Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA21301; Thu, 7 Jun 90 13:37:24 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA14010; Thu, 7 Jun 90 13:37:23 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA01516; Thu, 7 Jun 90 13:37:05 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa13557; 7 Jun 90 15:02 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 05 Jun 90 14:03:36 BST Message-Id: <$TGVGDBVHCNXJ at UMPA> Subject: Virus-L vol 0 issue #0610 Virus-L Digest Fri, 10 Jun 88, Volume 0 : Issue #0610 Today's Topics Re: Uses of Self-Replicating Code the media and viruses Re: the media and viruses PK36.EXE ARC maker/extractor by Phil Katz now available Re: the media and viruses Re: PKARC 3.6 -- Is it a VIRUS? that comment I made (come on now,guys!) ** no subject, date = Fri, 10 Jun 88 08:55:54 EDT ------------------------------ Date: Fri, 10 Jun 88 07:57:46 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Re: Uses of Self-Replicating Code In-Reply-To: Message of Thu, 9 Jun 88 09:37:00 EDT from >the software update would propagate itself to your other system disks in >the same way viruses propagate! Then it could be called a virus. (At least it got the user's approval before propogating...) Remember, a virus need not be harmful. All that it needs to do to be classified as a virus is to replecate itself. In Dr. Cohen's dissertation, he mentions a compression virus. This compression virus attaches itself (eventually) to all of the executable files on a system and, whenever they're executed, it uncompresses them and then loads them. Of course, when it first infects an executable file, it compresses it. Such a compression virus, according to Dr. Cohen, is capable of greatly reducing the amount of disk space that all the executable files take up. Thus, it is a *good* virus. Of course, the fact that an executable file has to be uncompressed every time it is executed slows the computer down considerably, but nonetheless, the compression virus is a good one. Ken Kenneth R. van Wyk User Services Senior Consultant Steve Dallas: Who's driving?! Lehigh University Computing Center Opus: Oh keep your pants on, Internet: I pressed cruise control. BITNET: -------------------- Date: Fri, 10 Jun 88 09:36:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Jim Shaffer, Jr." Subject: the media and viruses For the people who say the media are blowing the virus problem out of proportion: The media are blowing the AIDS virus problem out of proportion also. I don't know anyone who has it, or anyone who knows anyone who has it. So it's really not a problem. -------------------- Date: Fri, 10 Jun 88 11:21:49 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: CB Lih Subject: Re: the media and viruses In-Reply-To: Message of Fri, 10 Jun 88 09:36:00 EDT from >For the people who say the media are blowing the virus problem out of >proportion: > >The media are blowing the AIDS virus problem out of proportion also. >I don't know anyone who has it, or anyone who knows anyone who has it. >So it's really not a problem. I hope this was just a poor taste sarcasm. It would be even worse if he's serious. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Sincerly, and I mean that, =---> CB Lih <---= User Services -> Computing Services -> University of Arkansas -> Fayetteville CL06076@UAFSYSB Disclaimer: There's a hole in my ozone layer. -------------------- Date: Fri, 10 Jun 88 13:41:46 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List Comments: Resent-From: KPETERSEN@SIMTEL20.ARPA Comments: Originally-From: Keith Petersen From: KPETERSEN@SIMTEL20.ARPA Subject: PK36.EXE ARC maker/extractor by Phil Katz now available Now available via standard anonymous FTP from SIMTEL20.ARPA... Filename Type Bytes CRC Directory PD1: PK36.EXE.1 BINARY 117781 977FH PK36.EXE is Phil Katz's latest release (ver 3.6) of PKARC/PKXARC. It literally blows away the competition with its new features and speed. Improvements include: ability to add/delete members from existing ARC even if there is less space than required to make the new ARC (great for floppy disk use); ability to read configuration file with your favorite options to make them the defaults (nice for setting it to always make SEA-compatible ARCs) but you can still override the specified defaults with command line options; ability to display the name and version number of the ARC maker that produced any ARC file; optional paginated text extract to screen, and many more new features. This copy of PK36.EXE was obtained directly from Phil Katz in order to assure its authenticity. Keith Petersen Maintainer of the CP/M and MSDOS archives at SIMTEL20.ARPA [26.0.0.74] Arpa: W8SDZ@SIMTEL20.ARPA Uucp: {decwrl,harvard,lll-crg,ucbvax,uunet,uw-beaver}!simtel20.arpa!w8sdz GEnie: W8SDZ -------------------- Date: Fri, 10 Jun 88 12:44:35 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Len Levine Subject: Re: the media and viruses In-Reply-To: Message from "CB Lih" of Jun 10, 88 at 11:21 am >>For the people who say the media are blowing the virus problem out of >>proportion: >>The media are blowing the AIDS virus problem out of proportion also. >>I don't know anyone who has it, or anyone who knows anyone who has it. >>So it's really not a problem. > I