Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA04541; Wed, 20 Jun 90 17:28:13 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA07136; Wed, 20 Jun 90 17:28:12 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA23420; Wed, 20 Jun 90 17:27:45 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa23307; 20 Jun 90 16:23 BST From: Anthony Appleyard To: DAVIDF@cs.heriot-watt.ac.uk Date: Wed, 20 Jun 90 16:33:04 BST Message-Id: <$TGWGCZNQBTQW at UMPA> Subject: Virus-L vol 0 issue #1020 Virus-L Digest Thu, 20 Oct 88, Volume 0 : Issue #1020 Today's Topics Apple Talk Attack hardware vs. viruses ** no subject, date = Thu, 20 Oct 88 11:09:05 CDT Brain Virus at UIUC Re: hardware vs. viruses Re: hardware vs. viruses Re: hardware vs. viruses Mac viruses.. Re: Re: hardware vs. viruses Apple Talk Attack Brain virus hits Hong Kong (reprinted from RISKS forum) ** no subject, date = Thu, 20 Oct 88 16:37:00 EDT kill that drive! RE: kill that drive! Software damaging floppy drives on a PC More on hardware damage RE: More on hardware damage ------------------------------ Date: Thu, 20 Oct 88 01:29:24 EDT From: me! Jefferson Ogata Subject: Apple Talk Attack > I can see that you are from the land of Unix, where hosts and printers > have a master/slave relationship. But on Apple Talk each node has a > peer to peer relationship. Thus, a LaserWriter, with appropriate virus > code, could act like a fileserver with infected programs. > Erik Sherk I'm fuzzy on how that would work. Are you suggesting the LaserWriter will reach out and infect other networked computers without being asked? If so, what protocols will enable it to do this? If not, why would any computer ask a LaserWriter for executable code? - Jeff Ogata -------------------- Date: Thu, 20 Oct 88 09:03:39 edt From: GATEH@CONNCOLL Subject: hardware vs. viruses I seem to recall reading somewhere of a virus which infected a disk driver. Apparently it increased the operating speed of the disk, such that the drive wore out prematurely. Anybody else heard of such things? I'm very curious to know what type of system was involved. I assume it was a mini or larger, but I can't help but wonder if similar things are possible on the micro level. I have this nightmare vision of such a thing going undetected for a year or two, then micro hard disks crashing left and right all over campus, and of course no one has backed up anything properly... Gregg TeHennepe | BITNET: gateh@conncoll Minicomputer Specialist | Phone: (203) 447-7681 Academic Computing and User Services Connecticut College New London, CT -------------------- Date: Thu, 20 Oct 88 11:09:05 CDT From: Kevin Trojanowski Subject: RE: hardware vs. viruses >I seem to recall reading somewhere of a virus which infected a disk driver. >Apparently it increased the operating speed of the disk, such that the drive >wore out prematurely. Anybody else heard of such things? I'm very curious to >know what type of system was involved. I assume it was a mini or larger, but >I can't help but wonder if similar things are possible on the micro level. I >have this nightmare vision of such a thing going undetected for a year >or two, then micro hard disks crashing left and right all over campus, >and of course no one has backed up anything properly... >Gregg TeHennepe The only drives I'm aware of which have the ability to change speed without adjusting a potentiometer are Apple's 3.5" drives. Even those drives (for the Apple ][ series), while programmable I don't believe can adjust their own speed via software. As for hard drives with the capability to have their speed adjusted, I know of none. I have no idea about the possibilities of this concerning minis or mainframes. By the same token, tho, wouldn't the same thing be accomplished by having the drive do a series of random seeks? Depending upon the drive, or the user, this is something which might not be immediately noticed and would cause undue wear on the drive. -Kevin Trojanowski troj@umaxc.weeg.uiowa.edu -------------------- Date: Thu, 20 Oct 88 11:24:15 CDT From: "Mark S. Zinzow" Subject: Brain Virus at UIUC The Pakistani Brain Virus has been discovered by the PC Consultants on a disk a student had been using in the Forein Language Microcomputer Lab. This is the first known occurance of an IBM PC based virus