Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA25952; Tue, 12 Jun 90 06:57:56 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA13037; Tue, 12 Jun 90 06:57:52 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA04386; Tue, 12 Jun 90 06:57:38 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa11242; 12 Jun 90 11:48 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 12 Jun 90 11:10:44 BST Message-Id: <$TGVTCZHTCBWK at UMPA> Subject: Virus-L vol 0 issue #0825 Virus-L Digest Thu, 25 Aug 88, Volume 0 : Issue #0825 Today's Topics Dup Mails Re: Hard Disks Safeguard and SUG RE: Safeguard and SUG Re: Safeguard and SUG Re: Safeguard and SUG SUG Re: Safeguard and SUG Re: The First Virus SUG RE: a new virus: Re: Softguard ------------------------------ Date: Thu, 25 Aug 88 09:27:00 H Reply-To: Virus Discussion List Sender: Virus Discussion List From: Living on a Prayer Subject: Dup Mails How about receiving the same mail 5 times !!?? And IBMPC-L digest is no small file. This is really very unhealth for the net. Marvin Wong ! Never assume for it will make wongkokh@nusdiscs ! an ASS out of U and ME csc30001@nusvm ! National University of Singapore ! Department of Information Systems and Computer Science -------------------- Date: Thu, 25 Aug 88 08:23:18 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ken van Wyk Subject: Re: Hard Disks In-Reply-To: Your message of Wed, 24 Aug 88 13:42:34 CST > If you formatted your hard > disk into several partitions, and had one partition just for COMMAND.COM, > IBMBIOS.COM, IBMDOS.COM, CONFIG.SYS, etc...., how effective would that be > in slowing down the spread of virii? Not very effective at all, by itself. There is at least one anti-virus device which can (hardware) write protect a range of cylinders on your hard disk (i.e., a partition). It would definitely reduce the threat of a virus spreading if you could put your system files (and as many executables, overlays, etc.) on a write protected device like that. The problem is that it's not to convenient to use, and you should really understand what you're doing while you have the disk not write-protected. That is, while installing software on that partition, you're as open as ever to virus contamination. > If you ran MAPMEM (which shows hooked vectors), could you see what vectors > a virus might have hooked for itself? Could you then free up that portion by > using RELEASE on it? (assuming you ran MARK first.....) Sometimes. MAPMEM, by itself, only reports the most recently run program that is taking any one interrupt vector. That is, if two programs took INT 13H, then only the second one run would be reported. There is an accompanying (I think in the same package, by TurboPower Software) program called WATCH which causes MAPMEM to show all programs which have taken any particular interrupt. As long as a virus loads *AFTER* WATCH, then it should show any interrupts in use. The problem, however, comes in when a virus, such as a boot sector virus, is loaded before anything else. You won't be able to see any of the interrupts that they're using with tools like MAPMEM. MAPMEM, WATCH, MARK, RELEASE, and others that I can't remember the names of, are public domain programs released by TurboPower Software. They're written in Turbo Pascal and include source code. Good stuff. Ken Kenneth R. van Wyk Mom: *RISE AND SHINE, CALVIN!* User Services Senior Consultant Calvin: Mbbgglkjsfdfy! Lehigh University Computing Center Mom: The early bird catches the worm! Internet: Calvin: Great incentive! BITNET: -------------------- Date: Thu, 25 Aug 88 04:00:41 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Steve Subject: Safeguard and SUG Frank San Miguel related an incident involving a "virus" called SUG that scrambles FAT tables and generally destroys data. This is no reflection on Frank, but having never heard this before it seems hard to believe that a company could be so irresponsible. If it's true I wonder if it's a real virus (that propagates) or just a nasty program that reformats disks. Whether it propagates or not, it's clear that the program has no way of discriminating between someone simply trying to make a backup copy of a program (or perhaps trying to install it on a hard disk) and someone trying to make pirate copies of a disk. In any case, it would appear that the company has gone out on a limb by "taking the law into its own hands" rather than pursuing justice through legal channels. Even if it is justified in trying to protect its software, and even if it argues that legal channels are ineffective, that is no excuse for criminal action (releasing a malicious and destructive program). I would think that such a company would be no more justified than a mob lynching criminal. The criminal may deserve to die, but it should be handled through proper channels and the punishment must befit the crime, as determined by law. - ------------------------------------------------------------------------ Steven C. Woronick | An extrapolation of its present rate of Physics Dept. | growth reveals that in the not too distant SUNY @ Stony Brook | future, Physical Review will fill bookshelves Stony Brook, NY 11794 | at a speed exceeding that of light. This | is not