Fwd: INFO. ON SERIOUS INTERNE...

Subject: Fwd: INFO. ON SERIOUS INTERNE...
From: JPMartin1 -at- AOL -dot- COM
Date: Mon, 16 May 1994 13:23:47 EDT


---------------------
Forwarded message:
Subj: INFO. ON SERIOUS INTERNET VIRUS (fwd)
Date: 94-05-16 11:22:45 EDT
From: billwinn -at- u -dot- washington -dot- edu
To: JPMartin1



---------- Forwarded message ----------
Date: Sun, 15 May 1994 15:17:11 -0700 (PDT)
From: Sandra Petrarca <petrarca -at- u -dot- washington -dot- edu>
To: Beta Anderson <bettyan -at- microsoft -dot- com>,
William Winn <billwinn -at- u -dot- washington -dot- edu>,
Joel Levin <jlevin -at- u -dot- washington -dot- edu>, markdod -at- microsoft -dot- com,
MATT SPAUR <HPSD83A -at- prodigy -dot- com>, nomad -at- u -dot- washington -dot- edu
Subject: INFO. ON SERIOUS INTERNET VIRUS (fwd)

Thought you might want to be aware of this. See end of message for
permission to forward.

sandy

---------- Forwarded message - forwards deleted----------------------------

> + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
> ! !
> ! The following important advisory was issued by the NASA !
> ! Automated Systems Incident Response Capility team and is being !
> ! relayed unedited via the Defense Information Systems Agency's !
> ! Security Coordination Center distribution system as a means !
> ! of providing DDN subscribers with useful security information. !
> ! !
> + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

> The following bulletin was released to the NASA community by NASIRC:

> NASIRC BULLETIN #94-17 May 5,
1994
> Dangerous New DOS Trojan ("CD-IT.ZIP") Found
> ===========================================================
> __ __ __ ___ ___ ____ ____
> /_/\ /_/| /_/ / _/\ /_/| / __/ \ / __/\
> | |\ \| || / \ \ | /\/ | || | /\ \/ | | \/
> | ||\ \ || / /\ \ \ \ \ | || |_\/ /\ | |
> | || \ \|| / /--\ \ \ /\_\\ | || | |\ \ \ | \_/\
> |_|/ \_|//_/ \_\/ \/__/ |_|/ |_| \_\/ \___\/
> NASA Automated Systems Incident Response Capability
> ===========================================================

> NASIRC recently received information about a potential "trojan horse"
> program being distributed on the Internet as "CD-IT.ZIP"

> SYSTEMS AFFECTED:

> This trojan apparently only runs on "IBM compatible" systems; DOS is
> definitely susceptible, and Windows might be.

> THE PROBLEM:

> According to information posted in several Clarinet newsgroups, a new
> and dangerous trojan is showing up at publicly-accessible Internet
> sites. This trojan, called CD-IT.ZIP, supposedly gives your PC full
> read/write capabilities on its CD-ROM drive. The CD-IT documentation
> states the program was authored by Joseph S. Shiner, couriered by HDA
> and copyrighted by Chinon Products. The problem came to light when a
> user who had downloaded the file from a FidoNet server in Baltimore,
> MD, realized that it is IMPOSSIBLE to make a standard CD-ROM drive
> writable with a small software utility and reported it to Chinon.
> Other suspicious indicators were obscenities in the documentation and
> a line indicating that HDA stands for "Haven't Decided a Name Yet."

> In a statement to Newsbytes, Chinon America stated it has no division
> as named in the documentation. Chinon engineers also report that if
> CD-IT is actually run, it locks up the computer; it will then remain
> in memory (even after reboot) and will corrupt critical system files
> on the hard disk as well as any available network volumes. Chinon's
> R&D Director stated that he has not heard of any systems that have
> (yet) been affected by this trojan.

> THE FIX:

> Although there is no real "fix" for a trojan or virus, there are two
> important points NASIRC wishes to make:

> 1) DO NOT DOWNLOAD THE FILE "CD-IT.ZIP" FROM ANY ON-LINE ARCHIVES!

> 2) DO NOT RUN THE "CD-IT" UTILITY!

