Section A. Sources of Information and Anti-viral Software.

What is VIRUS-L/comp.virus?
It is a discussion forum with a focus on computer virus issues. More specifically, VIRUS-L is an electronic mailing list and comp.virus is a USENET newsgroup. Both groups are moderated; all submissions are sent to the moderator for possible inclusion in the group. For more information, including a copy of the posting guidelines, see the file virus-l.README, available by anonymous FTP on cert.org in the pub/virus-l directory. (FTP is the Internet File Transfer Protocol, and is described in more detail in the monthly VIRUS-L/comp.virus archive postings - see below.) Or, click here.
Note that there have been, from time to time, other USENET cross-postings of VIRUS-L, including the bit.listserv.virus-l. These groups are generally set up by individual site maintainers and are not as globally accessible as VIRUS-L and comp.virus.

What is the difference between VIRUS-L and comp.virus?
As mentioned above, VIRUS-L is a mailing list and comp.virus is a newsgroup. In addition, VIRUS-L is distributed in digest format (with multiple e-mail postings in one large digest) and comp.virus is distributed as individual news postings. However, the content of the two groups is identical.

How do I get onto VIRUS-L/comp.virus?
Send e-mail to LISTSERV@LEHIGH.EDU stating: "SUB VIRUS-L your-name". To "subscribe" to comp.virus, simply use your favorite USENET news reader to read the group (assuming that your site receives USENET news).

What are the guidelines for VIRUS-L?
The list of posting guidelines is available by anonymous FTP on cert.org. Click Here. See the file pub/virus-l/virus-l.README for the most recent copy. In general, however, the moderator requires that discussions are polite and non-commercial. (Objective postings of product availability, product reviews, etc., are fine, but commercial advertisements are not.) Also, requests for viruses (binary or disassembly) are not allowed. Technical discussions are strongly encouraged, however, within reason.

How can I get back-issues of VIRUS-L?
VIRUS-L/comp.virus includes a series of archive sites that carry all the back issues of VIRUS-L, as well as public anti-virus software (for various computers) and documents. The back-issues date back to the group's inception, 21 April 1988. The list of archive sites is updated monthly and distributed to the group; it includes a complete listing of the sites, what they carry, access instructions, as well as information on how to access FTP sites by e-mail. The anonymous FTP archive at cert.org carries all of the VIRUS-L back issues. See the file pub/virus-l/README for more information on the cert.org archive site. Click here.

What is VALERT-L?
VALERT-L is a sister group to VIRUS-L, but is intended for virus alerts and warnings only -- NO DISCUSSIONS. There is no direct USENET counterpart to VALERT-L; it is a mailing list only. All VALERT-L postings are re-distributed to VIRUS-L/comp.virus later. This group is also moderated, but on a much higher priority than VIRUS-L. The group is monitored during business hours (East Coast, U.S.A., GMT-5/GMT-4); high priority off-hour postings can be made by submitting to the group and then telephoning the CERT/CC hotline at +1 412 268 7090 -- instruct the person answering the hotline to call or page Ken van Wyk.
Subscriptions to VALERT-L are handled identically to VIRUS-L -- contact the LISTSERV.

What are the known viruses, their names, major symptoms and possible cures?
First of all, the reader must be aware that there is no universally accepted naming convention for viruses, nor is there any standard means of testing. As a consequence nearly ALL viral information is highly subjective and subject to interpretation and dispute.
There are several major sources of information on specific viruses. Probably the biggest one is Patricia Hoffman's hypertext VSUM. It describes only DOS viruses, but almost all of them which are known at any given time. Unfortunately, it is regarded by many in the field as being inaccurate, so we do not advise people to rely solely on it. It can be downloaded from most major archive sites except SIMTEL20.
The second one is the Computer Virus Catalog, published by the Virus Test Center in Hamburg. It contains a highly technical description of computer viruses for several platforms: DOS, Mac, Amiga, Atari ST, Unix. Unfortunately, the DOS section is quite incomplete. The CVC is available for anonymous FTP from ftp.informatik.uni-hamburg.de (IP=134.100.4.42), directory pub/virus/texts/catalog. click here. (A copy of the CVC is also available by anonymous FTP on cert.org in the pub/virus-l/docs/vtc directory.)
A third source of information is the monthly Virus Bulletin, published in the UK. Among other things, it gives detailed technical information on viruses (see also A9 below). Unfortunately, it is very expensive (the subscription price is $395 per year). US subscriptions can be obtained by calling 203-431-8720 or writing to 590 Danbury Road, Ridgefield, CT 06877; for European subscriptions, the number is +44-235-555139 and the address is: The Quadrant, Abingdon, OX14 3YS, England.
A fourth good source of information on DOS viruses is the "Computer Viruses" report of the National/International Computer Security Association. This is updated regularly, and is fairly complete. Copies cost approximately $75, and can be ordered by calling +1- 202-244-7875. ICSA/NCSA also publishes the monthly "Virus News and Reviews" and other publications.
Another source of information is the documentation of Dr. Solomon's Anti-Virus ToolKit. It is more complete than the CVC list, just as accurate (if not more), but lists only DOS viruses. However, it is not available electronically; you must buy his anti-virus package and the virus information is part of the documentation.
Yet another source of information is "Virus News International", published by S & S International. And, while not entirely virus- related, "Computers & Security" provides information on many aspects of computer security, including viruses.
The best source of information available on Apple Macintosh viruses is the on-line documentation provided with the freeware Disinfectant program by John Norstad. This is available at most Mac archive sites.