forbidden by relativity, since no 516-632-8133 | information is being conveyed. -------------------- Date: Thu, 25 Aug 88 10:00:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: ZDABADE@VAX1.CC.LEHIGH.EDU Subject: RE: Safeguard and SUG I made reference to the SUG incident in a previous message. I have some code and an article about this on a disk somewhere, and as soon as I find it, I will share it with you. Safeguard was traced to the situation because they had their company name and phone number in their code. (I don't think it was a virus, per se, that they released, but more of a trojan horse.) David /-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ | From: David A. Bader, Studentis Maximus | | | | DAB3@LEHIGH SloNet: 1402 Lorain Avenue | | ZDABADE@VAX1.CC.LEHIGH.EDU Bethlehem, Pa. 18018 | | HACK!DAB@SCARECROW.CSEE.LEHIGH.EDU | | | | SchoolNet: Box 914, -On a mostly harmless | | Lehigh University, blue green planet... | | Bethlehem, Pa. 18015 -And loving it! | \________________________________________________________________________/ -------------------- Date: Thu, 25 Aug 88 10:05:50 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Jim Subject: Re: Safeguard and SUG In-Reply-To: Message of Thu, 25 Aug 88 04:00:41 EDT from I have a feeling that the program distributed by Softgard (if the report is true) is a Trojan Horse rather than a virus. Since most users will have to reformat after having their FAT's scrambled, I'm not sure the program could propagate. In any case, the company would not NEED to have the program propagate to accomplish their (assumed) ends. Even if it doesn't propagate, I agree that the practice is reprehensible. While I don't condone pirating of software, users should be able to make backups, which some copy protection schemes don't provide for. I've never particularly cared for copy-protected software anyway. Jim Marks -------------------- Date: Thu, 25 Aug 88 09:25:01 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Len Levine Subject: Re: Safeguard and SUG In-Reply-To: Message from "Steve" of Aug 25, 88 at 4:00 am >Frank San Miguel related an incident involving a "virus" called SUG that >scrambles FAT tables and generally destroys data. This is no reflection >on Frank, but having never heard this before it seems hard to believe >that a company could be so irresponsible. If it's true I wonder if it's >a real virus (that propagates) or just a nasty program that reformats >disks. Whether it propagates or not, it's clear that the program has no >way of discriminating between someone simply trying to make a backup copy >of a program (or perhaps trying to install it on a hard disk) and someone In Wisconsin, as in other states, a person may shoot to kill if and only if s/he feels that a life is threatened. (A reasonable person test is often invoked.) It is not permitted to do so to protect only property. That is to say, the response must be appropriate to the threat and the invoker of the response must take responsibility for his or her action. If a company does put out such a package that does harm to a user's computer, and if the harm is way out of bound compared to what is being protected, the company is due to be sued, either by a felon, using the program to steal, or, more to the point, by an innocent bystander who may well be using the program in a legal way, or who may be merely damaged by some uninteded side effect. In fact, if I was aware of such a problem with a commercial package, if I felt that a vendor was prepared to risk my computer for his protection, I would avoid the legal packages that the vendor sold, believing that there were some other dirty tricks hidden in the woodwork that had not bitten anyone yet. + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail len@evax.milw.wisc.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U. S. A. Modem (414) 962-6228 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -------------------- Date: Thu, 25 Aug 88 10:32:24 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: David.Slonosky@QUEENSU.CA Subject: SUG In-Reply-To: This is one of the programs documented in the "Dirty Dozen". When is the case coming to court? David Slonosky/QueensU/CA,"",CA | Know thyself? | | If I knew myself, I'd run away. | -------------------- Date: Thu, 25 Aug 88 09:28:48 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Len Levine Subject: Re: Safeguard and SUG In-Reply-To: Message from "VIRUS-L@LEHIIBM1.BitNet" of Aug 25, 88 at 10:00 am >I made reference to the SUG incident in a previous message. I have some >code and an article about this on a disk somewhere, and as soon as I >find it, I will share it with you. Safeguard was traced to the situation >because they had their company name and phone number in their code. (I don't >think it was a virus, per se, that they released, but more of a trojan horse.) > >David > Let's watch this. Should I assume that any electronic media message with someone's name and address in it was written by them? I don't think so. + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Ronald Regan e-mail len@evax.milw.wisc.