DOCSLIB.ORG

Virus Bulletin, October 1990

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Virus Bulletin, October 1990 October 1990 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Edward Wilding Technical Editor: Fridrik Skulason, University of Iceland Editorial Advisors: Jim Bates, Bates Associates, UK, Phil Crewe, Fingerprint, UK, Dr. Jon David, USA, David Ferbrache, Information Systems Integrity & Security Ltd., UK, Dr. Bertil Fortrie, Data Encryption Technologies, Holland, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland,Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, Yisrael Radai, Hebrew University, Israel, John Laws, RSRE, UK, David T. Lindsay, Digital Equipment Corporation, UK, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Roger Usher, Coopers&Lybrand, UK, Dr. Ken Wong, BIS Applied Systems, UK. CONTENTS LETTERS 9 EDITORIAL COUNTERMEASURES Order Out of Chaos? 2 Cryptographic Checksums 10 European Certification OVERVIEW From Brain to Whale Mac Virus Writer Apprehended - The Story So Far 12 TECHNICAL NOTES 3 PRODUCT REVIEW 1 IBM PC VIRUSES (UPDATE) 5 V-ANALYST 15 KNOWN APPLE MACINTOSH PRODUCT REVIEW 2 VIRUSES 6 Virex-PC 18 FEATURE END-NOTES & NEWS 20 Defining the Jerusalem Variants 8 VIRUS BULLETIN ©1990 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers. Page 2 VIRUS BULLETIN October 1990 PCBW’s parent company, IDG Communications, was subjected EDITORIAL to the commercially pernicious AIDS Information Diskette extortion bid which VB reported in December 1989. Order Out of Chaos? Hamilton selected 11 computer virus samples from his collection based on the criteria that each sample should be 1) “Giving you order out of chaos” - the slogan of Symantec, causing infections in the wild regardless of geographical the latest contender to enter the ‘virus industry’ war. region, 2) non-encrypting and 3) well known to the computer Symantec’s recent takeover of Peter Norton Computing, one of virus research community. With an independent witness the most respected names in personal computing, guaranteed a present, infected files were submitted for inspection by the media spotlight for the company’s new product, the Norton Norton Anti-Virus: all were passed as virus free. In fact, the Anti-Virus. product had failed to identify files infected by Eddie II, Vacsina (1), Yankee, MIX1, MIX1-2, Pixel 1 and 2, Amstrad, The announcement that Norton Anti-Virus would be launched and three variants of the Vienna virus. on 17th September gave rise to great expectations. Observers hoped that this product would prove as valuable in fighting The extravagant claims and idle boasts that have emanated viruses as the excellent Norton Utilities and Commander from Symantec about this product may now be of interest to the packages had proved to disk inspection and data recovery. Advertising Standards Authority. The failure of the product to Early announcements from Symantec’s UK chairman Mr. detect well known computer viruses certainly demonstrated Michael Skok claimed that Norton Anti-Virus was the “the that Symantec’s initial research and development in support of fastest and most complete virus protection utility on the this product was lamentable. Hexadecimal patterns for all of market” while press releases assured potential customers that these viruses, and many others which the Norton Anti-Virus the PC package, when combined with the company’s existing fails to detect have been available through the Virus Bulletin SAM anti-virus for Macintosh computers, would provide “the for months. In blunt terms, this product has been shown total data security strategy”. Skok was quoted in the computer conclusively not to be “the most complete virus protection press as saying that the Symantec product could scan a 40 utility on the market”. The developers of a number of newer Megabyte hard disk in 26 seconds, a figure which he pro- anti-virus products have failed to establish links with the ceeded to use to denigrate Dr. Solomon’s Anti-Virus Toolkit research community in order to sustain the necessary updates which appears to have been targeted as the major competitive to their software, and presumably this is the reason behind this product in the UK. product’s shortcomings. The marketing launch for the Norton Anti-Virus was unprece- With the realisation that computer viruses have become big dented for a computer security software product - 50,000 business, we can expect further ‘big names’ to muscle in, demonstration disks were distributed with What Micro?, develop a market and try to ‘milk’ it, regardless of the advertisements appeared in the Sunday Times and a tastefully complexities involved in developing anti-virus software. It is to designed booklet which purported to explain the computer be hoped that potential purchasers of this type of software will virus problem was carried as an insert in the Financial Times. ignore the marketing men and demand high standards of product development, reliability and end-user support. The launch campaign got off to an inauspicious start. Symantec had planned to distribute a discount voucher in the form of a European Certification Schemes fake £10 note with its NAV demonstration disk - these had to be withdrawn following the disapproval of the Bank of The need for independent assessment of computer security England. However, worse was to follow. Symantec’s atten- products, which will help computer users tread their way dance at the Business Computing ’90 exhibition at Earls Court, through