2), Goldfish.C, Hybrid.D-F(3), Imposter.D,
Irish.Q, Johnny.C1,N,N1(3), Killok.C, Kompu.D-F(3), Lunch.D, MDMA.S-U(3),
Muck.F, NiceDay.K-M(3), NJ-WMDLK1.J, NOP.J-L:De(3), Npad.BQ-BZ,CA-CB(12),
Nuclear.N, PayCheck.D, Pesan.B, Pig.F:Tw, Rap.AJ2, Rats.D, ShowOff.BD-BR(15),
Smiley.C:De, Swlabs.C-D(2), Temple.B, Trap.D:Tw, Twno.Y:Tw, TwoLines.J-N1(9),
Wazzu.CE-CI(5)
The following new viruses were found to replicate esp. under Word97:
Concept.A, DWMVCK1.A-B(2), Minimal.D
The following new viruses replicate under MS Excel and Excel 97:
ExcelMacro/Laroux.D-E(2)
Finally, one macro virus generator was reported:
WordMacro/NJ-WMVCK.2B
==============================================================================
AVAILABILITY
==============================================================================
This list is published monthly (normally between the 3rd and 8th of a month)
and can be downloaded via FTP from VTCs "new" WWW/FTP site:
ftp://agn-www.informatik.uni-hamburg.de/pub/texts/macro/
The filenames used are:
MACROLST.yym (long version)
MACROL_S.yym (short version)
"yym" stands for:
yy = Year,
m = Month ("1"..."9" for January...September and
"A" = October, "B" = November, "C" = December.
Both lists are also available from VTCs "old" ftp site:
ftp.informatik.uni-hamburg.de/pub/virus/macro/macrolst.*
==============================================================================
------------------------------
Date: 8 Aug 1997 16:47:21 GMT
From: "comp.media" <comp.media@village2000.com>
Subject: Interview with Symantec's Alex Haddox!
X-Digest: Volume 10 : Issue 90
Alex talks about the computer virus industry...
To read the interview, point your web browser to:
http://www.village2000.com/comp.media/software/symantec/sarc/
------------------------------
Date: 22 Jul 1997 01:22:36 GMT
From: "comp.media" <comp.media@village2000.com>
Subject: Win FREE AntiVirus software from Symantec!
X-Digest: Volume 10 : Issue 90
For more details, point your web browser to:
http://www.village2000.com/comp.media/softwaregiveaway.htm
------------------------------
Date: Wed, 23 Jul 1997 14:46:35 +0200
From: Klaus Brunnstein <brunnstein@rz.informatik.uni-hamburg.d400.de>
Subject: VTC test "1997-07" published?
X-Digest: Volume 10 : Issue 90
Those interested in AntiVirus product quality assessment may wish
to look at
ftp or http://agn-www.informatik.uni-hamburg.de/vtc
where a link to VTCs ftp site points to the actual AV Test report.
We have tested about 40 products/versions for their ability to
detect boot, file and macro viruses (plus some selected macro and
file malware such as trojans, droppers etc) under DOS, Windows 95
and Windows NT. For readers in hurry, "0xecsum.txt" contains
essential findings, including evaluation of tables. There is also
a comparison with results of our February 1997 tests, which nicely
show how scanner quality develops (at least in most cases :-).
Any comments are welcomed. Regards Klaus Brunnstein (July 23,1997)
------------------------------
Date: Fri, 25 Jul 1997 16:58:30 +1200
From: phys169@cantva.canterbury.ac.nz (Mark Aitchison - Physics and Astronomy Computologist)
Subject: Auto-scanning for diskette viruses under Unix (UNIX)
X-Digest: Volume 10 : Issue 90
I'm trying to get Solaris and Linux to check for viruses on diskettes when they
are inserted in the Unix system ('cause some people bring DOS disks in).
Unfortunately the two operating systems have different ideas of auto-mounting,
neither of which is anything like the way you can hook into DOS. I think I've
got the hang of how to do this under Solaris, but Linux is still a problem.
Sorry if this isn't the best place to ask, but:
(a) Is anybody interested in (free) software to scan diskettes automatically
on Unix systems (for mainly PC viruses)
(b) does anybody know enough about the way the "auto" filesystem type works
to help me run a shell script at the appropriate time??
- ------------------------------------------------------------------------------
Mark Aitchison, Physics & Astronomy \_ Phone : +64 3 3642-947 a.h. 3371-225
University of Canterbury, </ Fax : +64 3 3642-469 or 3642-999
Christchurch, New Zealand. /) E-mail: phys169@csc.canterbury.ac.nz
(witty saying under construction) (/'
------------------------------
Date: Mon, 16 Jun 1997 16:17:34 -0700
From: Charles Renert <crenert@symantec.com>
Subject: Re: POLL: Decrypting Password Protected DOC files (WORD)
X-Digest: Volume 10 : Issue 90
Chengi J. Kuo wrote:
> Assuming that an antivirus product will be able to detect a virus in a
> file, even if it's password protected, how would you users out there
> want/expect this mechanism to work?