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U. S. A. Modem (414) 962-6228 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -------------------- Date: Thu, 25 Aug 88 10:42:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: WHMurray@DOCKMASTER.ARPA Subject: Re: The First Virus In-Reply-To: Message of 19 Aug 88 10:39 EDT from "Loren K Keim -- Lehigh University" Loren, I am afraid that I cannot document it, and it may even have been apocryphal. (I was not a user of the net then.) But the first virus that I can recall hearing about was named the "phantom," and was said to have appeared in the arpanet in the very early seventies. After all these years I can no longer distinguish in my memeory between those characteristics that were attributed to the phantom and those that were simply discussed in its context. I can recall that I was not surprised at the time and that I was surprised at FC's assertion that his experiment was the first. Of course that is absurd on its face since "The Adolescence of P1" was published in the early 70's. It described "trapdoors," "Trojan Horses," and viruses in excruciating and withering detail. These were the "kernel of truth" on which the author hung his fantasy. Merle Miller quotes Harry Truman: "The only thing new in the world is the history you don't know." William Hugh Murray, Fellow, Information System Security, Ernst & Whinney 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 -------------------- Date: Thu, 25 Aug 88 11:24:10 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David A. Bader" Subject: SUG When I said that the SUG affair was traced back to softguard through some data in the code, I was not implying that this was the sole reason. I have an article explaining this, but since I am in the middle of packing up and moving rooms for college, I won't be able to find the reference until next monday or so. But when I do, I will post it for your information. David Bader -------------------- Date: Thu, 25 Aug 88 12:11:00 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Dr. Howard J. Ramagli" Subject: RE: a new virus: I N T E R O F F I C E M E M O R A N D U M Date: 25-Aug-1988 12:07pm CST From: Dr. Howard J. Ramagli HRAMAGLI Dept: Info. Systems & Services Tel No: (901) 528-6392 TO: Remote GMAIL User ( _GMAIL%VIRUS-L@LEHIIBM1 ) Subject: RE: a new virus: A curious note on this new Mac Virus. The file spelling (Bostb be Evill) reminds me of the old Microsoft file protection scheme for either Multiplan or Microsoft File. Hope this is of some help. Howard ************************************************************************ * * * Dr. Howard J. Ramagli * * BITNET Info Representative * * Director, Technology Support Services * * Biomedical Information Transfer (BIT) Center * * University of Tennessee, Memphis, 877 Madison, Memphis, TN 38163 * * (901) 528-5024 * * HRAMAGLI@UTMEM1.BITNET U0282 on AppleLink * * * ************************************************************************ -------------------- Date: Thu, 25 Aug 88 19:04:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: ZDABADE@VAX1.CC.LEHIGH.EDU Subject: Re: Softguard I sorted through a thousand disks today and finally found the document on Softguard that I was referring to (under some cryptic filename!). Anyway, here is the memo, and enjoy! - ---------------------------------------------------------------------------- Mark Garvin -- Xymetric Productions -- New York City 3-7-87 I guess I have stirred some interest with my recent messages to BBS's concerning Trojan horse programs. I have decided to write the following file in the interest of warning others and hopefully finding clues to the origin of the programs. I have been operating a Priam 60 Meg hard disk on my AT for the past two years with good results. About four months ago, I encountered a Trojan horse program called HI-Q.COM which corrupted the FAT table on the disk. I lost access to the entire D: drive and the files and boot sectors on the C: drive were so badly damaged that I had to reformat the drive. Since there was nothing to be lost by trying the program again, I decided to confirm that HI-Q.COM was indeed the culprit. I ran a couple of the popular Trojan finders on the file first: Nothing. Thinking perhaps I was mistaken, I ran HI-Q under an INT13-trapper. No INT 13's were found and HI-Q ran normally. Upon rebooting the system, I found the same boot- sector errors, and CHKDSK again reported numerous cross-links, etc. I reformatted the drive and ran media checks to make sure the Priam was sound. After checking several other programs (I did NOT run the Trojan- testers or INT13-trapper again in case those were perhaps Trojan), I ran HI-Q.COM for the third time. Same results. This is enough for me: I'm convinced. Up until this point, I had heard of Trojan horses, but honestly doubted that there were actually competant computer programmers around who were wierd enough to write such a thing. I should also note that there is a program called HI-Q.EXE which has been tested by some boards, and is supposedly NOT a Trojan. I'm not going to try it on my hard disk system. The HI-Q.COM program may not have even been an intentional Trojan -- I'm willing to keep an open mind on the subject. Maybe it was incompetent programming, or perhaps someone ran SPACEMAKER or a similar program