# 95-01


Contents


        VIREX Update for NVP
        IBM Update for AntiVirus/DOS and OS/2
        CVDQ Becomes UTR
        The Scanner, Volume 1, Issue 1
        VI-SPY Update


1.  Datawatch Corporation has notified registered users of a Virex update
to detect the "NVP" trojan horse which targets Macintosh systems.  The
trojan horse is an apparent hack of a program issued sometime ago to
disable the vowel keys.  The original program "NVwl" INIT by Shane Looker and
the installer/de-installer applications "No Vowels II" and "Yes Vowels II" by
Trevden Sherzell are, according to one analysis, identical to the trojan.  This
analysis proposes that the trojan author renamed "No Vowels II", and that the
antidote "Yes Vowels II" should be sufficient for those who do not have the    
Virex update.  If is unclear if other anti-viral developers will issue updates
since Internet discussions suggest that SAM and Gatekeeper, for example, would
have detected the activity of the trojan prior to damage--if the programs
were properly configured.

2.  IBM has just released version 2.0 of its IBM AntiVirus/DOS and IBM
AntiVirus/2 (OS/2).  There are significant changes in that the DOS version
will no longer support Windows versions below 3.1.  In a similar vein the OS/2
version will no longer support OS/2 version 1.3.  The User's Guide has been
updated.  There has been a slight increase in the Annual Protection Plan
which includes four updates.  The rate is now $89.95 with an additional
$14.00 for shipping and handling.  Since the program is one of six that I
regularly use for MS-DOS anti-viral applications, I have found the annual
plan to be cost-effective and as a DoD site more practical than downloading
updates from the DISA host.                      

3.  The "Computer Virus Developments Quarterly" has become a monthly
publication retitled "Underground Technology Review".  The change occurred
with Volume 3, Number 1, December 1994.  The first edition was very uneven
in my opinion with too many soap box comments from Mr. Ludwig.  For example,
"This magazine is founded on the old american tradition of openness and
individual responsibility."  I was waiting for Mr. Ludwig to make some
claim that there is a constitutional amendment which guarantees the right
of anyone to distribute computer viruses, but maybe that has been saved
for another day.  Curiously the distribution of source code and compiled
viruses/trojan horses has ended with the change.  Personally that part of
my CVDQ subscription was the most interesting.  A UTR subscription is
$39.95 for US customers, $49.95 for overseas readers.  American Eagle
Publications is at P.O. Box 41401, Tucson, AZ 85717. 

4.  Howard Wood publishes "The Scanner -- The Anti-Virus Newsletter of
Today".  While there are many sources which cover this area of information
systems security, the January 1995 edition has a concise overview of 
polymorphic generators (i.e., MtE, TPE, DAME, etc.) which came courtesy
of Mikko Hypponen of Datafellows LTD.  One can obtain a copy through
anonymous ftp to 141.210.10.117 in the path /pub/msdos/virus/snr9501.zip.

5.  VI-SPY, another excellent commercial anti-viral tool for MS-DOS, issued
version 12.0, REL 12.94, on December 29, 1994.  The vendor's automated
update program has remained efficient and timely enough for my enterprise's
threat exposure.


[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author, not his employer.  Recipients
are free to quote all/parts of the ISSU with credit/blame to the
author.]