>
> As you know, there are some viruses that password encrypt files along
> the way. The user does not know what the password is. Sometimes, it's
> a random password and no one knows. Sometimes, it's a password you can't
> type in anyway...
>
> Anyway, here are some thoughts. Please feel to to suggest other scenarios
> if these "development's side" views don't fit... (To me, this seems to
> encompass all possibilities, but hey...)
>
> 1) If the file is passworded and has a virus, remove virus, remove
> password.
>
> 2) If the file is passworded and has a virus, remove virus, leave
> password.
How about making it a configurable choice (via options tab or message
box) for the user?
-Charles
======================================================================
Charles Renert Symantec Corporation
Development Manager http://www.symantec.com/avcenter
Symantec AntiVirus Research Center CIS: GO SYMWIN
crenert@symantec.com GO SYMNEW
US Support: 541-465-8420 AOL: SYMANTEC
European Support: 31-71-353-111 Australian Support: 61-2-879-6577
======================================================================
------------------------------
Date: Mon, 16 Jun 1997 12:35:03 +0530
From: Sunil Chitale <chitales@pcsbom.patni.com>
Subject: MS-WORD MACRO virus called CAP (WORD)
X-Digest: Volume 10 : Issue 90
Removing this macro meant reinstalling the NORMAL.DOT file and starting
WORD with the Auto Macro disabled.
Thanks in advance for any more inputs on what the macro-virus CAP does.
Regards
Sunil Chitale
chitales@pcsbom.patni.com
Tel : 91-22-836 1454 ext 207
Fax : 91-22-821 6764
------------------------------
Date: 7 Jul 1997 23:35:59 GMT
From: "The Zombiks" <rngpfdr@stainless.niia.net>
Subject: Unknown Macro virus (WORD)
X-Digest: Volume 10 : Issue 90
Has anybody run into a macro virus in Word 7.0a that will do these 4
things? It gets rid of the Macro... and Customize... options under the
Tools menu option. Disables the Template option under the File menu
option. Cause an auto save when closing a document, and finally it edits
the Normal.Dot file in Word 7.0a. I have ran ScanProt from Microsofts
webpage and Virusscan from McAfee and neither of them picked it up. Any
ideas or help?
------------------------------
Date: Mon, 21 Jul 1997 20:36:40 -0700
From: David <bvdgslce@uscmail.usc.es>
Subject: another Word macro virus ??? (WORD)
X-Digest: Volume 10 : Issue 90
Hi. I have seen several strange things in many computers in my lab and
I guess they are caused by a Word macro virus but I'm not sure because
our antivirus is a bit out of date (February 97). Could anyone tell me
if it is a virus and its name? And of course I would like to know what
else could happen if I don't remove this virus right now (I mean,
deleting files after a number of sessions or things like that). If it is
a virus, what other effects it has and which antivirus and version
should be used to remove it?
These are the effects I have seen:
-When using "file - save as" option: the expression "F%SA" appears in
the lower left corner of the screen
-The "tools - macros" options IS MISSING
-When I open an old file the first thing Word makes is autosaving it
PLEASE REPLY ALSO TO MY EMAIL ADDRESS, since I'm not subscribed to
this group.
Thank you very much in advance,
David
David Garcia
University of Santiago de Compostela
Galiza - Spain
------------------------------
Date: Mon, 07 Jul 1997 17:14:53 +0000
From: guba@bong.bwl.uni-mainz.de
Subject: Unknown virus (WIN95)
X-Digest: Volume 10 : Issue 90
I've got a problem with a virus typing zeroes "0" into any field on a
Win95 screen. McAffee (4/97) didn't fix this. Can anyone help me?
Please mail to guba@bong.bwl.uni-mainz.de
Bye
Andreas
[Moderator's note: Classic case of "something wrong--I must have a
virus". Odds-on this problem was not viral at all. Dodgy keyboard
most likely...]
------------------------------
Date: Thu, 10 Jul 1997 20:07:06 -0500
From: Lubos&Irene Palounek <LIPal@concentric.net>
Subject: Dr Solomon's S.O.S. takes hours .... (WIN95)
X-Digest: Volume 10 : Issue 90
I just bought the Dr. Solomon's Anti-Virus. Following instruction from
the March 1997 User Manual, I turned the HP OmniBook PC off, and booted
my HP Omnibook 600C from the Dr. Solomon's S.O.S. diskette, Version 7.69
At the first screen, I pressed F3 to "scan all"; I could hear the a:
drive for about a minute, and than nothing. The screen titled "Scan all
files for viruses" is empty except the title and a note on the bottom:
"Please wait -
scanning local drives."
Now, over two hours later, the screen is still the same. "Please wait -
scanning local drives." No indication how many hours to wait ...
I am using:
HP OmniBook 600C with 75MHz 486 and 16 MB of memory
OmniBook ROM BIOS Version 4.01
Windows 95 and Windows 95 Plus
S.O.S. Version 7.69
Frankly, I thought that the whole installation will take under one hour.
