VIRUS-L Digest Friday, 18 Nov 1988 Volume 1 : Issue 14 Today's Topics: Will The Source of The Worm be Published ? CSI Standpoint on Internet worm (long) CMS Protected Mode (IBM VM/CMS) UK televison programme. Report of brain virus sighting (PC) --------------------------------------------------------------------------- Date: Fri, 18 Nov 88 17:04:18 HMT From: Kostas Antonopoulos Subject: Will The Source of The Worm be Published ? Greetings , Has anyone out there heard if the ArpaNet Worm source will be published ? I've heard that NSA is trying hard to prevent this ... Does anyone know something about ? Thanx , Kostas [Ed. I know that at least a couple people are doing formal papers on the subject, and that there is some talk of an RFC (request for comment from the Internet governing body) being produced. The latter is uncertain. Anyone else have any more info?] ------------------------------ Date: Fri, 18 Nov 88 09:25 CST From: Ken De Cruyenaere 204-474-8340 Subject: CSI Standpoint on Internet worm (long) I have just returned from the 15th annual Computer Security Institute Conference (held this year in Miami Beach). This conference was attended by over 1500 computer security professionals. The CSI Advisory Council composed the following and distributed to all attendees. The intent is to send 'an important message to the computer criminal and to our public servants': November 16, 1988 To: CSI Conferees From: The CSI Advisory Council The education and motivation that all of us receive during this and other computer security conferences helps us to be more effective practitioners. This year's CSI Conference especially should call us to action. You probably attended at least one workshop that discussed the recent ARPANET situation. Whether or no the media "decides" that any damage was done, it clearly produced lost time, slipped deadlines, or--at the very least-- a few cycles of management "think time" worrying about computer viruses. We encourage you to do two things immediately upon your return: 1. Send a letter to your local U.S. attorneys recommending that the ARPANET virus situation be prosecuted to the full extent of the law. It may even be appropriate that your organization take some form of independent legal action in this case; and, 2. Send a letter to your state and federal legislators requesting that they aggressively pursue the development of effective computer crime legislation. You might even offer to help evaluate drafts of pending bills. Attached are sample of letters you may wish to use as models to get this message to your local U.S. attorneys and your legislators. Consider spending a few minutes "wordsmithing" one or more letters and then send them to the people who can make and enforce computer crime laws. As an emerging profession, we can send an important message to the computer criminal and to our public servants... a message that we take our responsibilities seriously, and that we want to establish solid legal accountability for computer and information protection. Michael Corby, Bain & Co. Joseph R. Kretz, Jr., FMC Corp. Thomas R. Peltier, General Motors SAMPLE LETTER TO A UNITED STATES ATTORNEY: Hon.___________________ United States Attorney Sir: I am in charge of computer security for this organization. In the wake of the recent attack of the ARPANET virus, it was necessary to close down our usual computer operations and devote _______ hours of debugging and testing before we could safely resume normal operation. This represents a significant interruption of our business, and deprived us of an estimated $_______ of employee time. In discussing this matter with other computer security professionals, I find that our organization was only one of many which were disrupted or damaged by the deliberate introduction of a viral program. It is my understanding that abuse of access is punishable under Title 18 United States Code 1030(a)(3). The vehicle for this contamination of our systems, as you know, was the ARPANET computer network. If, for example, a primary waterway was polluted, I am confident that your office would act and act firmly; a primary data stream should be equally protected. I urge you to take a close look at this particular offense, and to prosecute it vigorously. I am ready to provide evidence of its impact on our organization, and I will be glad to assist you in documenting further victimization. (Signed)_______________________ SAMPLE LETTER TO A UNITED STATES ATTORNEY: Dear U.S. Attorney: I am writing to you to express my organization's concern over the apparent apathy within the Justice Department as evidenced by their failure to vigorously pursue computer crime incidents and to assume a leadership role in this arena. The recent ARPANET virus case, which has affected thousands of computer systems and cost companies and institutions tens of thousands of man-hours to investigate and remedy--not to mention the cost of denying use of those systems--appears to be another example of this apathy. I, along with many other responsible computer professionals across the United States, beleive it is imperative that this most recent incident be prosecuted to the fullest extent of the law. It is not in the best interests of businesses and other organizations to allow the person(s) responsible for this situation to avoid being held accountable for their actions, let alone be allowed to profit by it. To do so would only encourage more of the same. Existing federal computer crime statutes, such as 18 USC 1030(a)(3), can be applied in this case. My organization expects those avenues to be fully pursued by the Justice Department. I would appreciate knowing what actions will be taken by your department in this matter. Sincerely, SAMPLE LETTER TO A STATE OR FEDERAL LEGISLATOR: Dear Senator/Representative _______________: I am a computer professional whose job responsibilities include protecting the integrity and reliability of my company's critical business data. If organizations are to gro and prosper, business decisions must be made on the basis of accurate and timely data. I am personally and professionally appalled by the risks posed to this decision-making ability by computer criminals. I therefore join my tens of thousands of responsible colleagues and millions of citizens who support the development ond enforcement of strict computer crime legislation. I urge you to aggressively push for full penalties for perptrators of computer crimes, especially the creation of damaging virus programs, as was the case in the recent ARPANET incident. As your constituents, we encourage and expect your support for the necessary computer crime legislation. I am willing to work with you in evaluating and developing laws that protect our valuable decision-making ability. I look forward to hearing from you. Very truly yours, ------------------------------ Date: Fri, 18 Nov 88 11:11:03 EST From: Gabriel Basco Subject: CMS Protected Mode (IBM VM/CMS) On the REXX Discussion list, the subject on the CHRISTMA EXEC also appeared, and someone had a comment that in CMS, you can run a program in 'protected mode'. Can anybody give me more details? ------------------------------ Date: 18 Nov 1988 14:31:22-WET Subject: UK televison programme. From: Julian Daley This message may well get to UK sites too late to matter, but here goes ... Channel 4 in the UK (? S4C) are screening the penultimate programme in their Equinox series on Sunday 20 November. The programme concentrates on chaos and promises to cover the history behind the subject and current thinking. I haven't seen any of the other programmes in this series so I can't vouch for its accuracy or eloquence. I'll try to watch the programme (video recorder permitting !) and if there is anything interesting post a reply to The List. (Don't let that stop anyone else who sees it from commenting - I'm a physicist, not a TV critic ! ) Julian. ------------------------------ Date: Fri, 18 Nov 88 13:13 EST From: "Shawn V. Hernan" Subject: Report of brain virus sighting (PC) For those of you who are interested in such things, there are indications that the "brain" virus might have hit Pitt. By 'indications' I mean that someone in the labs said he discovered it using 'nobrain', a pd (?) virus detector/eliminator. Shawn Hernan Univ. of Pittsburgh ------------------------------ End of VIRUS-L Digest *********************