the minefield of marketing hyperbole, has been London (25-28 September), was to be the forum for a public addressed, in part, by the establishment of government launch of the product. Exhibition attendees were invited to certification under the auspices of the UK’s Department of submit diskettes for inspection so that they could be guaran- Trade & Industry. The certification process is controlled by the teed “virus free” by Norton Anti-Virus and adverts to this Communications-Electronics Security Group at GCHQ, effect were run in the British national press. Cheltenham. Evaluation currently takes place at two CESG licensed evaluation facilities (CLEFs) run by Secure Informa- It was the technical editor of PC Business World, Mr. Mark tion Systems and Logica Space & Defence Systems. Hamilton, who ‘picked up the gauntlet’. His inspection of Norton Anti-Virus had revealed several shortcomings in the The purpose behind certification is to establish standards for product, which was found to be anything but “comprehen- security products used within government departments and to sive”. Journalists and editorial staff at PC Business World enable outside organisations to base their purchasing decisions have shown a laudable cynicism amid a deluge of virus hype on objective criteria. during the last year. This may be explained by the fact that VIRUS BULLETIN ©1990 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers. October 1990 VIRUS BULLETIN Page 3 Moves to introduce a harmonised evaluation protocol for France, Germany, the United Kingdom and Holland under the TECHNICAL NOTES Information Technology Security Evaluation Criteria (ITSEC) are currently under way. Whale - The Armoured Virus Information on existing schemes and about ITSEC proposals is available from the following addresses: The Whale computer virus (aka Motherfish) is the most complex virus program so far encountered. Analysis suggests France that it is the work of a professional programmer or group of programmers, possibly sponsored by an agency. Approximately Service Central de la Securite des Systemes d’Information- 80 percent of its code (the virus is 9K in length) is dedicated to Division Information et Systemes confounding disassembly. Reports indicate that Whale is 18 Rue du Docteur Zamenhof related to the Fish6 virus and that the two viruses react F-92131 ISSY LES MOLINEAUX together when active on the same processor. Tests will be undertaken to ascertain whether this is the case. Programming Germany techniques seen in the 4K virus are also present in Whale, Zentralstelle fur Sicherheit der Informationstechnik suggesting that the writer(s) of Whale had access to the former Am Nippenkreuz 19 virus, or wrote it. Beneath three layers of encryption a single D-5300 BONN 2 text message has been located: THE WHALE IN SEARCH OF THE 8 FISH I AM ‘~knzyvo}’ Holland IN HAMBURG addr error D9EB,02 Netherlands National Comsec Agency There has been some speculation that Whale is an intentional Bezuidenhoutseweg 67 ploy (on the part of its creator(s)) to test the speed of response PO Box 20061 of the anti-virus community. It was hoped that a full report on NL-2500 EB THE HAGUE this virus would be available for publication in this edition but a technical report will now be delayed until November. The United Kingdom virus represents a new strategy combining ‘stealth’ tactics Head of UK CLEF Scheme Certification Body with concerted attempts to hinder disassembly and delay CESG Room 2/0805 attempts to update scanning software. (See pages 12-14). Fiddler’s Green Lane The term ‘armour’ is used to describe code which persistently CHELTENHAM, GLOS GL52 5AJ attempts to foil debugging software. Flip Macintosh Virus Writer Apprehended David Chess at the IBM Thomas R.
Load more

Recommended publications
  • IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions
    IBM Security Solutions May 2011 IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions Contents About the report 2 About the Report The IBM X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges 3 Evolution: From Nuisance to Weapon facing security professionals today. This report is a product of IBM Managed Security Services and the IBM X-Force 8 Prolific and Impacting Issues of Q1 2011 research and development team. Each issue focuses on specific challenges and provides a recap of the most significant recent 16 References online threats. IBM Managed Security Services are designed to help an organization improve its information security, by outsourcing security operations or supplementing your existing security teams. The IBM protection on-demand platform helps deliver Managed Security Services and the expertise, knowledge and infrastructure an organization needs to secure its information assets from Internet attacks. The X-Force team provides the foundation for a preemptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and countermeasure technology for IBM security products, and educates the public about emerging Internet threats. We welcome your feedback. Questions or comments regarding the content of this report should be addressed to [email protected]. 3 X-Force Threat Insight Quarterly IBM Security Solutions Evolution: From Nuisance to Weapon One of the more notable examples here is Brain3, a boot sector infector which originated in Pakistan and released in 1986, was Creeper, Wabbit, Animal, Elk Cloner, Brain, Vienna, Lehigh, one of the first examples of malware that infected PC’s running Stoned, Jerusalem.