To spend over two hours on the "pre-installation check" diskette is bad.
If you have any experience with such a situation, please help -
mailto:LIPal@concentric.net -- I am writing from my desk-top computer.
Regards, Lubos Palounek
------------------------------
Date: Wed, 16 Jul 1997 10:51:11 -0400
From: mcclaine@juno.com (Mark F McClaine)
Subject: Possible virus (WIN95)
X-Digest: Volume 10 : Issue 90
I need to know if there any viruses that could affect saving files.
Notepad in Windows 95 will no longer save files as htm or any other
type. It will only save them as text files. I ran a virus scan and no
virus was detected. Could it be a hidden virus affecting my Windows95
Programs. Reply directly to me, because I have not been receiving any
virus-l digest messages lately.
Mark
------------------------------
Date: Mon, 30 Jun 1997 09:46:13 -0600
From: Scott Oakes <fagotto@dimensional.com>
Subject: Mcafee and Novell Client 32 (WIN)
X-Digest: Volume 10 : Issue 90
Has anyone had problems with vshwin 3.0.1 while running Novell Client 32
on windows 3.1?
By default, the Mcafee installation puts vshwin in the load line of
win.ini. When it tries to load, I get an error stating "unable to
esatablish communications link between application and device driver"
This happens only when Client 32 is loaded. If i use the old VLM shell, I
do no get the error, nor when I was using Mcafee 2.x
any help would be appreciated.
Scott Oakes
------------------------------
Date: Thu, 10 Jul 1997 18:13:15 -0400
From: "Jeremy C. Lassiter" <jclassit@hamlet.uncg.edu>
Subject: Unknown Possible Virus (WIN)
X-Digest: Volume 10 : Issue 90
Ok I was sitting windows doing nothing. Next thing I know up pops my
printer window. (my printer is off) So I check the window and something
called "The Avatar" is trying to print. So I turn on the printer and
one line gets printed. Hell Lord: I SENSE AN EVIL PRESENCE. The Avatar.
The weird thing about this was is Hell Lord is my log in name for
windows. So I immediatly went and scanned EVERYTHING with Tbav 8.01 and
F-prot 2.27 and they found absolutly nothing. If anyone has had this
virus and removed it or done something with it please help me out. As
for symptoms I have found none as of yet besides the odd print message.
------------------------------
Date: 21 Jul 1997 04:21:49 GMT
From: tr.arizona@worldnet.att.net (Tim Rogers)
Subject: McAfee Wscan (WIN)
X-Digest: Volume 10 : Issue 90
I have a problem with Wscan 3.0.1 dumping me to Dos from WFWG's
3.11....Vshield loads and runs....and all Dos applications of Viruscan
work...but the instant I hit Wscan in Windows...I'm dumped to
Dos...anyone have any ideas on this....?
TIA
TR
------------------------------
Date: Tue, 15 Jul 1997 14:16:05 GMT
From: julian.ilicki@soc.uu.se (Julian Ilicki)
Subject: shell for McAfees SCAN for DOS (PC)
X-Digest: Volume 10 : Issue 90
I'm looking for a FW/SW shell software for DOS, for using with
McAfee' SCAN/SCANPM for DOS vers. 3.0.x.
Could anyone please forward me to a WWW or FTP site that has
this kind of software?
Julian
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Julian Ilicki, Ph.D. e-mail: julian.ilicki@soc.uu.se
Uppsala Univ., Dept. of Sociology, Box 821, S-751 08 Uppsala, Sweden
voice, office: +46 - 18 4711513 voice, private: +46 - 18 204747
fax, Dept.: +46 - 18 4711170 cellular: +46 - 70 7533731
------------------------------
Date: Thu, 26 Jun 1997 11:33:31 -0700
From: "jigo@erols.com" <jigo@erols.com>
Subject: FORM_A (PC)
X-Digest: Volume 10 : Issue 90
My home PC is apparently infected with FORM_A virus. When I put a disk
that has been in its drive into my computer at work, which has MaAfee
antivirus, I get the message "The boot record of this disk is infected
with the FORM_A virus", with the option to clean the disk. This
happened even when I hadn't opened a file from the disk on my home PC!
I tried TB antivirus software on my PC; it confirmed the presence of
FORM_A but does not get rid of it. I'd like to get some indication of
what will work before trying another antiviral program. There are no
other obvious indications that anything is wrong although my hard drive
does seem to use up a lot of disk space.
------------------------------
Date: Tue, 1 Jul 1997 20:22:55 +0100
From: Andi Carey <andi@amcarey.take_this_outdemon.co.uk>
Subject: FORM on a 68030 CNC machine??? (PC)
X-Digest: Volume 10 : Issue 90
I wonder if anyone can help me with this;
I am a service engineer for a machine tool company, I was called out to
a CNC machine (power press) that had gone a little 'screwy', certain
softkeys were causing un-expected actions to take place shortly before
the control crashed. The problems were reported as happening around
midnight 28th-29th June.
I retreived the spare Boot disks in order to reload the software and put
them into my laptop in order to read any readme files and my laptop's
virus checker tells me that the disks are infected with FORM_A virus.