infection on this campus. I suggest avoiding public use PC's for a few days until effective counter measures can be implemented. Immediate backup of personal hard disks, write protect all original disks, and be very careful about exchanging files until we can provide details on checking for the presence of the Brain Virus. The Microcomputer Resource Center has a two disk set of anti-virus programs and information which may be helpful. These may be copied safely on a two drive PC there when booted from a write protected original DOS disk. - -----Electronic Mail----------------------------U.S. Mail---------------- ARPA: markz@vmd.cso.uiuc.edu Mark S. Zinzow, Research Programmer BITNET: MARKZ@UIUCVMD.BITNET Univ of Illinois at Urbana-Champaign CSNET: markz%uiucvmd@uiuc.csnet Computing Services Office "Oh drat these computers, they are 150 Digital Computer Laboratory so naughty and complex I could 1304 West Springfield Ave. just pinch them!" Marvin Martian Urbana, IL 61801-2987 USENET/uucp: {ihnp4,convex,pur-ee,cmcl2,seismo}!uiucdcs!uiucuxc!uiucuxe!zinzow (Phone: (217) 244-1289 Office: CSOB 110) ihnp4!pyrchi/ \markz%uiucvmd -------------------- Date: Thu, 20 Oct 88 17:46:07 MEZ From: "Dr. Gregor Reich" Subject: Re: hardware vs. viruses In-Reply-To: Message of Thu, 20 Oct 88 09:03:39 edt from Dear fellows, please be reasonable. There is no way a software product can influence the rotational speed of a hard disk neither on a PC nor on a greater machine. There is a possibility to change the speed of the 1.2MB Floppy on an AT, but it can only set one of two speeds and not some completely different value. All we have to deal with is the software side, and this is bad enough. G. Reich, Institut for Analytical Chemistry, University of Vienna, Austria -------------------- Date: Thu, 20 Oct 88 13:58:44 EDT From: Ken van Wyk Subject: Re: hardware vs. viruses In-Reply-To: Your message of Thu, 20 Oct 88 17:46:07 MEZ > There is no way a softwareproduct can influence > the rotational speed of a hard disk neither on a PC nor on a greater machine. It's possible that the person who brought this subject up wasn't referring to rotational speed. I remember in my CP/M days that the operating system could be configured for a particular track-to-track seek time since some drives were slower than others. The default, if memory serves me correctly, was 30 ms and could be bumped down to 6 ms for faster drives - that made one hell of a difference in the drive speed. As I recall, these numbers were dependent on the floppy disk and the disk controller's firmware. That is, 29 ms is not a valid time, but 30 is. Nonetheless, setting a drive up for 6 ms when it couldn't quite keep up with that speed could conceivably make the drive very unhappy. I don't think that this would cause hardware damage, though, only seek errors on the drive. Ken Kenneth R. van Wyk Calvin: Says here that there are four User Services Senior Consultant pecks in a bushel. What's a peck? Lehigh University Computing Center Hobbes: A quick smooch. Internet: Calvin: You know, I just don't understand BITNET: this math stuff! -------------------- Date: Thu, 20 Oct 88 12:58:58 CDT From: Len Levine Subject: Re: hardware vs. viruses In-Reply-To: Message from "Dr. Gregor Reich" of Oct 20, 88 at 5:46 pm >please be reasonable. There is no way a softwareproduct can influence >the rotational speed of a hard disk neither on a PC nor on a greater machine. >There is a possibility to change the speed of the 1.2MB Floppy on an AT, but >it can only set one of two speeds and not some completely different value. >All we have to deal with is the software side, and this is bad enough. > G. Reich Let us not become too cool here. It is possible for example for software to damage some (older fashioned) crt devices by changing sweep rates, it is not an unreasonable question to ask about other tuneable phenomena. I agree that I am unaware of any disk drive that has its speed tunable, but I do not believe that this is not either possible or beyond comprehension. As hardware becomes more sophisticated, the capabilities may well become available. Let's scoff more slowly. + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail len@evax.milw.wisc.