on the .EXE file to convert it to a .COM file, and inadvertantly created a Trojan. OK -- that's one thing.. The next Trojan I ran was DEFINITELY intentional. I had reformatted my Priam after the previous incident, and I haven't allowed the mysterious HI-Q program back on the system. However, I HAVE run numerous file-managers, etc. from local BBS's -- maybe I'm just a trusting individual, but I wasn't ready to give up on Public Domain or shareware software just yet. Recently, the Priam starting giving me trouble again: crosslinked and lost files, and no boot. I called Priam, hoping to get instructions for perhaps salvaging files on the D: drive, since the partition was destroyed. Priam's tech guided me through a HEX/ ASCII dump of the boot record via a trap-door in Priam's FDISK program. Needless to say, we were BOTH incredulous at the result. Dis-believers should look closely at the HEX/ASCII dump below. This was NOT retyped or altered in any way. After booting from floppy, I redirected printer output to a disk file. What you are looking at below is exactly what appeared on my screen after the crash. ____________________________________________________________________________ 0 = Master Boot Record, 25 = Extended Volume Record 1 - 24 = Volume Boot Record Enter number of record to display (0 - 25) : [ 0] D H 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0/ 0 EB 7D 53 4F 46 54 4C 6F 4B 2B 20 33 2E 30 0D 0A ..SOFTLoK+ 3.0.. 16/ 10 11 28 43 29 20 53 4F 46 54 47 55 41 52 44 0D 0A .(C) SOFTGUARD.. 32/ 20 53 59 53 54 45 4D 53 2C 20 49 4E 43 2E 20 0D 0A SYSTEMS, INC. .. 48/ 30 32 38 34 30 20 53 74 20 54 68 6F 6D 61 73 0D 0A 2840 St Thomas.. 64/ 40 45 78 70 77 79 2C 20 73 74 65 20 32 30 31 0D 0A Expwy, ste 201.. 80/ 50 53 61 6E 74 61 20 43 6C 61 72 61 2C 20 20 0D 0A Santa Clara, .. 96/ 60 43 41 20 39 35 30 35 31 20 20 20 20 20 20 0D 0A CA 95051 .. 112/ 70 34 30 38 2D 39 37 30 2D 39 34 32 30 10 07 00 FA 408-970-9420.... 128/ 80 8C C8 8E D0 BC 00 7C FB 8B F4 8E C0 8E D8 FC BF ......|......... 144/ 90 00 06 B9 00 01 F3 A5 EA D4 06 00 00 45 72 72 6F ............Erro 160/ A0 72 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 r loading operat 176/ B0 69 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 ing system.Missi 192/ C0 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 ng operating sys 208/ D0 74 65 6D 00 BE BE 07 B9 04 00 AC 3C 80 74 15 83 tem........<.t.. 224/ E0 C6 0F E2 F6 CD 18 AC 0A C0 74 FE BB 07 00 B4 0E .........t...... 240/ F0 CD 10 EB F2 4E 8B 14 8B 4C 02 BB 00 7C B8 11 02 ....N...L...|... Press to ABORT, any other key to continue . 0 = Master Boot Record, 25 = Extended Volume Record 1 - 24 = Volume Boot Record _____________________________________________________________________________ In the interest of justice, I would like to make the following obser- vations: 1) The MAIN phone no. for SoftGuard systems is: 408-970-9240, NOT 9420. The no. listed above is not in use. The message it gives IS the normal message for that area, even though it sounds like it is com- puter generated. The phone co. says it is actually registered to Siliconix, a Silicon Valley chip-manufacturer, who probably has no interest in Public Domain software or BBS's. 2) I called SoftGuard, and they gave me a Mr. Phelps-type message, disavow- ing any knowledge of any Trojan programs or of SOFTLok, etc. which they said is not an official product. However, they have not returned my calls requesting additional information, and a request to speak to some- one knowledgable about their software protection techniques has not been answered. This may mean either that the message was cooked up by some- one with a vendetta against SoftGuard (I don't know why!), or that Soft- Guard wants to be able to identify the source of the Trojan program by the information phoned in by irate people whose disks have just crashed. In my opinion, the juxtaposition of the phone no. digits could be caused by errors on the part of whoever wrote the Trojan program, whether it was within SoftGuard, or not. After restoring the hard disk, I scanned every file on it, and "SoftGuard" did not appear anywhere. The clever- ness in bit-shifting the ASCII digits, or otherwise disguising them, may also have resulted in the wrong phone no. 3) I have not, and will not, install SoftGuard programs on my disks. Also, I obviously do not have any reason to run any of the unprotect programs for SoftGuard, of which some are supposedly Trojans themselves (see below). I have no idea of which file of the 2,000+ files on my system was the origin of the message. As explained above, I have scanned them for ASCII text and I've come up with nothing so far. There are numerous warnings in circulation concerning SoftGuard Systems, manufacturers of the SuperLock copy-protection scheme. They SUPPOSEDLY upload Trojan programs to BBS's either to try to get their own form of justice against those who try to crack their software, or because they are just bitter about the numerous SoftGuard/SuperLock unprotectors which are circulating on the BBS's. Most of these Trojans have the name SUG.. (Soft-Un-Guard) or something similar. I did not originally believe that SoftGuard would be stupid enough to do such a thing. After