The trouble is the machine processor is a Motorola 68030 and should not
be affected (should it ?) but Dr Solomon tells me that this virus "plays
tricks with the keyboard".
Please note that although Dr Solomon's description gives this virus an
almost mischeivous quality it is in reference to a PC and not a 220 ton
power press where a keyboard mix-up could have fatal consequences, so
excuse me if I come across as 'over cautious'.
Am I barking up the wrong tree or what ?
- -
_________________________________________________
/\__/\ | Andi Carey PGP 1024/47117D75 |
/(o)(o)\ | Grease monkey, Mouse charmer, pathological liar |
===(..)=== | tweaker of the tweakable & bigger than a rabbit |
\'.--.'/ |_________http://www.amcarey.demon.co.uk__________|
------------------------------
Date: Tue, 08 Jul 1997 20:02:21 GMT
From: sly@mo.net (Bill Thompson)
Subject: help w/ HOT.A VIRUS plz... (PC)
X-Digest: Volume 10 : Issue 90
When I boot-up, I run McAfee virus scan, it shows traces of the HOT.A
virus in memory. I have tried many times,with many anti-virus
programs, to remove it with no luck.
The one problem I am unable to resolve is that my system boots from my
"C" drive ( which has been formated using E-Z drive 8.01W from western
digital ) and when I boot from my "system bootable disk", my command
prompt shows drive "C" however the contents of the dir. show the
contents of a different drive ( "D" drive ). When I run a scan on drive
"C" it only shows the contents of drive "D" as being scaned but
indicates drive "C" as the drive being scaned...
If anyone has any suggestions on how to correct my problem, I would be
very greatful.
Please E-MAIL if possible.>>> sly@mo.net
Thank's - Bill T.
[Moderator's note: Hot.A--isn't that a macro virus? Why should Scan be
looking for that (or any other macro virus) in memory?]
------------------------------
Date: Thu, 10 Jul 1997 19:44:20 +0200
From: Geir Andersen <geiern@usa.net>
Subject: AntiExe virus (PC)
X-Digest: Volume 10 : Issue 90
- - How do i remove the antiexe virus from my computer
i have got a pentium 166 with 32 mb ram
with windows 95
Tried to install norton antivirus
but said that i needed a clean boot
same with f-PROT
"I don`t have a bootdisk"
Please E mail me
***************************************
*- Vennlig hilsen *
*<Geir andersen>mailto:geiern@usa.net *
------------------------------
Date: Fri, 11 Jul 97 09:06:26 +0200
From: Massimo.MONTANARO@st.com
Subject: McAfee VShield (PC)
X-Digest: Volume 10 : Issue 90
I have a problem with McAfee Virus Scan 3.01, downloaded from internet
and installed on my computer (system configuration: Pentium 133 Mhz,
16 Mb RAM, 1.6 Gb HARD DISK, windows95B).
If I load VShield at start-up and open whatever application, the system
crashes when I try to close window95 session (whether I stop or reboot
the system).
Can anyone help me?
Thank you
------------------------------
Date: Fri, 11 Jul 1997 20:38:11 GMT
From: raya <skategal@ix.netcom.com>
Subject: Virus Traces (PC)
X-Digest: Volume 10 : Issue 90
Whenever I load windows, before it I get a message from virusscan. It
says "Traces of OM.A:DE virus found in memory.
Then it tells me to reboot with a system startup disk. I do, and then
when I reboot I'm at the a:\ prompt. I type c:\ for my harddrive, but it
says invalid drive specification. When I just ignore it, and enter
windows, at the startup I get a message from Virusscan saying "Unable to
establish communication link between application and device driver."
Now, whenever I try to print something, nothing happens. I know nothings
wrong with the printer, because it was working fine before I got the
virus. If I run virusscan from windows95, it doesn't find a virus at
all. I'm using the latest .dat file too. But before I got this one, I
didn't get any error messages at all. Can someone give me help? Also,
for the system startup disk, can someone give me the commands so I can
access virusscan on my hardrive from dos? I get an invalid drive
specification method. (I'm planning to do this on my other computer so I
don't get a virus)
If anyone knows how to help, please email me.
thanks
skategal@ix.netcom.com
[Moderator's note: Hmmmmmm..."OM.A:DE" sounds like the tail-end of some
macro virus name. Maybe ATOM.A:DE?? Now, why should Scan be looking
for this in memory? That's two such reports in a couple of days. Bet
tech support were busy following that update Jimmy... 8-) ]
------------------------------
Date: Tue, 01 Jul 1997 19:45:54 -0400
From: Jeff Woertz <jwoertz@pil.net>
Subject: McAfee VirusScan 3.0 Setup Problem-Recovery Disk (PC)
X-Digest: Volume 10 : Issue 90
My company just purchased a few copies of McAfee AntiVirus 3.0 and we
are all unable to create the Recovery Disk. We suspect that the updated
DAT files (06/97) are too large to fit onto the one floppy that McAfee
3.0 uses to make the disk.
