Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!ginosko!uunet!iconsys!caeco!vixen!joe
From: joe@vixen.uucp (Joe Hitchens)
Newsgroups: comp.sys.amiga
Subject: Viruses
Message-ID: <310@vixen.uucp>
Date: 17 Oct 89 17:59:01 GMT
Organization: Sleepless Software
Lines: 56


I recieved this in my mail.  I have no idea who this person is, or why he
sent it to me.  I thought perhaps someone could forward it to Steve Tibbett.


 > From utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp Mon Oct 16 16:12:07 1989
 > Return-Path: <utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp>
 > Received: by vixen.uucp (3.2/SMI-3.2)
 >	 id AA17505; Mon, 16 Oct 89 16:12:06 MDT
 > From: utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp
 > Received: by caeco.scs-ut.uucp (3.2/SMI-3.0DEV3)
 >	 id AA01251; Mon, 16 Oct 89 14:43:40 MDT
 > Received: from cs.utexas.edu by cs.utah.edu (5.61/utah-2.4-cs)
 >	id AA13357; Mon, 16 Oct 89 14:29:33 -0600
 > Posted-Date: Mon, 16 Oct 89 17:50:54 GMT
 > Received: from uunet.UU.NET by cs.utexas.edu (5.59/1.43)
 >	id AA09935; Mon, 16 Oct 89 15:05:26 CDT
 > Received: from mcsun.eu.net by uunet.uu.net (5.61/1.14) with SMTP 
 >	id AA27866; Mon, 16 Oct 89 13:17:33 -0400
 > Received: by mcsun.EU.net via EUnet; Mon, 16 Oct 89 18:15:49 +0100 (MET)
 > Received: from cs.strath.ac.uk by kestrel.Ukc.AC.UK   via Janet (UKC CAMEL FTP)
 >           id aa22949; 16 Oct 89 17:53 BST
 > To: vixen!joe%cs.utexas.edu@uunet.UU.NET
 > Subject: Re: VirusX 3.2, VirusX 3.1
 > Newsgroups: comp.sys.amiga
 > In-Reply-To: <308@vixen.uucp>
 > References: <1389@ultb.UUCP> <1940@sactoh0.UUCP> <2233@cbnewsl.ATT.COM>
 > Organization: Comp. Sci. Dept., Strathclyde Univ., Scotland.
 > Date: Mon, 16 Oct 89 17:50:54 GMT
 > Sender: utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp
 > Message-Id:  <8910161750.aa12316@baird.cs.strath.ac.uk>
 > Status: RO
 >
 > Hey I think I should tell you a fact about viruses that nobody seems to
 > take into account. All the viruses I have written intercept the OS DoIO()
 > routine and feed the user a normal bootblock if one of my viruses is there.
 >
 > You would be surprised how few virus killers actually use the hardware
 > directly to check.


This would certainly defeat casual detection. I don't know if VirusX would
be fooled by this or not, I haven't examined the source.

j.h.

==========================================================================
Joe Hitchens -- Artist, Sculptor, Animator of Sculpture, Iconographer Adept
joe@vixen  ...!uunet!iconsys!caeco!vixen!joe
joe@amie   ...!uunet!iconsys!caeco!i-core!amie!joe   Phone: (801) 292-2190

-- 
==========================================================================
Joe Hitchens -- Artist, Sculptor, Animator of Sculpture, Iconographer Adept
joe@vixen  ...!uunet!iconsys!caeco!vixen!joe
joe@amie   ...!uunet!iconsys!caeco!i-core!amie!joe   Phone: (801) 292-2190