    [Show full text]
  • What Are Kernel-Mode Rootkits?
    www.it-ebooks.info Hacking Exposed™ Malware & Rootkits Reviews “Accessible but not dumbed-down, this latest addition to the Hacking Exposed series is a stellar example of why this series remains one of the best-selling security franchises out there. System administrators and Average Joe computer users alike need to come to grips with the sophistication and stealth of modern malware, and this book calmly and clearly explains the threat.” —Brian Krebs, Reporter for The Washington Post and author of the Security Fix Blog “A harrowing guide to where the bad guys hide, and how you can find them.” —Dan Kaminsky, Director of Penetration Testing, IOActive, Inc. “The authors tackle malware, a deep and diverse issue in computer security, with common terms and relevant examples. Malware is a cold deadly tool in hacking; the authors address it openly, showing its capabilities with direct technical insight. The result is a good read that moves quickly, filling in the gaps even for the knowledgeable reader.” —Christopher Jordan, VP, Threat Intelligence, McAfee; Principal Investigator to DHS Botnet Research “Remember the end-of-semester review sessions where the instructor would go over everything from the whole term in just enough detail so you would understand all the key points, but also leave you with enough references to dig deeper where you wanted? Hacking Exposed Malware & Rootkits resembles this! A top-notch reference for novices and security professionals alike, this book provides just enough detail to explain the topics being presented, but not too much to dissuade those new to security.” —LTC Ron Dodge, U.S.
    [Show full text]
  • Reversing Malware [Based on Material from the Textbook]
    SoftWindows 11/23/05 Reversing Malware [based on material from the textbook] Reverse Engineering (Reversing Malware) © SERG What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Reverse Engineering (Reversing Malware) © SERG Reversing Malware • Revering is the strongest weapon we have against the creators of malware. • Antivirus researchers engage in reversing in order to: – analyze the latest malware, – determine how dangerous the malware is, – learn the weaknesses of malware so that effective antivirus programs can be developed. Reverse Engineering (Reversing Malware) © SERG Distributed Objects 1 SoftWindows 11/23/05 Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Reverse Engineering (Reversing Malware) © SERG Typical Purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Reverse Engineering (Reversing Malware) © SERG Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Reverse Engineering (Reversing Malware) © SERG Distributed Objects 2 SoftWindows 11/23/05 Viruses • Viruses are self-replicating programs that usually have a malicious intent.
    [Show full text]
  • Virus Bulletin, July 91
    July 1991 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Edward Wilding Technical Editor: Fridrik Skulason, University of Iceland Editorial Advisors: Jim Bates, Bates Associates, UK, Phil Crewe, Fingerprint, UK, David Ferbrache, ISIS Ltd., UK, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, John Laws, RSRE, UK, David T. Lindsay, Digital Equipment Corporation, UK, Yisrael Radai, Hebrew University of Jerusalem, Israel, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Prof. Eugene Spafford, Purdue University, USA, Dr. Peter Tippett, Certus International Corporation, USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS SCANNER UPDATE IBM Triumphs Amidst the ‘Vapourware’ 34 EDITORIAL 2 Results Table 35 TECHNICAL NOTES 3 TUTORIAL PRODUCT REVIEWS Fixed Disk Boot Sectors and 1. SafeWord Virus-Safe 36 Post-Attack Recovery 5 2. Knoxcard: Anti-Virus Hardware 38 Virus Bulletin Education, Training & Awareness Presentations 9 3. Trend Micro Devices’ PC-cillin 40 LETTERS SHAREWARE REVIEW VB Signatures With IBM’s Virscan 10 PC Virus Index 42 Vetting Procedure 10 KNOWN IBM PC VIRUSES 12 END-NOTES & NEWS 44 VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
    [Show full text]
  • Topics in Malware What Is Malware?
    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Metamorphic viruses • Instead of encrypting the program’s body and making slight alterations in the decryption engine, alter the entire program each time it is replicated. • This makes it extremely difficult for antivirus writers to use signature-matching techniques to identify malware. • Metamorphism requires a powerful code analysis engine that needs to be embedded into the malware. Metamorphic viruses: Operation • Metamorphic engine scans the code and generates a different version of it every time the program is duplicated. • The metamorphic engine performs a wide variety of transformations on the malware and on the engine itself.