> Once a system is infected, the only way to eradicate the virus is to
> perform a high-level reformat of the hard drive!

> To quote the Clarinet post, "Chinon is encouraging anyone who might
> have information that could lead to the arrest and prosecution of the
> parties responsible for CD-IT to call the company at 310-533-0274. In
> addition, the company has notified the major distributors of virus
> protection software, such as Symantec and McAfee Associates, so they
> may update their programs to detect and eradicate CD-IT.


> NASIRC will continue to monitor this situation and will post additional
> information should it become necessary. If you have any questions about
> this bulletin, please contact NASIRC via any of the venues below.

> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> NASIRC ACKNOWLEDGES: Hank Middleton of NASA's Goddard Space Flight
> Center for notifying NASIRC of this situation.
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

> ===============================================================
> For further assistance, please contact the NASIRC Helpdesk:
> Phone: 1-800-7-NASIRC Fax: 1-301-441-1853
> Internet Email: nasirc -at- nasa -dot- gov
> 24 Hour/Emergency Pager: 1-800-759-7243/Pin:2023056
> STU III: 1-301-982-5480

> ===============================================================
> This bulletin may be forwarded without restriction to sites and
> system administrators within the NASA community.

> The NASIRC online archive system is available via anonymous ftp.
> You will be required to enter your valid e-mail address as the
> "password". Once on the system, you can access the following
> information:

> %/bulletins ! contains NASIRC bulletins
> %/information ! contains various informational files
> %/toolkits ! contains automated toolkit software

> The contents of these directories is updated on a continuous
> basis with relevant software and information; contact the NASIRC
> Helpdesk for more information or assistance.

> -----------------
> PLEASE NOTE: Users outside of the NASA community may receive NASIRC
> bulletins. If you are not part of the NASA community, please contact
> your agency's response team to report incidents. Your agency's team
> will coordinate with NASIRC, who will ensure the proper internal
> NASA team(s) are notified. NASIRC is a member of the Forum of
> Incident Response and Security Teams (FIRST), a world-wide organiza-
> tion which provides for coordination between incident response teams
> in handling computer-security-related issues. You can obtain a list
> of FIRST member organizations and their constituencies by sending
> email to docserver -at- first -dot- org with an empty "subject" line and a
> message body containing the line "send first-contacts".



****************************************************************************
> *
*
> * The point of contact for MILNET security-related incidents is the
*
> * Security Coordination Center (SCC).
*
> *
*
> * E-mail address: SCC -at- NIC -dot- DDN -dot- MIL
*
> *
*
> * Telephone: 1-(800)-365-3642
*
> *
*
> * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST,
*
> * Monday through Friday except on federal holidays.
*
> *
*

****************************************************************************

> PLEASE NOTE: Many users outside of the DOD computing communities receive
> DDN Security bulletins. If you are not part of DOD community, please
> contact your agency's incident response team to report incidents. Your
> agency's team will coordinate with DOD. The Forum of Incident Response and
> Security Teams (FIRST) is a world-wide organization. A list of FIRST
member
> organizations and their constituencies can be obtained by sending email to
> docserver -at- first -dot- org with an empty subject line and a message body
containing
> the line: send first-contacts.

> This document was prepared as an service to the DOD community. Neither the
> United States Government nor any of their employees, makes any warranty,
> expressed or implied, or assumes any legal liability or responsibility for
> the accuracy, completeness, or usefulness of any information, product, or
> process disclosed, or represents that its use would not infringe privately
> owned rights. Reference herein to any specific commercial products,
process,
> or service by trade name, trademark manufacturer, or otherwise, does not
> necessarily constitute or imply its endorsement, recommendation, or
favoring
> by the United States Government. The opinions of the authors expressed
herein
> do not necessarily state or reflect those of the United States Government,
> and shall not be used for advertising or product endorsement purposes.

> ----- End forwarded message


> ----- End forwarded message






----------------------- Headers ------------------------


Previous by Author: Re: Corruption of Language
Next by Author: Re: multimedia authoring
Previous by Thread: Re: passives
Next by Thread: Using commas in lists


What this post helpful? Share it with friends and colleagues:


Sponsored Ads