CIAC A-10

eZine lover (@eZine)

Published in 

The Computer Incident Advisory

 · 4 years ago

  

_____________________________________________________________ 
        THE COMPUTER INCIDENT ADVISORY CAPABILITY 

                         CIAC 

                INFORMATION    BULLETIN 
_____________________________________________________________ 

Information about the PC CYBORG (AIDS) trojan horse  

December 19, 1989, 1600 PST                     Number A-10 

There recently has been considerable attention in the news  
media about a new trojan horse which advertises that it  
provides information on the AIDS virus to users of IBM PC  
computers and PC clones.  Once it enters a system, the trojan  
horse replaces  AUTOEXEC.BAT, and may count the number of  
times the infected system has booted until a criterion number  
(90) is reached.  At this point PC CYBORG hides directories,  
and scrambles (encrypts) the names of all files on drive C:    
There exists more than one version of this trojan horse, and  
at least one version does not wait to damage  drive C:, but  
will hide directories and scramble file names upon the first  
boot after the trojan horse is installed. 

At first PC CYBORG was distributed only in Europe, although  
several PC CYBORG infections have recently been reported in  
the U.S.  No DOE site has been affected yet, and the  
probability of a widespread infection of this trojan horse  
throughout DOE is extremely small.    This trojan horse is  
introduced into systems through a disk called the AIDS  
Information Introductory Diskette, which has been mailed to a  
mailing list which the author(s) of this trojan horse  
obtained.   PC CYBORG is a trojan horse, not a virus, and  
thus is limited in ability to spread.  This information  
bulletin is being distributed in response to questions raised  
because of the considerable media attention the trojan horse  
has received, more than because of a genuine threat to  
systems. 

If you receive a disk in the mail which purports to provide  
information on AIDS, do not load the disk into your computer.   
Please save the disk, and contact CIAC immediately.  If you  
have already run this disk, please also call CIAC as soon as  
possible.  It is important to leave your PC on if it is  
currently on, or leave it off if it is currently off.   
Failure to do so may result in loss of your data, or make  
recovery more difficult.  CIAC has developed recovery  
procedures, which are too lengthy to publish in this  
bulletin. 
  
For further information, including information about recovery  
procedures, please contact CIAC: 

        Tom  Longstaff 
        (415) 423-4416 or (FTS) 543-4416 
        FAX: (415) 294-5054 

 
or send e-mail to:  ciac@tiger.llnl.gov