V.I.R.U.S. Weekly - December 10, 1993
A weekly digest of virus and related news, V.I.R.U.S. Weekly BBS feed and
newsletter is prepared by the Vancouver Institute for Research into User
Security.  For those without online service feeds, both V.I.R.U.S. Weekly and
Monthly are available in hardcopy.  For more information contact Robert Slade
or CyberStore.
copyright 1993, Robert M. Slade
Other columns this week:
Table of Contents:
1    McAfee 109 (MS-DOS)
2    Red Alert! (MS-DOS)
3    1984 (MS-DOS)
4    Call for the BOMBSQAD
5    How much for just Stoned?
6    Get well
7    YAEMA in Italian
8    Steady on, there, Rock ... 
9    Caveat Emptor
10   Stop!  You're both right!
11   Project XVIRA
12   News from the Southern Hemisphere
13   Safe Hex? Not in the USA
14   Getting information
15   "Survivor's Guide to Computer Viruses"
McAfee 109 (MS-DOS)
The 109 version of the SCAN suite has been released.  Unfortunately, there was
an almost immediate report of a trojan/infected 109 version (see "1984" this
issue).  Please check your source.
Red Alert! (MS-DOS)
A new heuristic scanner is said to be able to detect trojans, viral programs
and ANSI bombs without signature files.  The announcement by Matthew Probert
states that a shareware version is available in the USA, and implies a
commercial version overseas.                    
1984 (MS-DOS)
The trojanized/infected version of SCAN 109 (see this issue) is reported to
have been contaminated by the 1984 virus.  This code is reported as a
multipartite virus and it is said that SCAN 109 will not detect it.  A report
from Australia says it is "sneaky" and "deadly", but gives no details.
Call for the BOMBSQAD
More information on the case between MJL Design and Forecast Installations. 
The software entity reported by the New York Times as a virus, and by various
experts (including, I'm sorry to say, yours truly) as a logic bomb, may have
been nothing more than a simple program lock.  this is what is being claimed by
MJL Design.  Forecast Installations had an MJL technician arrested "on spec",
as it were.  The code, whatever it was, never did activate.
How much for just Stoned?
InformationWeek for November 29, 1993, has an article on the increasing number
of insurance companies willing to write policies "covering" computer crime. 
One of the risks listed is for a computer virus attack.  The minimum deductible
listed for such an attack is $10,000.  Using Peter Tippett's reported figures,
this would work out to an infection of a minimum of 50 machines.  Of course,
that figure covers only disinfection.  The article is not clear as to how such
damage would be calculated.
Get well
Lee Jackson, author of the Hack Report and moderator of the Fidonet WARNINGS
echo had to postpone the October Hack Report due to poor health, and is now
reported sick again.  (In his absence, WARNINGS has spawned a rather pointless
argument about the source of AIDS.)
YAEMA in Italian
The-media-aren't-taking-this-seriously-dept.: Roberto Reymond reports an
Italian informatics magazine whose November issue carries an "article" which
cites MtE and Tremor as deadly new menaces, and basically advertises McAfee
(one "expert" consulted is the local McAfee agent) and insurance (the other
"expert" is an insurance agent).  (See article this issue on the rise of
computer crime insurance.)
Steady on, there, Rock ... 
Rock Steady, supposedly founder of the original NuKE vx group and inspiration
for the second one, is taking advantage of the confusion over moderators on the
Fidonet VIRUS echo to post all kinds of messages.  In a recent one, he
condescends to bless a questioning reader with his knowledge of the Internet
and ftp.  In the process, he demonstrates that he has no idea of the difference
between communications protocols and high speed modems ...
Caveat Emptor
We are seeing ever increasing reports of infected computers through commercial
channels that some find hard to believe.  Computer retailers are selling
machines that are infected "from the shop".  Rental agencies are renting
machines with virus infections in place and active.  Computer repair shops are
infecting large numbers of computers going in for repairs and service.  Please
note: virus research is a very esoteric field.  Just because someone knows how
to put computers together, does not mean they know about viral programs or
Stop!  You're both right!
A popular passtime on the virus related nets, of course, is "what is your
favourite antiviral?"  A recent round in Fidonet generated an amusing set of
postings with one person championing F-Prot and another stating that V-Alert
was better.  V-Alert couldn't be that much better than F-Prot: V-Alert *uses*
F-Prot.  Get yer facts straight *before* you post ...
Project XVIRA
Bangkok Security Associates are coming under some heavy criticism recently
after several years of being largely ignored in North America.  Posters
associated with vx groups recently accused them of releasing a virus generator
called Project XVIRA.  The program may be real, of course, but with a name like
that I'd suspect is was an antiviral.
News from the Southern Hemisphere
A report of a survey taken in Buenos Aires was posted on VIRUS-L/comp.virus. 
Unsurprising, but somewhat depressing, was the fast that aside from SCAN, which
is having its problems, the top three antivirals used were long on promotion
and short on substance.  The top virus was Michelangelo, followed closely by
Stoned, then Number of the Beast (aka 512), Jerusalem and Ping Pong.
Safe Hex? Not in the USA
The two "Regional Virus Centers" in the US for Safe Hex International have
"retired".  The two coordinators have found the task to be too time consuming. 
"Subscriptions" to "THE NEW SUPERKILLERS" will continue to be honoured until
they expire, but no new subscriptions will be accepted.
Vancouver      ROBERTS@decus.ca    | "90% of infections
Institute for  Robert_Slade@sfu.ca |  are Stoned."
Research into  rslade@cue.bc.ca    | 
User           p1@CyberStore.ca    |      - the viral corollary
Security       Canada V7K 2G6      |        to Sturgeon's Law