VIRUS-L Digest Wednesday, 27 Jun 1990 Volume 3 : Issue 117 Today's Topics: Virus experiences in GDR "Virus" on MS-DOS systems (PC) fprot111.zip (PC) STONED Virus (PC) More info on the "Flipper" virus (Mac) ZUC info anyone (mac)? Possible new WDEF Strain (Mac) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@CERT.SEI.CMU.EDU. Ken van Wyk --------------------------------------------------------------------------- Date: 22 Jun 90 15:42:00 +0100 From: Klaus Brunnstein Subject: Virus experiences in GDR On June 19-21, 1990, IBM held some kind of a development conference for GDR universities, in the research center of the ministry for science and technology in (east) Berlin-Koepenick. Similar to an annual conference for West German universities (`IBM university forum'), invited speakers from West and East German universities as well as from IBM informed about their actual work. A broad diversity of areas was covered, from CD-ROM based 'Thesaurus Linguae Graecae' to CAD, simulation of complex molecules and synthetic speech. The conference was accompanied by an exhibition where many additional applications and software products of scientific interest were shown by East and West German scientiests as well as IBM people, on IBM owned PS-2s. Many demonstration diskettes were freely available. Among the exhibitors, the Virus Test Center demonstrated how to detect and eradicate viruses. In many discussions, we were surprised to learn that many scientists regarded viruses as some kind of a joke as they had suffered mainly from viruses of the funny kind, e.g. playing Yankee Doodle in the Bulga- rian version "TP 44" or "legalizing marijuana"; only a few seemed to have experiences in really damaging viruses such as Israeli or Dark Avenger. Yet at the end of the exposition, our essential task was to eradicate some damaging viruses such as Dark Avenger (the Bulgarian "Eddie" which broadly migrates through Eastern Europe) from most of IBM's PS-2 as neither protection nor careful work had been practized nor prescribed. With surprise we learned that there existed a secret research unit in GDR to which every virus or other threat had to be reported; this secret group would then produce an antivirus and send it to concerned institutions. In its latest version (which we hope to receive afterwards), 11 viruses could be detected and eradicated. Lesson learned: there should be a special antivirus service for exhibitions, not only for large ones (in FRG's CeBIT and Systems exhibitions, about 15-20% of the workstations and PCs were found to be infected *at exhibition's end*). Klaus Brunnstein University of Hamburg ------------------------------ Date: Mon, 25 Jun 90 15:25:00 -0400 From: Meredith Coombs Subject: "Virus" on MS-DOS systems (PC) We've come across a virus-like problem which seems to primarily affect floppy disks. It shows up when you try to format a floppy and get an error message that says the boot sector is bad. Attempting to use the FORMAT command on a pc's hard disk when the system has the "virus" results in an error message. (You can do an FDISK -- from a floppy -- of the hard disk.) One way the "virus" makes itself known is by creating a file named delta-character4EIBM.n.n or delta-char Subject: More info on the "Flipper" virus (Mac) Can anyone please give me some more information on the "Flipper" virus on the Mac? I have not heard of this virus, and I am curious to know what it does, where it was found, etc. All help would be greatly appreciated. Melissa Jehnings Wheaton College Norton, Massachussetts BITNET: JEHNINGS@WHEATNMA ------------------------------ Date: Tue, 26 Jun 90 16:43:00 -0400 From: Zav Subject: ZUC info anyone (mac)? !-> I survived Southeastern Mass Uuu., 26-JUN-1990 HEllo, I am wondering if anyone out on the net has any experience/tech info regarding ZUC infections. What does the resource fork of an infected app look like?? While scanning our servers with SAM 2.0, 2 files from the Mac tutor sources were listed as being infected in 2/5/88 and 5/24/88 (PopMenus and Color Mixer). After copying them to a floppy, I scanned with Sam 2.0 again, Rival 1.1 and Disinfectant 1.8 with no reported infections. ?!*?! HUH? What gives? If anyone cares I was in multifinder (I know, I know) while scanning for the second time. any clues anyone? - Alex Zavatone - Software Release Engineer PCSD Mac - Lotus ------------------------------ Date: Wed, 27 Jun 90 11:26:00 -0400 From: Zav Subject: Possible new WDEF Strain (Mac) !-> I survived Southeastern Mass Uuu., 27-JUN-1990 While scanning our servers, SAM 2.0 reported discovering a "strain of WDEF". Upon examination under resedit 2.0a3 the size and code was completely different from the copy of WDEF A that I have. Scans with Disinfectant 1.8 and Rival do not pick this up as a virus. Paul Cozza, John Norstadt would you be interested in checking this file out? It's binhexed and ready to be sent out. - Alex Zavatone - Software Release Engineer PCSD Mac - Lotus ------------------------------ End of VIRUS-L Digest [Volume 3 Issue 117] ****************************************** Downloaded From P-80 International Information Systems 304-744-2253