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -------------------- Date: Thu, 20 Oct 88 14:15:19 EDT From: SHERK@UMDD Subject: Mac viruses.. Has anyone heard of a Mac virus that puts up a dialog box with "Sax Flash"? There is a rumor of one here at U of Maryland. Erik Sherk, Workstation Programer, Computer Science Center University of Maryland -------------------- Date: Thu, 20 Oct 88 11:58:00 PDT From: Ed Sakabu Subject: Re: Re: hardware vs. viruses > >please be reasonable. There is no way a softwareproduct can influence > >the rotational speed of a hard disk neither on a PC nor on a greater machine. > >There is a possibility to change the speed of the 1.2MB Floppy on an AT, but > >it can only set one of two speeds and not some completely different value. > >All we have to deal with is the software side, and this is bad enough. > > G. Reich I do recall in the old days (%8 years or so ago) we had a DEC 10 that ran tops 10 and you could crash disk heads by forcing the heads to seek from the inside to the outside tracks at a certain frequency. If there was a minimal amount of other seeks this would crash the disk. --Ed -------------------- Date: Thu, 20 Oct 88 12:27:14 EDT From: SHERK@UMDD Subject: Apple Talk Attack In-Reply-To: Message received on Thu, 20 Oct 88 01:39:10 EDT Jefferson Ogata writes... >I'm fuzzy on how that would work. Are you suggesting the LaserWriter >will reach out and infect other networked computers without being >asked? If so, what protocols will enable it to do this? If not, >why would any computer ask a LaserWriter for executable code? No, I am not suggesting that. What I meant was that the LaserWriter would mask out the real file-server and that Macs would execute code from the LaserWriter that was acting like their "safe" file-server. Now that I think about it, this would be a really neat use of the new NTX with a hard disk ( not to distribute virus code but just act like a file-server! :-). Erik Sherk, Workstation Programer, Computer Science Center University of Maryland -------------------- Date: Thu, 20 Oct 88 16:16:52 EDT From: "Kenneth R. van Wyk" Subject: Brain virus hits Hong Kong (reprinted from RISKS forum) This was in a recent RISKS forum: Date: Tue, 18 Oct 88 13:34:27 est From: Dave Horsfall Subject: "Brain" virus shows up in Hong Kong On the off-chance that you haven't had enough of virus reports, here's another one from Computing Australia, 17th October, 1988: ``HK consultants hit by overseas virus. A leading firm of financial consultants has become the first mainstream business in Hong Kong to be affected by a computer virus. The Business International consultancy reported last week the "Brain" virus -- well-known elsewhere in the world, but never before seen in Hong Kong -- had appeared on some disks. ... BI was playing down the significance of the find last week, with a company spokeswoman saying the virus had not reappeared and that no data had been lost.'' The article goes on further to discuss the origin of the Brain virus, and makes the amazing observation "[it] does not destroy data, but scrambles it beyond recognition". I dunno, I would certainly regard data "scrambled beyond recognition" as being "destroyed". Dave Horsfall (VK2KFU), Alcatel-STC Australia, dave@stcns3.stc.oz dave%stcns3.stc.OZ.AU@uunet.UU.NET, ...munnari!stcns3.stc.OZ.AU!dave Kenneth R. van Wyk Calvin: Here, try this new cereal, User Services Senior Consultant Chocolate Frosted Sugar Bombs. Lehigh University Computing Center Hobbes: Gack! Ptui! :-( -------------------- Date: Thu, 20 Oct 88 16:37:00 EDT From: Robert Stratton Subject: Re: hardware vs. viruses "I seem to recall reading somewhere of a virus which infected a disk driver. Apparently it increased the operating speed of the disk, such that the drive wore out prematurely. Anybody else heard of such things? I'm very curious to know what type of system was involved. I assume it was a mini or larger, but I can't help but wonder if similar things are possible on the micro level. I have this nightmare vision of such a thing going undetected for a year or two, then micro hard disks crashing left and right all over campus, and of course no one has backed up anything properly... Bob Stratton":- I do recall an instance of a Trojan horse on the old TRS-80 Model I, which would do a series of random, long distance seeks on floppy drives. The drives in question, if