| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 4170.1 | Update | WILARD::BARRETT | Experience Far Fig Newton? | Fri Oct 05 1990 13:01 | 31 |
| Article 67328
From: [email protected] (John Veldthuis)
Newsgroups: comp.sys.amiga
Subject: Re: New Virus
Date: 2 Oct 90 23:15:30 GMT
Organization: Amiga Virus Extermination Services, NZAmigaUG :).
Quoted from - [email protected] (Todd Olson):
>
> It must be my lucky year! I found a new virus (again). This
> one manifests itself in a so called "new" version of unwarp, version 1.4.
> The virus is integrated into the unwarp file. The virus is written
> by the Centurions. It changes the KickTagPtr, and it contains some text
> that I scanned from memory.
[text deleted]
After a quick disassemble of the virus I found that it lives in the memory
area of $7f000 and takes over the trackdisk BeginIO vector. It also has a
Romtag to survive reboots and patches the exec SumKickData vector.
It waits for reads to the bootblock of a disk, then looks for the first
command in the startup-sequence. If the disk is not write protected it will
add itself to the start of this file as a code hunk. It addes 3196 bytes to
the program it infects. The data in the file is encrypted and after every
ten copies it will change the pointer to a smily face that has text
scrolling under it. To do the smily face it goes into the private stuff of
the graphics.library and bombed out when I ran CED to alter a file.
It does it's copying at the block level and not the file level
--
*** John Veldthuis, NZAmigaUG. [email protected] ***
|
| 4170.2 | Just concerned | MQOFS::DESROSIERS | Lets procrastinate....tomorrow | Thu Mar 28 1991 09:10 | 53 |
| The following two exerpts from VNS news, hint at new viruses (viri???)
coming out all the time. I gather that most of them are for the PC
market, but what about Amigans, has anyone seen or heard of new
infections?, what about Steve Tibbett's VirusX, has there been a new
release?
Jean
�
Viri - Computer viruses are spreading, expert warns
{The Lowell Sun, 13-Mar-91, p. ?}
{Contributed by: Indirectly, so I don't have the name of the original
contributor - TT}
The threat of computer viruses continues to grow as existing viruses
multiply and computer marauders introduce new varieties at the rate of two a
week, experts say. The destructive invaders infect more than one-quarter of
major U.S. personal computer users each month, according to a survey released
Wednesday in conjunction with a computer virus conference. Viruses are
multiplying so rapidly that by the end of the year, nearly every major U.S.
company that is a heavy user of personal computers will experience a virus
infection once a month, predicted Peter Tippett, a computer virus consultant.
The attacks are growing because viruses are multiplying exponentially as they
spread among computer networks and shared software, Tippett said. In addition,
he told a news conference, "There are more and more people writing more and
more viruses all the time."
VNS TECHNOLOGY WATCH: [Mike Taylor, VNS Correspondent]
===================== [Littleton, MA, USA ]
Bulgarian Connection
Bulgaria is fast becoming a breeding ground for some of the world's
most lethal computer viruses. A dozen young Bulgarians are being
blamed for up to 90 of the known 300 viruses written for the IBM PC.
A strain called Dark Avenger, which recently infected US military
computers, is probably the best known from the region. Experts
believe the trend will worsen. As one Bulgarian computer scientist
told the New York Times, "the first law of computer viruses is that
if it can be made it will be. The second law is that if a computer
viruses can not be made, it will be anyway."
{CACM March 1991
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Please send subscription and backissue requests to CASEE::VNS
Permission to copy material from this VNS is granted (per DIGITAL PP&P)
provided that the message header for the issue and credit lines for the
VNS correspondent and original source are retained in the copy.
<><><><><><><><> VNS Edition : 2289 Thursday 28-Mar-1991 <><><><><><><><>
|
| 4170.3 | Beware hyperbole | KALI::PLOUFF | Ahhh... cider! | Thu Mar 28 1991 10:59 | 18 |
| This is tired old stuff... Yes, there are plenty of viruses out there.
But all the warnings about the rising tide of viruses seem to come from
those with a vested interest in selling virus prevention products or
services. The field, especially in the MS-DOS world, is filled with
hype.
Other regular contributors to this notesfile take a stronger stand than
me, but in three years of Amiga ownership I have had _no_ virus
problems. The keys for me are a) using only a handful of bootable
disks which are also write protected (lately a hard drive), and
b) getting software from a known, trustworthy source. Between
commercial software, Fred Fish disks, Usenet newsgroup postings, and
uploads by Digits to the TAPE:: archives, there's far more "safe"
software available than I could possibly ever use.
Note: this works for me. Your mileage may vary, as they say.
Wes
|
| 4170.4 | | BAGELS::BRANNON | Dave Brannon | Fri Mar 29 1991 12:15 | 12 |
|
I agree with what Wes said. I'd also add that it's a good idea to
put something like Virusx in your startup-sequence. And keep it
updated to the current version. It's better to prevent the problem
than to try to clean up after it.
I've also found it's another great way to show off the Amiga's
multitasking :-) Given all the hype about viruses, shouldn't every
computer offer painless background running of YOUR choice of a virus
detector (not just TSRs or desk accessories)?
Dave
|
| 4170.5 | Lazerus? | TOOK::KEEGAN | Peter Keegan | Mon May 13 1991 10:18 | 14 |
| Last night, I experienced an unusually high number of failures: disk copy
errors, random gurus, etc. At one point, after running diskdoctor, reformatting
a floppy and other sundry stuff, I got a file requestor requesting me to
insert volume "LAZERUS:" (spelling may be off a bit). Well, I don't have any
disk labelled 'Lazerus', and I didn't do any implicit or explicit assigns.
In fact, the requestor came up when I tried to 'cd' to a different directory
than the one I was in, which was on a floppy labelled 'Utils2'.
Fearing a virus was nearby, I powered down for the evening.
Does the name 'Lazerus' mean anything to the virus experts out there?
(BTW, I had VirusX running at the time and received no reports from it)
-Peter
|
| 4170.6 | Lazarus emphatically not virus | KALI::PLOUFF | Ahhh... cider! | Mon May 13 1991 10:21 | 8 |
| Note to those without a Christian background: Lazarus was raised from
the dead. When DiskDoctor "resurrects" a floppy, it has to provide
some volume name. So you have gotten your corrupt disk back, or most
of it, with a new name.
No, it is NOT a virus!
Wes
|
| 4170.7 | | WAREGL::WILSONTL | Lead Trumpet (Read that...LEED!) | Mon May 13 1991 10:22 | 3 |
| It's been a while since I heard that name. Isn't LAZARUS the name DISKDOCTOR
gives a disk that it has resurrected?
|
| 4170.8 | whew! | TOOK::KEEGAN | Peter Keegan | Mon May 13 1991 15:50 | 9 |
| My Christian roots are coming back to me now.
This must be a feature of the 1.3 DiskDoctor, as I don't recall this in 1.2,
which was the last time I used DiskDoctor.
(thanks - I was getting a little paranoid, having pulled quite a few things
off the PD, recently)
-peter
|
| 4170.9 | | BOMBE::MOORE | Amiga: Where 'multimedia' REALLY began | Mon May 13 1991 16:31 | 3 |
| I believe DiskDoctor has always done this, but it will retain the
disk's original label if that information is still intact. That's
probably why you didn't see it before.
|