We feel that the program is basically useless without a Recovery Disk
with the latest DAT files.
Anyone else aving the same problem ? Should we maybe switch to Cheyenne
AntiVirus instead ?
Thanks...Jeff
jwoertz@pil.net
------------------------------
Date: Thu, 03 Jul 1997 13:46:35 -0500
From: John Currey <eastin@txdirect.net>
Subject: Re: Reconstructing MBR after Monkey-B infection (PC)
X-Digest: Volume 10 : Issue 90
I also had received Monkey-B, but my recovery wasn't so labored. When
I originally partitioned the drive for linux (previously windoze 95
only) I kept the boot partition backup that FIPS created.
All I had to do was restore the boot partition from backup, and I also
keep an anti-virus program on this boot diskette also - to clean up the
FAT files, so I don't worry about contaminated anti-virus programs.
I feel this is safer than trusting the anti-virus program to figure out
everything, and possibly do more damage than the virus.
I think there are better ways of backing up the boot sector, but
I thought I'd offer this idea anyways.
http://sunsite.unc.edu/pub/Linux/system/install/fips15.zip
Last but not least - obviously the windoze side was responsible
for the execution of the virus in the first place (Word strikes again).
The previous authors hatred sounds pretty bad here...
well maybe the viruses do have a good side, they push me further and
further away from Microsoft.
------------------------------
Date: 7 Jul 1997 14:43:27 GMT
From: "Gary Schyve" <gschyve@worldnet.att.net>
Subject: [@AOL Trojans] (PC)
X-Digest: Volume 10 : Issue 90
We are using Cheyenne Inoculan v4.00 for Windows NT and received our first
virus detection message on the July 4th scan. The message was strangely
absent from the July 5th scan, but reappeared again on the 6th, only to be
absent again today, July 7th. Inoculan appears to be unable to cure this
virus. Inoculan calls the virus [@AOL Trojans].
I ran several scans on the infected file manually and found the same
detection 'pattern' - yes, no, yes, no, yes, etc. The infected file is
\visio\Add-ons\SmartShape Wizard.EXE. Any thoughts on whether this is in
fact, a real virus? We are running the latest virus pattern from Cheyenne
(3.37).
Thank you,
gschyve@worldnet.att.net
------------------------------
Date: 9 Jul 1997 04:35:03 GMT
From: "Al-Barwani" <Tariq_Hilal@bigfoot.com>
Subject: Linking Two Executable Files (PC)
X-Digest: Volume 10 : Issue 90
Can anyone please tell me how to link two executable files together ? For
example :
I have T.exe and would like to link it with E.exe so that they run one
after another in a single file.
Please reply to personally : hbarwani@gto.net.om
------------------------------
Date: Thu, 10 Jul 1997 03:14:08 GMT
From: aeb88@pipeline.com (Arthur E. Blossom)
Subject: Re: Anticmos removed, comp jacked (PC)
X-Digest: Volume 10 : Issue 90
Stephen Peltier <svp@geology.byu.edu> wrote:
> I had an Anticmos virus a while ago, removed it but my computer was
>still jacked. I ended up formatting the hard drive and reinstalling
>everything and am having the same damn problems! Rundll32, KERNEL
>errors, Explorer caused gpf @ blah blah blah etc. What do I have to do?
>Is my hardwear bad? It's all less than a year old. Please do help, many
>thanks.
Formatting does not remove the anticmos because it is a MBR virus.
Did you scan all of your diskettes after disinfecting the hdd? You
may be reinfecting your machine.
- -
Arthur E Blossom IBM AntiVirus services
------------------------------
Date: Mon, 14 Jul 1997 18:05:43 +0300
From: andriaki <andriaki@hol.gr>
Subject: MARZIA-BARACUDA (PC)
X-Digest: Volume 10 : Issue 90
Anybody knows how I can get rid of MARZIA-BARACUDA virus that
has infected the Master boot record of my disks,
without performing a low-level format ?
------------------------------
Date: Sat, 19 Jul 1997 13:29:51 -0400
From: Timpest <Timpest@earthlink.net>
Subject: I need a boot program and a protection!!! (PC)
X-Digest: Volume 10 : Issue 90
I need a boot program and a protection if anyone has it please contect
me at aolsucks123@hotmail.com
------------------------------
Date: Wed, 16 Jul 1997 15:43:33 -0500
From: Jamie Smolinski <missg@concentric.net>
Subject: Belorussia Virus (PC)
X-Digest: Volume 10 : Issue 90
I bought a new Gateway 2000 P166 in February, and it came with McAfee
2.0 Virus scan software pre-installed. Last week I downloaded the
latest virus update file from the McAfee website, but it wouldnt work
properly because I needed the version 3.0 virus engine. Anyway, when I
restarted the computer, I got a message that "traces of BOOT virus were
found in memory. It could be an active virus or an image left from a
previous operation". I then tried downloading the older update, the one
that was made for version 2.0, and it worked fine. But now when
booting, I get the same error message only it says the BELORUSSIA virus.
