Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!samsung!think!ames!ncar!tank!cps3xx!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: f3aml@fyvax2.fy.chalmers.se (MATS LEJON)
Newsgroups: comp.virus
Subject: WDEF virus questions (Mac)
Message-ID: <0001.8912121301.AA15254@ge.sei.cmu.edu>
Date: 11 Dec 89 08:56:28 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 15
Approved: krvw@sei.cmu.edu

In the message WDEF Virus Alert (MAC) John Norstad writes

>Unfortunately, the virus manages to avoid detection by all of the
>popular protection INITs, including Vaccine 1.0.1, GateKeeper
>1.1.1, SAM Intercept 1.10, and Virex INIT 1.12.

What about the RWatcher INIT? It would be no problem to configure it
to look for a WDEF resource, but this would of course be of no use
if the WDEF virus uses a system call to propagate whitch RWatcher
does not watch for. Does anyone have any more info about the virus,
its size for example, or how it is possible that a resource with the name
WDEF gets executed, I guess it must contain executable code to
propagate itself?

                   Mats Lejon, Chalmers Univ. Tech. Sweden.