hope this was just a poor taste sarcasm. It would be even worse if >he's serious. I am sure he meant the remark as a sarcastic one. Clearly the existence of a virus on any machine is a threat, not just when it is on yours. We can afford to be more thick skinned than this. len@evax.milw.wisc.edu -------------------- Date: Fri, 10 Jun 88 13:59:30 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: David Camp Subject: Re: PKARC 3.6 -- Is it a VIRUS? In-Reply-To: Message of Thu, 9 Jun 88 12:26:57 EDT from > >Recently a file called PK36.EXE with a size of 118K has appeared on a >BBS near me. Is this really a new version of PKARC/PKXARC? Is this a >Trojan or virus? > >Please post your answer so that a warning/verification can reach as >far as possible. > >Mark This file was found in PKARCJAN.ARC on LISTSERV@RPICICGE. -David- - ------------------- FILE alert doc --------------------- - ------------------------- cut here -------------------------------- c: ARC+ZOO+ #1002 12-27-87 23:16 (Read 0 times) f: PHIL KATZ (REBEL LEADER) t: ALL s: TROJAN ALERT cc: SYSOP 12/27/87 There have recently been several trojan/hacked/pirated versions of PKARC/PKXARC showing up. The most vicious of the bunch is called NEWARKR.EXE. This is a (PKSFX) self-extracting file, but contains no DOCS. The programs PKXARC, PKARC, and PKSFX have been renamed to XARKR, ARKR, and RKSFX respectively. The PKWARE copyright has been removed from these programs, along with PKWARE's address and all references to ShareWare. The Copyright notice has been replaced with the phrase "Public Domain Software". Thesee programs have been modified in other means too, and their reliability is unknown. Equally malicious, there has been a trojan patch for PKXARC that has been cirulated. It is a copy of a valid message from me posted on USENET, except the patch given in the message has been changed to write directly to the FAT and wipe out disk C. There have been also various files circulated claiming to be PKARC/PKXARC versions 3.6 and 5.3. These are all hacked or pirated. The perpetrators of these hacks are guilty of Copyright infringement, theft, libel with malice, or other applicable crimes. PKWARE Inc. will seek to prosecute these individuals to the fullest extent of the law. If you see any file claiming to be a new version of PKARC/PKXARC or a patch to those programs, and are unsure of their origin, please check the following BBS's for the authentic files: PKWARE BBS 414-352-7176 EXEC-PC 414-964-5160 RBBS OF CHICAGO 312-352-1035 SOUND OF MUSIC 516-536-8723 If you do encounter any hacked or pirated files, please inform the SYSOP of the system with these files to delete them immediately. Please also inform PKWARE inc. of these files, their origin, and all other information that you have available. We can be reached at either any of the above BBS numbers, or 414-352-3670 voice. Only with your help can these very sick individuals be prevented from causing harm to unsuspecting victims of these hacked and pirated programs. >Phil Katz> - ------------------------- cut here -------------------------------- > >-- >Mark Smith (alias Smitty) "Be careful when looking into the distance, >61 Tenafly Road that you do not miss what is right under your nose." >Tenafly, NJ 07670 {backbone}!rutgers!topaz.rutgers.edu!msmith >msmith@topaz.rutgers.edu Bill and Opus in '88!!! -------------------- Date: Fri, 10 Jun 88 16:31:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Jim Shaffer, Jr." Subject: that comment I made (come on now,guys!) That comment I made about the media and viruses was sarcastic. But I DON'T think it was in even slightly bad taste. It was intended to make a point, which I hope it did. -------------------- Date: Fri, 10 Jun 88 08:55:54 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: riacs!ames!hc!csed-1!csed-47!roskos@rutgers.edu > The long and the short of it is that a truly nasty virus _might_ be able to > render your Mac II logic board useless (until you short your battery). > In any event, DON'T short your battery unless you WELL know EXACTLY > what you are doing! Don't short your battery anyway. I have forgotten the procedure, but I remember that there is a way (by holding down a combination of keys, or the mouse and some keys, but I don't recall) that will cause the parameter RAM to be reinitialized during system startup (the ROM checks for this combination and resets the RAM before it looks to see what is in the RAM, so prior contents don't affect it). This was added specifically for the models of Macintosh that had nonremovable batteries, and was put in before the ones with the nonremovable batteries even came out. I remember this from when I was working for one of the Mac applications software developers over a year ago; it was in the pre-release technical documentation. But since I don't program Macintoshes any more I don't remember the procedure; does anybody else know what it is? I guess it is remotely possible that they removed it from the startup code, but I kind of doubt it; Apple engineers aren't that forgetful, that they would not provide a way to reinitialize the PRAM. For one thing, they have to initialize it when they first assemble the machines... -------------------- *** end of Virus-L issue ***