I have tried zillions of times to contact the McAfee site, but I have
terrible problems connecting to their server. I have downloaded the 3.0
virus engine but havent installed it yet. Does anyone know if the virus
software has a time limit or expiration before you register it? I would
hate to un-install my registered version to put a crippled version on
top of it.
Any suggestions? Thanks for the help!
missg@concentric.net
[Moderator's note: Classic symptoms of a false alarm. You download an
update to Scan's database and all of a sudden you get a "traces of <some
obscure/new>" virus either in memory or in the MBR, but only ever one.
If you try any other scanners they say diddly-squat. I suspect the
people at McAfee have never wondered why the letters "Q" and "A" are so
close on their keyboards... Due to the posting delay, I'm sure this
will have been fixed by a subsequent update.]
------------------------------
Date: 22 Jul 97 00:36:30 GMT
From: huey@leahi.aloha.com (Gary Callison)
Subject: Unidentified (new?) virus-like behaviour (PC)
X-Digest: Volume 10 : Issue 90
Well, I read the FAQ, and most of the current messages my newserver has,
and have first the following question:
Is it OK if I don't bash anybody, but instead ask a question about virii?
...ahem: Well, here's the situation: At work today, we got killed. More
than a dozen computers, all running either WfW 3.11 (most) or Win 3.1 over
either DOS 6.20 (most) or DOS 6.22 on top of Netware 3.12 on a pretty big
LAN (12 different fileservers, 200+ users), most of which were connected
to one fileserv, some on others, most of which running under Netroom, but
some with EMM386/HIMEM or QEMM, most are Dell P75s-P200s but some are
486-boxes of other makes... are you getting the point here? No pattern.
Different areas of the building, different departments, people that have
no contact with each other- All have the same symptoms. Memory-management
that worked on Friday afternoon doesn't work today.
Between the LAN and the AS/400s, we've got about 200K of crap that's
got to get in memory somewhere- hence the Netroom. IPXODI, NETX, blah
blah blah. ...well, the various memory managers had all of these boxes up
and talking to the network and the AS/400s on Friday afternoon, and this
morning they hang going into windows. NO CHANGES IN BETWEEN. (at least,
not by US anyways...)
First fix was to axe netroom entirely and try EMM386/HIMEM. Typical box
now has around 280K low memory free. Run Memmaker, you're up to 420 or
so. Run Customiz /conservative , you're up to 520-560 or so. And at this
point, MOST of the boxen were happy again. BUT WHY???
Coincidentally, the same thing happened to me this weekend with the power
steering pump on my wife's car. Bitch was leaking like a sieve, I take it
off, look at it, put it back on, and VIOLA! (like my old conductor used
to say) it works. BUT WHY???
The only thing I can figure is some kind of virus, right? Except McAfee
signature file 3006 (5/23/97) didn't find diddly (except for the
perennial few copies of 'Concept', which are proverbial dandelions in the
I.T. department's lawn). And McAfee's web page doesn't say anything about
bombs going off over the weekend (except for Pathogen, which wouldn't
cause NEAR as much memory-leak as we're experiencing, right?)
I have a lot of questions about this, and I will until I figure the damn
thing out. Such as:
o) Anybody out there know of a virus that attacks Netroom/Himem or
Windows executables that'd cause this kind of memory problems?
o) Was anything supposed to 'go off' between friday afternoon and this
afternoon? (one of *our* computers booted fine this morning and failed
this afternoon! What the hell is that?)
o) If it WASN'T a virus, THEN WHAT?
If you've got any comments even remotely more useful than "Change the
power steering pump anyways", please hit me with 'em. Send em to the net
if you think anybody *else* is interested, but please send 'em to me via
email, (huey@aloha.com), as I don't need to read more bashing. ;)
Oh, and for all the spam-bots that are going to strip that out and send
me ads for herbal essence and porn web-pages? Go for it. I'll forward you
to each other, and you can have a naked herb party. (shitheads!)
Thanks in advance for the help,
Huey
- -
huey@aloha.com
------------------------------
Date: Mon, 21 Jul 97 14:11:54 GMT
From: orfideus@PTT-Telecom.NL (orfi)
Subject: belorussia virus ????? (PC)
X-Digest: Volume 10 : Issue 90
at home my antivirus programm Mcafee has detected a fingerprint or
active virus in the bootrecord, but does not remove it.
the virus is called belorussia or delorussia.
has anyone ever heard of it , how to remove it ??????
------------------------------
Date: Tue, 22 Jul 1997 19:25:02 GMT
From: totem@ibi.co.za
Subject: HELP! Hard drive set to "NON-DOS" partition (PC)
X-Digest: Volume 10 : Issue 90
I'm running a Fujitech 166MMX w/ Win95.
Today I rebooted and the next thing I saw was "Invalid Drive".
I had a look at the drive using Fdisk and it reports the drive correctly
EXCEPT that it is now set to be a "NON-DOS" partition.
I'm running Norton's Anti virus update from their web-site last week, so the
likelyhood of this being virus-related is small.
