Copy Link
Add to Bookmark
Report
40Hex Issue 07 File 008
40Hex Number 7 Volume 2 Issue 3 File 008
More Virus News. An informed virus Programmer is a good one.
Article 1: New Macintosh Virus
Article 2: RockSteady's 666 Virus [NuKE]
Article 3: A Stooge's View
<<<<<<<<<
Article 1
<<<<<<<<<
Date: Fri, 17 Apr 92 11:34:50 -0500
>From: Gene Spafford <spaf@cs.purdue.edu>
Subject: Mac announcement - new virus (Mac)
New Macintosh Virus Discovered
17 April 1992
Virus: CODE 252
Damage: some, possibly severe (see text)
Spread: unknown (see text)
Systems affected: Apple Macintosh computers. All types, but see text.
A new virus, which has been designated "CODE 252", has been discovered
on Apple Macintosh computer systems. This virus is designed to trigger
if an infected application is run or system booted between June 6 and
December 31, inclusive. When triggered, the virus brings up a dialog
box with the message:
You have a virus.
Ha Ha Ha Ha Ha Ha Ha
Now erasing all disks...
Ha Ha Ha Ha Ha Ha Ha
P.S. Have a nice day.
Ha Ha Ha Ha Ha Ha Ha
(Click to continue...)
Despite this message, no files or directories are deleted in the
versions of the virus we have seen; however, a worried user might
power down the system upon seeing the message, and thus corrupt the
disk -- this could lead to significant damage. Furthermore, the virus
may interact with some applications in such a manner as to damage them.
Under System 7, the System file can be seriously damaged by the virus
under at least some circumstances as the virus attempts to spread.
This may lead to a system that will not boot, crashes, or other
unusual behavior.
Between January 1 and June 5, inclusive, the virus simply spreads from
applications to system files, and then on to other application files.
At the present moment, we have no indication that the virus causes
direct damage to any existing applications.
The virus does not spread to other applications under MultiFinder on
System 6.x systems, nor will it spread under System 7. However, it
will run on those systems if an infected application is executed.
Even if you are running one of these systems, we recommend you obtain
an use one of latest versions of appropriate anti-virus software.
As of the date of this announcement (17 April 92), we have had limited
reported sightings of this virus. This, combined with the nature of
operation of the virus, leads us to believe that the virus is not yet
widespread.
The current versions of Gatekeeper and SAM Intercept (in advanced and
custom mode) are effective against this virus. Either program should
generate an alert if the virus is present and attempts to spread to
other files. The Virex Record/Scan feature will also detect the virus.
Authors of all major Macintosh anti-virus tools are planning updates
to their tools to locate and/or eliminate this virus. Some of these
are listed below. We recommend that you obtain and run a CURRENT
version of AT LEAST ONE of these programs.
Some specific information on updated Mac anti-virus products follows:
Tool: Disinfectant
Status: Free software (courtesy of Northwestern University and
John Norstad)
Revision to be released: 2.8
Where to find: usual archive sites and bulletin boards --
ftp.acns.nwu.edu, sumex-aim.stanford.edu,
rascal.ics.utexas.edu, AppleLink, America Online,
CompuServe, Genie, Calvacom, MacNet, Delphi,
comp.binaries.mac
When available: soon
Tool: Gatekeeper
Status: Free software (courtesy of Chris Johnson)
Revision to be released: 1.2.6 (probably)
Where to find: usual archive sites and bulletin boards --
microlib.cc.utexas.edu, sumex-aim.stanford.edu,
rascal.ics.utexas.edu, comp.binaries.mac
When available: eventually
Comments:
Gatekeeper should find this virus if it attempts to infect your
system or applications, and thus does not need an update.
Gatekeeper Aid will need an update to "know" exactly what virus it
is seeing so it can remove the virus, but the update is not
crucial for continued protection. As Gatekeeper is freeware and
Chris has a "real" life, this update may not be immediate.
Tool: Rival
Status: Commercial software
Revision to be released: Rival 1.1.9v (CODE 252 Vaccine or Refresh 1.1.9v)
Where to find it: AppleLink, America Online, Internet, Compuserve.
When available: Immediately.
Tool: SAM (Virus Clinic and Intercept)
Status: Commercial software
Revision to be released: 3.0.8
Where to find: CompuServe, America Online, Applelink, Symantec's
Bulletin Board @ 408-973-9598
When available: 17 April 1992. Version 3.0.8 of the Virus
Definitions file are also available.
Tool: Virex INIT
Status: Commercial software
Revision to be released: 3.8
Where to find: Microcom, Inc (919) 490-1277
When available: Immediately.
Comments:
Virex 3.8 will detect and repair the virus. All
Virex subscribers will automatically be sent an update on
diskette. All other registered users will receive a notice with
information to update prior versions to be able to detect
CODE 252. This information is also available on Microcom's BBS.