    [Show full text]
  • Virus Bulletin, February 1991
    February 1991 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Edward Wilding Technical Editor: Fridrik Skulason, University of Iceland Editorial Advisors: Jim Bates, Bates Associates, UK, Phil Crewe, Fingerprint, UK, Dr. Jon David, USA, David Ferbrache, Information Systems Integrity & Security Ltd., UK, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, Yisrael Radai, Hebrew University, Israel, John Laws, RSRE, UK, David T. Lindsay, Digital Equipment Corporation, UK, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Dr. Peter Tippett, Certus International Corporation, USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS IBM PC VIRUSES (UPDATE) 8 COUNTERMEASURES EDITORIAL 2 A Backup Strategy Based on TECHNICAL NOTES Risk Analysis 9 The Write-Protected System Floppy Disk 2 VIRUS ANALYSES Education Training and 1. Beijing 11 Awareness Presentations 3 2. Aircop 12 Direct Port Access 3 3. Faust 14 The Kamikaze Virus 4 4. LoveChild 16 Overlay Files 5 The Virus ‘Underground’ 5 PRODUCT REVIEW Turbo Anti-Virus 18 INVESTIGATION The Search for Den Zuk 6 END-NOTES & NEWS 20 VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
    [Show full text]
  • Malware Slides
    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Viruses • Viruses are self-replicating programs that usually have a malicious intent. • Old fashioned type of malware that has become less popular since the widespread use of the Internet. • The unique aspect of computer viruses is their ability to self-replicate. • However, someone (e.g., user) must execute them in order for them to propagate. Viruses (Cont’d) • Some viruses are harmful (e.g.,): – delete valuable information from a computer’s disk, – freeze the computer. • Other viruses are harmless (e.g.,): – display annoying messages to attract user attention, – just replicate themselves.
    [Show full text]
  • Evolution of Cyber Security Invotra
    Evolution of cyber security Invotra Digital Workplace, Intranet and Extranet 700 bc Scytale used by Greece and Rome to send messages And kids ever since.. Image Source: https://commons.wikimedia.org/wiki/File:Skytale.png 1467 Alberti Cipher was impossible to break without knowledge of the method. This was because the frequency distribution of the letters was masked and frequency analysis - the only known technique for attacking ciphers at that time was no help. Image Source: https://commons.wikimedia.org/wiki/File:Alberti_cipher_disk.JPG 1797 The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder. It is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around their edge. Image Source: https://en.wikipedia.org/wiki/Jefferson_disk#/media/File:Jefferson%27s_disk_cipher.jpg 1833 Augusta Ada King-Noel, Countess of Lovelace was an English mathematician and writer, chiefly known for her work on Charles Babbage's proposed mechanical general-purpose computer, the Analytical Engine. She is widely seen as the world's first programmer Image Source: https://commons.wikimedia.org/wiki/File:Ada_Lovelace_portrait.jpg 1903 Magician and inventor Nevil Maskelyne interrupted John Ambrose Fleming's public demonstration of Marconi's purportedly secure wireless telegraphy technology. He sent insulting Morse code messages through the auditorium's projector. Image Source: https://en.wikipedia.org/wiki/Nevil_Maskelyne_(magician)#/media/File:Nevil_Maskelyne_circa_190 3.jpg 1918 The Enigma Machine. It was developed by Arthur Scherbius in 1918 and adopted by the German government and the nazi party Image Source: https://commons.wikimedia.org/wiki/File:Kriegsmarine_Enigma.png 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
    [Show full text]
  • Studying and Classification of the Most Significant Malicious Software
    Studying and Classification of the Most Significant Malicious Software Dr. Wajeb GHARIBI, Computer Science & Information Systems College, Jazan University, Jazan, KSA. [email protected] Abstract—As the cost of information processing and Internet University, this grandfather of modern computer virology, accessibility falls, most organizations are becoming demonstrated a virus-like program on a VAX11/750 increasingly vulnerable to potential cyber threats which its system[2]. rate has been dramatically increasing every year in recent times. Nevertheless, the idea for computer viruses actually appeared much earlier. Many consider the starting point to In this paper, we study, discuss and classify the most be the work of John Von Neumann in his studies on self- significant malicious software: viruses, Trojans, worms, reproducing mathematical automata, famous in the 1940s. adware and pornware which have made step forward in the By 1951, Neumann had already proposed methods for science of Virology. demonstrating how to create such automata. In 1959, the Keywords: Informatics; information Security; Virolog; British mathematician Lionel Penrose presented his view Cyber threats. on automated self-replication in his Scientific American article 'Self-Reproducing Machines'. Unlike Neumann, I. INTRODUCTION Penrose described a simple two dimensional model of this Nowadays, there is a huge variety of cyber threats that structure which could be activated, multiply, mutate and can be quite dangerous not only for big companies but also attack. Shortly after Penrose's article appeared, Frederick for ordinary user, who can be a potential victim for G. Stahl reproduced this model in machine code on an IBM cybercriminals when using unsafe system for entering 650 [3].