Where can I get free or shareware anti-virus programs?
The VIRUS-L/comp.virus archive sites carry publicly distributable anti-virus software products. See a recent listing of the archive sites (or ask the moderator for a recent listing) for more information on these sites.
Many freeware/shareware anti-virus programs for DOS are available via anonymous FTP on WSMR-SIMTEL20.ARMY.MIL (192.88.110.20), in the directory PD1:(MSDOS.TROJAN-PRO). Note that the SIMTEL20 archives are also "mirrored" at many other anonymous FTP sites, including oak.oakland.edu (141.210.10.117, pub/msdos/trojan-pro), wuarchive.wustl.edu (128.252.135.4, /mirrors/msdos/trojan-pro), and nic.funet.fi (128.214.6.100, /pub/msdos/utilities/trojan-pro). They can also be obtained via e-mail in uuencoded form from various TRICKLE sites, especially in Europe.
Likewise, Macintosh anti-virus programs can be found on SIMTEL20 in the PD3: directory.
A list of many anti-viral programs, incl. commercial products and one person's rating of them, can be obtained by anonymous ftp from cert.org (192.88.209.5) in pub/virus-l/docs/reviews as file slade.quickref.rvw.

Where can I get more information on viruses, etc.?
There are four excellent books on computer viruses available that should cover most of the introductory and technical questions you might have:

"Computers Under Attack: Intruders, Worms and Viruses," edited by Peter J. Denning, ACM Press/Addison-Wesley, 1990. This is a book of collected readings that discuss computer viruses, computer worms, break-ins, legal and social aspects, and many other items related to computer security and malicious software. A very solid, readable collection that doesn't require a highly-technical background. Price: $20.50.

"Rogue Programs: Viruses, Worms and Trojan Horses," edited by Lance J. Hoffman, Van Nostrand Reinhold, 1990. This is a book of collected readings describing in detail how viruses work, where they come from, what they do, etc. It also has material on worms, trojan horse programs, and other malicious software programs. This book focuses more on mechanism and relatively less on social aspects than does the Denning book; however, there is an excellent piece by Anne Branscomb that covers the legal aspects. Price: $32.95.

"A Pathology of Computer Viruses," by David Ferbrache, Springer-Verlag, 1992. This is a recent, in-depth book on the history, operation, and effects of computer viruses. It is one of the most complete books on the subject, with an extensive history section, a section on Macintosh viruses, network worms, and Unix viruses (if they were to exist).

"A Short Course on Computer Viruses", by Dr. Fred B. Cohen, ASP Press, 1990. This book is by a well-known pioneer in virus research, who has also written dozens of technical papers on the subject. The book can be obtained by writing to ASP Press, P.O. Box 81270, Pittsburgh, PA 15217. Price: $24.00.

A somewhat dated, but still useful, high-level description of viruses, suitable for a complete novice without extensive computer background is: "Computer Viruses: Dealing with Electronic Vandalism and Programmed Threats," by Eugene H. Spafford, Kathleen A. Heaphy, and David J. Ferbrache, ADAPSO (Arlington VA), 1989. ADAPSO is a computer industry service organization and not a publisher, so the book cannot be found in bookstores; copies can be obtained directly from ADAPSO @ +1 703-522-5055). There is a discount for ADAPSO members, educators, and law enforcement personnel. Many people have indicated they find this a very understandable reference; portions of it have been reprinted many other places, including Denning & Hoffman's books (above).
It is also worth consulting various publications such as _Computers & Security_ (which, while not restricted to viruses, contains many of Cohen's papers) and the _Virus Bulletin_ (published in the UK; its technical articles are considered good, although there has been much criticism in VIRUS-L of some of its product evaluations).

Back to top