all, a lesson should have been learned by the example of Prolok (another copy-protect manufacturer), who claimed that their new software would destroy the hard disk of anyone who tried to mis-use it. Most users, legitimate and other- wise, dropped them instantly, even though Prolok realized their grave error and retracted their previous advertising. After all, who wants to have their hard disk destroyed by accidently inserting the wrong key disk? The SUG programs mentioned are reported to say something like: "Courtesy of SoftGuard Systems .. So sue us!" -- after trashing the hard disk. My feelings about possibly casting doubt on the integrity of SoftGuard ? They did NOT convince me that they were blameless, and if they cared, they would have returned my phone calls. However, it MAY just be coincidence that a lot of the Trojan programs mention SoftGuard. Recommendations: Whether SoftGuard is at fault or not, they did not give me an adequate explanation of the rumors circulating about them, and they did not return my calls. I would recommend that individuals and companies stay away from SoftGuard/SuperLock, or any other copy-protect program which writes hidden, strange information onto their hard disks. Users of such copy-protected software should write or call the manufacturers and re- quest that the copy protection be discontinued. Explain to them that pirates will always crack copy-protection, and that only the legitimate users suffer from its use. If you work for a company that uses copy- protected software, why not get a print-out of this file and show it to the person in charge of purchasing software? If you DO have a hard disk crash, try to recover the boot-record on the disk before just giving up and reformatting. You may find something similar to the above. The manufacturer or vendor of your hard disk may be able to steer you through the proper procedure for doing this. Read this month's (March 1987) issue of 'Computer Language' for more information on Trojan horse programs. The article recommends contacting Eric Newhouse at THE CREST BBS regarding trojan horse programs. If you DO run into one, keep a copy of the file, and have a knowledgable BBS- user send it, and an explanation to Eric's BBS at 213-471-2518. DO NOT SEND THE FILE WITH ITS ORIGINAL NAME. The file name should be changed to something NOT ending in .EXE or .COM (how about .TRJ), and it should be sent to the attention of the SYSOP. This is usually done by waiting for the prompt to enter the file description, and starting the descrip- tion with '/'. Afterwards, also leave a comment to SYSOP which states the nature, and description of the file. In other words, don't inadver- tantly upload a Trojan program which could victimize others. Watch out for some of the so-called Trojan testers. The majority of these are legitimate, but a few of them are actually Trojans themselves. Also, before jumping the gun and assuming a program is Trojan, check other possible sources for disk errors, etc. Sometimes hard disk media just develops errors, and there ARE some programs circulating as 'jokes' which put a message up which says they are reformatting your drives, or even claim to be draining excess water out of your disk drives. Most of the nasty Trojan programs don't cause their damage immediately. They wait for the drive to fill up a bit, or they wait for a random time interval. In the latter case described above, I suspected a file manager that I had just run. It turns out that others have used the program with no ill effects. It seems to me that the future of PD software, as well as BBS systems is being threatened by this type of thing. A concerted effort on the part of SYSOPS to correlate the names and origins of people who upload Trojan software may help to track them down. Most BBS software keeps track of the names of people uploading software. I doubt that Trojan writers are stupid enough to list their real names, but it's time that some ingenuity was used in putting a stop to this. I am a serious software developer, and I have taken some time off to write this message in the interest of helping other PD software users. Unfortunately, I don't have the time to coordinate any effort in analysis of Trojan programs and I cannot be contacted by phone (unlisted), but if you DO run into something similar, or if you have questions about any of the info presented here, leave me a personal message on any of the larger BBS's in New York City, and I will try to reply on the same board. PLEASE DO circulate this file. It is important information for anyone running a BBS, or using Public Domain or SoftGuard/SuperLock software. - --------------------------------------------------------------------------- /-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ | From: David A. Bader, Studentis Maximus | | | | DAB3@LEHIGH SloNet: 1402 Lorain Avenue | | ZDABADE@VAX1.CC.LEHIGH.EDU Bethlehem, Pa. 18018 | | HACK!DAB@SCARECROW.CSEE.LEHIGH.EDU | | | | SchoolNet: Box 914, -On a mostly harmless | | Lehigh University, blue green planet... | | Bethlehem, Pa. 18015 -And loving it! | \________________________________________________________________________/ -------------------- *** end of Virus-L issue ***