TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Subject:Fwd: INFO. ON SERIOUS INTERNE... From:JPMartin1 -at- AOL -dot- COM Date:Mon, 16 May 1994 13:23:47 EDT
---------------------
Forwarded message:
Subj: INFO. ON SERIOUS INTERNET VIRUS (fwd)
Date: 94-05-16 11:22:45 EDT
From: billwinn -at- u -dot- washington -dot- edu
To: JPMartin1
---------- Forwarded message ----------
Date: Sun, 15 May 1994 15:17:11 -0700 (PDT)
From: Sandra Petrarca <petrarca -at- u -dot- washington -dot- edu>
To: Beta Anderson <bettyan -at- microsoft -dot- com>,
William Winn <billwinn -at- u -dot- washington -dot- edu>,
Joel Levin <jlevin -at- u -dot- washington -dot- edu>, markdod -at- microsoft -dot- com,
MATT SPAUR <HPSD83A -at- prodigy -dot- com>, nomad -at- u -dot- washington -dot- edu
Subject: INFO. ON SERIOUS INTERNET VIRUS (fwd)
Thought you might want to be aware of this. See end of message for
permission to forward.
> NASIRC recently received information about a potential "trojan horse"
> program being distributed on the Internet as "CD-IT.ZIP"
> SYSTEMS AFFECTED:
> This trojan apparently only runs on "IBM compatible" systems; DOS is
> definitely susceptible, and Windows might be.
> THE PROBLEM:
> According to information posted in several Clarinet newsgroups, a new
> and dangerous trojan is showing up at publicly-accessible Internet
> sites. This trojan, called CD-IT.ZIP, supposedly gives your PC full
> read/write capabilities on its CD-ROM drive. The CD-IT documentation
> states the program was authored by Joseph S. Shiner, couriered by HDA
> and copyrighted by Chinon Products. The problem came to light when a
> user who had downloaded the file from a FidoNet server in Baltimore,
> MD, realized that it is IMPOSSIBLE to make a standard CD-ROM drive
> writable with a small software utility and reported it to Chinon.
> Other suspicious indicators were obscenities in the documentation and
> a line indicating that HDA stands for "Haven't Decided a Name Yet."
> In a statement to Newsbytes, Chinon America stated it has no division
> as named in the documentation. Chinon engineers also report that if
> CD-IT is actually run, it locks up the computer; it will then remain
> in memory (even after reboot) and will corrupt critical system files
> on the hard disk as well as any available network volumes. Chinon's
> R&D Director stated that he has not heard of any systems that have
> (yet) been affected by this trojan.
> THE FIX:
> Although there is no real "fix" for a trojan or virus, there are two
> important points NASIRC wishes to make:
> 1) DO NOT DOWNLOAD THE FILE "CD-IT.ZIP" FROM ANY ON-LINE ARCHIVES!
> 2) DO NOT RUN THE "CD-IT" UTILITY!
> Once a system is infected, the only way to eradicate the virus is to
> perform a high-level reformat of the hard drive!
> To quote the Clarinet post, "Chinon is encouraging anyone who might
> have information that could lead to the arrest and prosecution of the
> parties responsible for CD-IT to call the company at 310-533-0274. In
> addition, the company has notified the major distributors of virus
> protection software, such as Symantec and McAfee Associates, so they
> may update their programs to detect and eradicate CD-IT.
> NASIRC will continue to monitor this situation and will post additional
> information should it become necessary. If you have any questions about
> this bulletin, please contact NASIRC via any of the venues below.
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> NASIRC ACKNOWLEDGES: Hank Middleton of NASA's Goddard Space Flight
> Center for notifying NASIRC of this situation.
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> ===============================================================
> For further assistance, please contact the NASIRC Helpdesk:
> Phone: 1-800-7-NASIRC Fax: 1-301-441-1853
> Internet Email: nasirc -at- nasa -dot- gov
> 24 Hour/Emergency Pager: 1-800-759-7243/Pin:2023056
> STU III: 1-301-982-5480
> ===============================================================
> This bulletin may be forwarded without restriction to sites and
> system administrators within the NASA community.
> The NASIRC online archive system is available via anonymous ftp.
> You will be required to enter your valid e-mail address as the
> "password". Once on the system, you can access the following
> information:
> The contents of these directories is updated on a continuous
> basis with relevant software and information; contact the NASIRC
> Helpdesk for more information or assistance.
> -----------------
> PLEASE NOTE: Users outside of the NASA community may receive NASIRC
> bulletins. If you are not part of the NASA community, please contact
> your agency's response team to report incidents. Your agency's team
> will coordinate with NASIRC, who will ensure the proper internal
> NASA team(s) are notified. NASIRC is a member of the Forum of
> Incident Response and Security Teams (FIRST), a world-wide organiza-
> tion which provides for coordination between incident response teams
> in handling computer-security-related issues. You can obtain a list
> of FIRST member organizations and their constituencies by sending
> email to docserver -at- first -dot- org with an empty "subject" line and a
> message body containing the line "send first-contacts".
****************************************************************************
> *
*
> * The point of contact for MILNET security-related incidents is the
*
> * Security Coordination Center (SCC).
*
> *
*
> * E-mail address: SCC -at- NIC -dot- DDN -dot- MIL
*
> *
*
> * Telephone: 1-(800)-365-3642
*
> *
*
> * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST,
*
> * Monday through Friday except on federal holidays.
*
> *
*
> PLEASE NOTE: Many users outside of the DOD computing communities receive
> DDN Security bulletins. If you are not part of DOD community, please
> contact your agency's incident response team to report incidents. Your
> agency's team will coordinate with DOD. The Forum of Incident Response and
> Security Teams (FIRST) is a world-wide organization. A list of FIRST
member
> organizations and their constituencies can be obtained by sending email to
> docserver -at- first -dot- org with an empty subject line and a message body
containing
> the line: send first-contacts.
> This document was prepared as an service to the DOD community. Neither the
> United States Government nor any of their employees, makes any warranty,
> expressed or implied, or assumes any legal liability or responsibility for
> the accuracy, completeness, or usefulness of any information, product, or
> process disclosed, or represents that its use would not infringe privately
> owned rights. Reference herein to any specific commercial products,
process,
> or service by trade name, trademark manufacturer, or otherwise, does not
> necessarily constitute or imply its endorsement, recommendation, or
favoring
> by the United States Government. The opinions of the authors expressed
herein
> do not necessarily state or reflect those of the United States Government,
> and shall not be used for advertising or product endorsement purposes.
