Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uwm.edu!ux1.cso.uiuc.edu!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: AGUTOWS@WAYNEST1.BITNET (Arthur Gutowski)
Newsgroups: comp.virus
Subject: Re: DIR EXEC (VM/CMS)
Message-ID: <0012.8911281214.AA07608@ge.sei.cmu.edu>
Date: 27 Nov 89 20:56:31 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 29
Approved: krvw@sei.cmu.edu

In Virus-L, v2i248, the following warning was posted:

>>Date:         Sat, 25 Nov 89 19:15:31 EDT
>>Sender:       Revised LISTSERV forum <LSTSRV-L@RUTVM1>
>>From:         "Juan M. Courcoul" <POSTMAST@TECMTYVM.BITNET>
>>Subject:      IMPORTANT WARNING: CHRISTMA workalike on the loose on the links
..
>>A dangerous REXX exec named DIR EXEC has been detected on our node, thanks
>>to a watchful recipient. This exec purports to be able produce a directory
>>listing of the user's disks in a MS/DOS (PC) format.
>>
>>However, when the exec is run, it will produce the promised listing BUT it
>>will also send a copy of itself to all net addresses found in the user's
>>NAMES and NETLOG files.

From the cross-posting I got from IBM-MAIN@AKRONVM (IBM Mainframe
List), this EXEC also contains a timebomb: if the EXEC is run in 1990,
it will erase all A0 and A1 files from your account's A-disk.

I don't know if this thing has spread as fast as the warnings have,
but it may be worth the added info.

 Arthur J. Gutowski
 Antiviral Group / Tech Support / WSU University Computing Center
 5925 Woodward; Detroit MI  48202; PH#: (313) 577-0718
 Bitnet: AGUTOWS@WAYNEST1   Internet: AGUTOWS@WAYNEST1.BITNET
=====================================================================
 Disclaimer:  If VM is Virtual Machine, then I'm not really logged on,
              hence, I cannot have sent this message.


Brought to you by Super Global Mega Corp .com