Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!rutgers!uwvax!umn-d-ub!umn-cs!chou From: chou@umn-cs.CS.UMN.EDU (Hsiang Chou) Newsgroups: comp.sys.mac Subject: Re: New WDEF Virus Message-ID: <17504@umn-cs.CS.UMN.EDU> Date: 8 Dec 89 08:20:27 GMT References: <1886@accuvax.nwu.edu> Reply-To: chou@umn-cs.cs.umn.edu (Chih-Hsiang Chou) Organization: CSci Dept., University of Minnesota, Mpls. Lines: 41 In article <1886@accuvax.nwu.edu> jln@accuvax.nwu.edu (John Norstad) writes: > >The WDEF virus infects the invisible "Desktop" files used by the ^^^^^^^^^^^^^^^ >Finder. Every Macintosh disk has one of these files (hard drives >and floppies). The virus spreads from Desktop file to Desktop >file, but it does not infect applications, data files, or system >files. Do you mean these include the two DATA ONLY files, "Desktop DB" and "Desktop DF", created by the Desktop Manager? What will happen if the virus tries to infect a disk volume such as an AppleShare volume which has no "Desktop" file at all but the above two files? Will a new "Desktop" file be created or some equivalent information is written to those two files? If a "Desktop" file is created, how does the virus spread? Since the "Desktop" file is never touched by the finder or Desktop Manager in such volume. >Due to a bug, the virus causes Mac IIcis to crash. We have also >noticed unusually frequent crashes on infected Mac IIcxs, and >severe performance problems with infected AppleShare servers. >There are also other bugs in the virus which could cause problems. It seems to me, those two files are corrupted in an infected AppleShare volume. >You do not have to run a program for the virus to spread. > >Unlike most of the other Mac viruses, the WDEF virus is not spread >via the sharing and distribution of programs, but rather via the >sharing and distribution of disks, usually floppy disks. I think the Finder must play a role here. After all who will initiate access to the Desktop file besides the Finder. -- Chih-Hsiang Chou chou@umn-cs.cs.umn.edu Department of Computer Science University of Minnesota