left unattended, as many BBS machines were, would eventually overheat and in several cases, began to smolder. Disk drive technology has improved considerably since then, but so has the instance of unattended operation of PC's. Bob Stratton, -------------------- Date: Thu, 20 Oct 88 14:34:00 PDT From: "JOHN D. WATKINS" Subject: kill that drive! On the subject of damaging disk drives, a couple months ago I read (I think in Computers & Society Digest) about a prank you could play with drives; you figure out a good resonant frequency for the drive, then make the head(s) seek at just that rate. The drive starts vibrating (relatively) violently, enough so that it creeps across the floor, possibly unplugging itself and certainly puzzling the operators in the morning! I believe that this referred to mainframe drives, but it has interesting possibilities for micros as well; if you could make a drive vibrate for long enough you might be able to throw it out of alignment or something evil like that... Kevin -------------------- Date: Thu, 20 Oct 88 17:16:00 MDT From: GORDON_A%CUBLDR@VAXF.COLORADO.EDU Subject: RE: kill that drive! Regarding the software destruction of drives...some of the PC disk diagnostics can approach what seems to be a self destructive mode. When running the seek test, the drive does indeed start to vibrate and becomes rather loud. I suppose that a virus inplanted in an unattended machine could do the same. I have never had enough courage to run this test more than once every so often. I don't know what would happen if the drive were continuously run this way. I can't imagine it would be very good for it. Allen Gordon -------------------- Date: Thu, 20 Oct 88 20:23:00 EST From: Dimitri Vulis Subject: Software damaging floppy drives on a PC The FDC on IBM PC and clones has a parameter called 'head unload time'. BIOS sets it to a conservatively high value; MS DOS 2.0 and later resets it to a lower value. Soon after DOS 2.0 came out, some people figured that they can make their drives operate faster by setting it lower yet; and it did, but the affected drives went out of alignment withina few month. I don't see why this was referred to as 'virus', though. (Although, this certainly is a technique that a virus or a Trojan horse could use to damage the machine). -------------------- Date: Thu, 20 Oct 88 21:34:00 CDT From: Gordon Meyer Subject: More on hardware damage Just to add a little fuel to the virus/hardware damage thread, I'd like to point out that it is supposedly possible to fry a monitor, on the Atari ST system, by forcing the computer into the incorrect mode. In other words, if you have a monochrome monitor hooked up the hardware will detect this and adjust the sync rate of the computer to match. But it is supposedly possible to "trick" the computer, via software, into thinking that a color monitor is being used. Evidently the differing sync rates of the two monitors will cause permanent damage if this occurs. -=->G<-=- I'm not a software developer, and I'm no hardware wizard. I'm sure the concept is correct but don't flame me for saying zig would I should have said zag. Polite corrections are welcome. I imagine the concept could apply to other systems as well. -------------------- Date: Thu, 20 Oct 88 23:11:00 EDT From: Paul Coen Subject: RE: More on hardware damage If I'm not mistaken, on the old IBM monochrome monitors one could (and someone did) write code (I can't recall if it was a virus, trojan horse, or what), that altered the scan rate on the screen, and if this was allowed to continue, it could heat the monitor up to the point where it could (and on occasion did) burst into flames. I wish I could recall this a little better than I do, I can't even remember the specific monitor. Anyone else out there read/hear/ have this happen to you? +----------------------------------------------------------------------------+\ | Paul R. Coen | \ | Bitnet: PCOEN@DRUNIVAC U.S. Snail: Drew University CM Box 392, | | | PCOEN@DREW Madison, NJ 07940 | | | Just because you can't see it doesn't mean it isn't there! | | +----------------------------------------------------------------------------+ | \ \| \_____________________________________________________________________________\ -------------------- *** end of Virus-L issue ***