Anyone out there had a similar problem or any advice?
I have no idea what to do next. Can someone tell me if there's a way
to recover from something like this?
Thanks
Frolm heloguy@flash.net
Date: Tue, 22 Jul 1997 08:43:32 -0700
From: mike <heloguy@flash.net>
To: moderator@virus-l.demon.co.uk
Subject: help! stoned.empire.monkey and ripper (PC)
I have stoned.empire.monkey and ripper on my computer and have not been
able to find a way to remove them. Any suggestions?
Mike
------------------------------
Date: 26 Jul 97 13:01:16 GMT
From: "ramjet" <runner@ramjet.idiscover.co.uk>
Subject: Help wanted on Fient virus! (PC)
X-Digest: Volume 10 : Issue 90
I got the Fient virus the other week, and downloaded Solomon,Macfee,
and Thunderbyte and Thunderbyte was the only one that detected it!!
But even though it has renamed the infected file, Iam still
having 95 coming up with"out of memory" message even though I have 64MB
of Ram!! I never had this problem before the infection, and I was under
the impression that this boot virus has been sorted out by Thunderbyte
even though when I run the scan it says "1 file infected" BUT doesn't
tell me which file???
If someone could shed some light on this subject, it would be greatly
appreciated!!!
Thanks
------------------------------
Date: 27 Jul 97 15:34:05 GMT
From: "Wayne Riddle" <wayne_riddle@bigfoot.com>
Subject: Re: Invircible (PC)
X-Digest: Volume 10 : Issue 90
Scott Keegan <scottk@s055.aone.net.au> wrote in article
<0036.869990286.0610545.0@virus-l.demon.co.uk>...
> What can anyone tell me about the Invircible anti-virus product?
>
> I know that there was a lot of negative stuff floating around about
> this product a little while ago but what is the considered opinion on
> it now?
>From following other newsgroups it seems that people that like Invircible
still do and those did not still do not.
At www.drsolomons.com you can find a link to the latest University of
Hamburg tests on anti-virus products (note: I am not affiliated wit Dr.
Solomon's).
- -
Wayne Riddle
http://ourworld.compuserve.com/homepages/riddler/
wayne_riddle@bigfoot.com
------------------------------
Date: Sun, 27 Jul 1997 10:07:19 -0500
From: malch <Xmalch@Ygate.Znet>
Subject: REQ: Educated Opinion (PC)
X-Digest: Volume 10 : Issue 90
Would appreciate opinions on my decision to format
my C drive and start over.
Recently encountered a macro virus, then CASPER.
My knowledge of what makes my PC works is limited
to "turning it on and off". I allowed McAfee to delete
infections as diccovered. However, everything seems to
be different lately.....takes forever to bootup,
my Word7 takes minutes sometimes to open a DOC file,
opening graphic images often creates error prompts
and crashes, my browser takes forever to open a site
if Java is encountered, Java sites often cause the
browser to crash, takes as long as 4 minutes to shut
down my PC.....just to name a few. Infected I am, am I?
I have original CD's and original diskettes of all my
programs, etc., and think reinstalling everything
from scratch would be eaiser than paying someone
TO, or spending the next 99 years learning how TO
locate the problem myself.
I would appreciate hearing opinions on this, either here
by by email.
TIA
Bob.
------------------------------
Date: Sun, 27 Jul 1997 08:15:44 -0500
From: Tom Mullin <atmullin@pnx.nospam.com>
Subject: Re: "Need some milk" message (PC)
X-Digest: Volume 10 : Issue 90
Try PC-Cillin.
------------------------------
Date: 25 Jun 1997 00:46:07 -0000
From: proff@iq.org
Subject: Underground extract: System X [long]
X-Digest: Volume 10 : Issue 90
Anyone read this book? Apparently the first in-depth investigation
into the international computer underground to come out of the
Southern-Hemisphere - or so I'm told ;) - J.A
Extracts from Underground - The true nature of System X
Extracted from Chapter 10 - "Anthrax - The Outsider"
Note: System X's name has been changed for legal reasons.
Sometimes the time just slipped away, hacking all night. When the first hint
of dawn snuck up on him, he was invariably in the middle of some exciting
journey. But duty was duty, and it had to be done. So Anthrax pressed control
S to freeze his screen, unfurled the prayer mat with its built-in compass,
faced Mecca, knelt down and did two sets of prayers before sunrise. Ten
minutes later he rolled the prayer mat up, slid back into his chair, typed
control Q to release the pause on his computer and picked up where he left
off.
This company's computer system seemed to confirm what he had begun to
suspect. System X was the first stage of a project, the rest of which was
under development. He found a number of tables and reports in System X's
files. The reports carried headers like 'Traffic Analysis', 'calls in' and
'calls out', 'failure rate'. It all began to make sense to Anthrax.
System X called up each of the military telephone exchanges in that list. It
logged in using the computer-generated name and password. Once inside, a
program in System X polled the exchange for important statistics, such as the
number of calls coming in and out of the base. This information was then
stored on System X. Whenever someone wanted a report on something, for
example, the military sites with the most incoming calls over the past 24
hours, he or she would simply ask System X to compile the information. All of
this was done automatically.