(919)419-1602, and is presented here:
Guide Number = 6324448
1: 0203 3001 7778 2A00 / 79
2: 0C50 4EFA 0003 A9AB / C4
3: 0004 A9AA 0002 A647 / B2
4: 8180 9090 9090 9090 / 1B
Tool: Virus Detective
Status: Shareware
Revision to be released: 5.0.4
Where to find: Usual bulletin boards will announce a new search string.
Registered users will also get a mailing
with the new search string.
When available: Immediately.
Comments: search strings are:
Resource Start & Size < 1200 & WData 2F2C#23F3C#2A9A0*3F3C#24878#2A9AB;
For find CODE 252 in Appl's
Filetype=ZSYS & Resource INIT & Size < 1200 & WData 2F2C#
3F3C#2A9A0*3F3C#24878
#2A9AB; For find CODE 252 in System
If you discover what you believe to be a virus on your Macintosh
system, please report it to the vendor/author of your anti-virus
software package for analysis. Such reports make early, informed
warnings like this one possible for the rest of the Mac community.
<<<<<<<<<<
Article 2:
<<<<<<<<<<
==========================================================================
Date: 04-27-92 (04:18) Number: 264 of 275 (Echo)
To: ALL Refer#: NONE
From: STEVENS WALLACE Read: (N/A)
Subj: 666 IS GONNA GET YEAH Status: PUBLIC MESSAGE
Conf: N_VIRUS (41) Read Type: GENERAL (A) (+)
Rock Steady `666' Virus Released: Mar 24'92
[Montreal,Canada] PROGRAMMED:By Rock Steady. A few patches from other neat
Viruses
DAMAGE:The Virus will format the HD BOOT & FAT area on the 13th of
every Month! I wrote TWO formating procedures. One with the INT 13h and one
with the INT 26h! To make 100% the suckers HD gets trashes for GOOD!
NOTES:This is a Simple EXE & COM Infector! It infects ALL Files Executed The
Virus Hides in High Memory! And Hooks Int 21h! It will increase files by the
length of 666 Bytes! but if the Virus is Resident in Memory the Length of
the Files on a "DIR" will remain the SAME under MSDOS V3.30 - 5.0!
OTHER:*uck the Name. Its the ONLY text in the Virus! So the Anti-Virus
people will call it `Rock Steady', since the virus needs that signature to
check if the file is infected on infection routines & DIR routine!
PURPOSE:To make a very small "Stealth" Virus. And create a HOLE shit load of
damage for people not to forget!
ANTI-VIRAL:*uck Them! I've tried with SCANV89B, F-PROT2.03A, VirexPC Central
Point 1.2, Nortan Scanner, ViruScan And it's UNDETECTABLE!
Neat heh? McGill Univ. is flipping over this new Virus that they just got hit
with in Montreal. *uck it's hot...
aLl comments to moi...
=======================================================================
<<<<<<<<<<
Article 3:
<<<<<<<<<<
Extracted from "Gui Guts" by Yacco, in ComputerCraft Magazine, June 1992
------------------------------------------------------------------------
Mutant Ninja Morons
-------------------
Did you survive the Michaelangelo Virus? That's what everybody,
including Bill, the guy from UPS, has been asking me. I spent most of
last night organizing and archiving several year's worth of data. I
suppose I should be grateful to the fan of comic culture who wrote this
virus for the motivation to do something I've been putting off for a
long time. But these virus writers aren't exactly virtuous. I wouldn't
be sitting here now creating files with tomorrow's date on them if they
were. In fact, it occurs to me that what motivates them is a need to
control and terrorize people. In other words, they're a new breed of
rapist: the mass rapist. And just like physical rape isn't about sex,
electronic rape isn't about intellectual challenges.
[I wasn't going to comment until I got this classic article. This is so
funny. This guy thinks Michelangelo was named after the Teenage Mutant
Ninja Turtle. And hell, *IF* we are rapists, Yacco, better bend over
and spread em wide, cause we are gonna fuck you hard. What kinda name
is Yacco??? Fuck him. Why is everyone so curious as to what motivates
us? Can't it be that we just simply enjoy it? Must it be social
problems, or publicity? Don't blame the virus community for the
Michelangelo scare, blame the Anti Virus Community. It was a scare, a
simple ploy to gain money! I had everyone asking me how do I protect
myself? So, I spent a couple days helping out people who weren't
infected. Everywhere I went, Michelangelo! How many infections did I
find? 1. One fucking infection. I think everyone in the Anti-Virus
Community benefitted. Do you think that the author of Michelangelo made
a press release about the virus? I don't recall that. So, there goes
the publicity theory. He didn't control anyone. Anti-Virus people did.
A scare tactic. Plain and simple. The End.]
PS: Saw a useful article in the latest issue of a magazine? Anything
Virus related? Well, ya don't have to type it in! Just contact a
-=PHALCON/SKISM=- Member, and we will take care of it. Leave him mail
stating what magazine, what issue, and what page, and your handle (We
will throw ya into our Greet list).
->GHeap!
+++++
