Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: mike@pyrite.SOM.CWRU.Edu (Michael Kerner)
Newsgroups: comp.virus
Subject: Re: New Mac Hypercard Virus (Mac)
Message-ID: <0010.9104051408.AA00913@ubu.cert.sei.cmu.edu>
Date: 5 Apr 91 03:06:49 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 36
Approved: krvw@sei.cmu.edu

D1660@AppleLink.Apple.COM (SoftPlus, Paul Cozza,PRT) writes:
>For SAM 3.0 Users:
>
>A new Macintosh HyperCard virus has been found and has been named the
>HC Virus.  The virus infects only HyperCard stacks, and is mostly
>annoying. With SAM 3.0 you can download the latest Virus Definitions
>file from the Symantec bulletin board which includes both detection
>and repair of stacks infected with this virus. You can also enter a
>virus definition via SAM Virus Clinic 3.0 if you only require
>detection capabilities for this virus. The proper virus definition for
>SAM 3.0 is included here.
>
> ...
>
>Paul Cozza
>SAM Author

Yo folks, it's me again.  The question of the day is, "Is this virus a
virus or a Trojan Horse (Like Dukakis was)".  If this "virus" attacks
stacks from a script, what does the script look like?  The easiest way
to kill Dukakis (not to slam SAM, but it's overkill), is to (in your
HOME stack), intercept the SET command and check if the params
includes "Script", and then do further checks to see if it's Dukakis
(I don't remember the entire script, if anyone wants it EMAIL me, go
for it).  Anyway, the script can also be easily changed to intercept
ALL SET THE SCRIPT's and stop them, if the user wants.

So, is this virus caused by a script, and thus a Trojan Horse that I
can counter with a script of my own, or is it a real virus, caused by
a binary operation in one of the CODE resources of a stack?

Mikey
Mac Admin
WSOM CSG
CWRU
mike@pyrite.som.cwru.edu