Anthrax had read some email suggesting that changes to an exchange, such as
adding new telephone lines on the base, had been handled manually, but this
job was soon to be done automatically by System X. It made sense. The
maintenance time spent by humans would be cut dramatically.
A machine which gathers statistics and services phone exchanges remotely
doesn't sound very sexy on the face of it, until you begin to consider what
you could do with something like that. You could sell it to a foreign power
interested in the level of activity at a certain base at a particular time.
And that is just the beginning.
You could tap any unencrypted line going in or out of any of the 100 or so
exchanges and listen in to sensitive military discussions. Just a few
commands makes you a fly on the wall of a general's conversation to the head
of a base in the Philippines. Anti-government rebels in that country might
pay a pretty penny for getting intelligence on the US forces.
All of those options paled next to the most striking power wielded by a
hacker who had unlimited access to System X and the 100 or so telephone
exchanges. He could take down that US military voice communications system
almost overnight, and he could do it automatically. The potential for havoc
creation was breathtaking. It would be a small matter for a skilled
programmer to alter the automated program used by System X. Instead of using
its dozen or more modems to dial all the exchanges overnight and poll them
for statistics, System X could be instructed to call them overnight and
reprogram the exchanges.
---
No-one would be able to reach one another. An important part of the US
military machine would be in utter disarray. Now, what if all this happened
in the first few days of a war? People trying to contact each other with
vital information wouldn't be able to use the telephone exchanges
reprogrammed by System X.
THAT was power.
It wasn't like Anthrax screaming at his father until his voice turned to a
whisper, all for nothing. He could make people sit up and take notice with
this sort of power.
Hacking a system gave him a sense of control. Getting root on a system always
gave him an adrenalin rush for just that reason. It meant the system was his,
he could do whatever he wanted, he could run whatever processes or programs
he desired, he could remove other users he didn't want using his system. He
thought, I own the system. The word 'own' anchored the phrase which circled
through his thoughts again and again when he successfully hacked a system.
The sense of ownership was almost passionate, rippled with streaks of
obsession and jealousy. At any given moment, Anthrax had a list of systems he
owned and that had captured his interest for that moment. Anthrax hated
seeing a system administrator logging onto one of those systems. It was an
invasion. It was as though Anthrax had just got this woman he had been after
for some time alone in a room with the door closed. Then, just as he was
getting to know her, this other guy had barged in, sat down on the couch and
started talking to her.
It was never enough to look at a system from a distance and know he could
hack it if he wanted to. Anthrax had to actually hack the system. He had to
own it. He needed to see what was inside the system, to know exactly what it
was he owned.
The worst thing admins could do was to fiddle with system security. That made
Anthrax burn with anger. If Anthrax was on-line, silently observing the
admins activities, he would feel a sudden urge to log them off. He wanted to
punish them. Wanted them to know he was into their system. And yet, at the
same time, he didn't want them to know. Logging them off would draw attention
to himself, but the two desires pulled at him from opposite directions. What
Anthrax really wanted was for the admins to know he controlled their system,
but for them not to be able to do anything about it. He wanted them to be
helpless.
Anthrax decided to keep undercover. But he contemplated the power of having
System X's list of telephone exchange dial-ups and their username - password
combinations. Normally, it would take days for a single hacker with his lone
modem to have much impact on the US military's communications network. Sure,
he could take down a few exchanges before the military wised up and started
protecting themselves. It was like hacking a military computer. You could
take out a machine here, a system there. But the essence of the power of
System X was being able to use its own resources to orchestrate widespread
pandemonium quickly and quietly.
Anthrax defines power as the potential for real world impact. At that moment
of discovery and realisation, the real world impact of hacking System X
looked good. The telecommunications company computer seemed like a good place
to hang up a sniffer, so he plugged one into the machine and decided to
return in a little while. Then he logged out and went to bed.
When he revisited the sniffer a day or so later, Anthrax received a rude
shock. Scrolling through the sniffer file, he did a double take on one of the
entries. Someone had logged into the company's system using his special login
patch password.
He tried to stay calm. He thought hard. When was the last time he had logged
into the system using that special password? Could his sniffer have logged
himself on an earlier hacking session? It did happen occasionally. Hackers
sometimes gave themselves quite a fright. In the seamless days and nights of
hacking dozens of systems, it was easy to forget the last time you logged
into a particular system using the special password. The more he thought, the
more he was absolutely sure. He hadn't logged into the system again.
Which left the obvious question. Who had?
________________________________________________________________________
[This extract may be reposted non-commercially and without charge only]
Underground; Tales of Hacking, Madness and Obsession on the Electronic
Frontier, by Suelette Dreyfus; published by Mandarin (Random House
Australia); (P) 475 pages with bib. http://www.underground-book.com/ or
http://underground.org/book
------------------------------
End of VIRUS-L Digest [Volume 10 Issue 90]
******************************************
