VIRUS-L Digest Tuesday, 6 Jun 1989 Volume 2 : Issue 129 Today's Topics: Information on the Brain virus (PC) re: Anyone ever hear of "Little Black Box" virus? (PC) IEEE Article on LapLink Virus List available by FTP? Re: nVirB infection at teesside poly, uk (Mac) virus-l digests still on comp.virus Re: Call For Discussion: The Usenet Virus Handbook Re: nVIR Origins (Mac) --------------------------------------------------------------------------- Date: 5 June 1989, 15:17:55 EDT From: Walt Hillis (614) 593-2661 Subject: Information on the Brain virus (PC) Reading through current mailings, I found a reference to information about the Brain (Pakistani) Virus. However, there was no specific volume number or anything even close. Could someone tell me where to find this information? Thanks in advance. Walt Hillis Asst. Mgr. Alden Computer Lab Ohio University, Athens OH. Disclaimer: These are my own ideas and thoughts... I think. ------------------------------ Date: 5 June 89, 19:50:36 +0200 (MESZ) From: Otto Stolz Subject: re: Anyone ever hear of "Little Black Box" virus? (PC) > Has anyone ever heard anything of a PC virus known as the "Little > Black Box"? Ken, my personal copy of "Friday, 13th" virus (alias "Israel#1", alias "PLO") exhibits a characteristic "black hole" in the lower left half of EGA screens: If you set the background color to blue, say, you'll see a black rectangle, sized 1 by 8 (approximately) character-boxes. This feature could well cause somebody to dub this virus "Little Black Box". Hence, I suppose, you just hit on a new alias for the notorious "Friday, 13th". Best wishes Otto [Ed. Bingo. Little Black Box is an alias for Black Hole...] ------------------------------ Date: MON JUN 05, 1989 18.44.23 EST From: "David A. Bader" Subject: IEEE Article on LapLink In June 1989 issue of IEEE's Spectrum magazine, there is an article on "Virtually a virus, but for a good cause" : Computer Viruses -- and other programs that disrupt networks or other- wise play havoc with computer systems -- have been in the limelight lately. Now an over-the-counter program advertises a utility that lets it clone itself from one microcomputer to another over a cable. The facility is not a virus, but it behaves like one -- except that the target must agree to be "invaded." Nor is it a simple COPY command, since it copies files from the domain of one independent system into that of another. The program is LapLink III, a file-transfer utility from Traveling Software, Inc., Bothell, Wash. To transfer files from a PC with LapLink intstalled to a second machine without it, users enter a one-line command, and the program will send a copy of itself across the wire. However, Traveling Software has built in a safeguard: the program installs itself only if the user types the MS-DOS MODE command to alert the second PC's operating system that a file is to be received. By requiring that the receiving machine be notified of the transfer, LapLinks' designers have reduced the chance of malice. - ------------------------------------------------------------------------ ------------------------------ Date: Mon, 05 Jun 89 18:57 EDT From: Bo Slaughter Subject: Virus List available by FTP? I keep reading where you all are talking about papers listing viruses and there attributes, and I began to wonder.. Is there a good, comprehensive, detailed list of reported IBM viruses available through internet FTP? If there is, I would LOVE to get hold of a copy.. Thanks. Bo Slaughter Clemson University [Ed. There's a pretty good one on lll-winken.llnl.gov (which is currently going through some teething problems with a new version of TCP/IP) under the filename ~ftp/virus-l/docs/goodwin.list. The list is by Jim Goodwin of HomeBase. I'll try to have the same file available for LISTSERV and FTP access on IBM1.CC.LEHIGH.EDU (aka LEHIIBM1.BITNET) shortly.] ------------------------------ Date: Mon, 5 Jun 89 19:57:08 -0400 From: "Jonathan V. Brinkmann" Subject: Re: nVirB infection at teesside poly, uk (Mac) In article <0004.8906051718.AA01402@ubu.CC.Lehigh.EDU> you write: >As soon as I discovered how effective it is, I >removed Vaccine from my system: GateKeeper is much more thorough (as >it checks the writing of *any* resource, not just CODE) and much less >intrusive. Where can I obtain a copy of GateKeeper? It looks like the last word in anti-Viral software. ======================================================================= Jon Brinkmann BITnet: jvb7u@Virginia.EDU Astronomy Department ARPA/Internet: jvb7u@astsun1.acc.Virginia.EDU University of Virginia UUCP: ...!uunet!virginia!jvb7u P.O. Box 3818 SPAN/HEPnet: 6654::jvb7u Charlottesvile, VA 22903-0818 ======================================================================= ------------------------------ Date: Mon, 5 Jun 89 18:57:55 PDT From: khaw@parcplace.com (Mike Khaw) Subject: virus-l digests still on comp.virus I applaud the undigestifying of comp.virus on Usenet, but the digested form of the same articles is still appearing on comp.virus. Mike Khaw - -- ParcPlace Systems, 1550 Plymouth St., Mountain View, CA 94043 415/691-6749 Domain=khaw@parcplace.com, UUCP={uunet,sun,decwrl}!parcplace!khaw [Ed. Thanks for the feedback! Actually, another site has been gracious enough to send out the digests to Usenet for us (in addition to our sending out the individual messages) - I'm trying to persuade them to stop, so please bear with me.] ------------------------------ Date: 5 Jun 89 22:51:23 CDT (Mon) From: aicchi!joeloda@antares.mcs.anl.gov (Joe Loda) Subject: Re: Call For Discussion: The Usenet Virus Handbook Hi, Could you please tell me how to get a copy of this? Being on the UUCP side of things tends to mess me up all the time when I try to access these servers. Thanks for your help ... Joe. - -- Joe Loda Analysts International (AiC) - Chicago Branch Usenet: ..!aicchi!joeloda GEnie : J.LODA ------------------------------ Date: Tue, 6 Jun 89 03:39:50 -0500 From: spector%vx2.GBA.NYU.EDU@NYBVX1 (David HM Spector) Subject: Re: nVIR Origins (Mac) In article <0001.8906051718.AA01402@ubu.CC.Lehigh.EDU> VIRUS-L@IBM1.CC.Lehigh.EDU writes: >I vaguely remember downloading some assembler code from CIS a looong >while back (pre-Scores) that purported to be source for a virus >similar to nVIR. I didn't save it, mostly because I didn't see any use >for it then. It would have been a good guide to writing an anti-viral, >I suppose. > >In fact, if I remember right, the resources it used were indeed called >nVIR! > > --- Joe M. I believe that you are referring to the posting of partial source to the original nVIR (non-A, non-B) by Matthias Uhrlichs (I can never remember the proper spelling of his name. Sorry, Matthias). This nVIR was a malignant predecessor of nVIR A and nVIR B, one of which (I think A) was writtin by M.U. in the hope that it would overtake the malignant nVIR. His good sense has been debated before, but we have him to thank that the nVIRs running around aren't deadly. The original one trashed files at random. The reason his non-malignant variant was able to overtake the original is that the original one wouldn't infect a system which was already infected, while nVIRs A and B will reinfect an app every time it is launched. (Thus the strange hybrids reported by John Norstaad.) All of this is from memory, so it's possible I may be forgetting something or remembering it wrong. - --- Alexis Rosen temporarily at spector@vx2.gba.nyu.edu alexis@rascal.ics.utexas.edu (last resort) ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253