    [Show full text]
  • A History of Computer Viruses -The Famous ‘Trio’
    Computers & Security, 16 (1997) 416-429 A History Of Computer Viruses -The Famous ‘Trio’ Harold Joseph Highland FICS, FACM Editor-in-Chief Emeritus It was not until the fall of 1987 that computer virus- was a boot sector infector. The Lehigh virus and the es began to command worldwide attention in the Israeli viruses infected executable code. The former popular press as well as in the trade and technical press. attached itself only to COMMAND.COM; the Israeli Late in 1987 computer viruses struck at two universi- viruses infected .EXE and/or .COM programs. ties in the States and one in Israel. The trio [ 11 also differed in the media attacked. Aside l In October 1987 the Brain or Pakistani virus from the Lehigh virus that infected both floppy disks struck at the University of Delaware. and hard disks, the others only infected floppy disks. These were the original versions of the viruses. Since l One month later, the Lehigh or then a number of variants or mutations have surfaced. COMMAND.COM virus was discovered at Lehigh University in Pennsylvania. l Another difference was the damage or operating difficulties caused by these viruses. In December, the Hebrew University at Jerusalem found itself attacked by a computer virus. In its l The Brain sometimes destroyed several sectors of a search it found the Friday the 13th virus but also disk but often did little more damage. uncovered during that search were two variations of the April 1st or April Fool virus. l The Lehigh virus, depending upon its host, would wipe out an entire disk after a set number of DOS These three incidents presented us with two different operations.
    [Show full text]
  • Virus Bulletin, July 1992
    July 1992 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Edward Wilding Technical Editor: Fridrik Skulason Editorial Advisors: Jim Bates, Bates Associates, UK, Andrew Busey, Microcom Inc., USA, David Ferbrache, Defence Research Agency, UK, Christoph Fischer, University of Karlsruhe, Germany, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, Germany, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, John Laws, Defence Research Agency, UK, David T. Lindsay, Digital Equipment Corporation, UK, Yisrael Radai, Hebrew University of Jerusalem, Israel, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Prof. Eugene Spafford, Purdue University, USA, Dr. Peter Tippett, Certus Inc., USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS IBM PC VIRUSES (UPDATE) 7 VIRUS ANALYSES EDITOR’S DIARY 2 1. The Jabberwock Virus 9 INDUSTRY WATCH 2. NoInt 10 Certification Confusion 3 3. Datalock 12 UK NEWS PRODUCT REVIEWS New Virus - Police request 1. Certus Novi 13 Information 3 2. SmartScan from Visionsoft 16 WORLDWIDE SEMINAR REPORT The Russians Are Coming! 4 Comer on Fraud 19 VIRUS ALERTS END-NOTES & NEWS 20 1. Troi Two 5 2. V-Sign - A Polymorphic Boot Sector Virus 6 VIRUS BULLETIN ©1992 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /92/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
    [Show full text]
  • Twenty Years Before the Mouse
    Twenty years before the mouse. Aryeh Goretsky Distinguished Researcher Table of Contents Introduction 3 Fiat Lux 4 Brain Damage: Rootkits 1980s-Style 4 On-the-Job Training 5 Ransomware: Then and Now 5 War of the Parasites 6 Writing Viruses for Fun and Profit 9 Somebody Set Us Up the Bomb 11 Profits of Doom 12 This Way to the Egress 16 Acknowledgements 17 Sources 18 Title note: With apologies to author Charles Erskine’s “Twenty Years Before the Mast: With the more thrilling scenes and incidents while circumnavigating the globe under the command of the late Admiral Charles Wilkes 1838-1842.” Boston (privately printed), 1890. 2 Twenty years before the mouse Introduction For the past several years, I have been deep in the dark bowels of ESET, LLC’s Research Department—as the department’s Special Projects Manager, working on tasks that are vital at antivirus companies but generally go unnoticed by the public, testing things, making things, aggregating data from disparate sources, providing commentary and analysis and all the other myriad tasks one has to perform as a manager. One such regular responsibility is drafting new research topics alongside security expert Jeff Debrosse, the head of Research at ESET. Jeff is no stranger to visitors of ESET, LLC’s blog or readers of its white papers. He has written many of both and has been involved in the creation of others to varying extents. But as Senior Director, he is not just a frequent author or speaker but responsible for the operation of the department as well. And that means occasionally getting one of us to write a white paper.
    [Show full text]