Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: lev@suned1.Nswses.Navy.Mil (Lloyd E Vancil) Newsgroups: comp.virus Subject: A question regarding commercial dial-up services Message-ID: <0001.9105281939.AA08091@ubu.cert.sei.cmu.edu> Date: 26 May 91 04:15:46 GMT Sender: Virus Discussion List Lines: 41 Approved: krvw@sei.cmu.edu I have a question. In the form of a senario; Given: A BBS service distributes a program that you must run in your machine to use the service. ( ;-) guess who! ) This service becomes very popular with computer users who are less technically inclined. It is very flashy and popular with children. As part of the program a very large file is installed in the PC's disk that is used to "stage" graphics "primitives" screens. Investigation reveals whole blocks of ram have been dumped to the file. Typical finds include, dos environment information, disk directories, pieces of files that were deleted by dos (but not removed from the disk surface). I'm just enough of a skeptic to ask why "Whole chunks of ram" are dumped, but that's a question for comp.programmer Here's the virus question. Question: Would it be possible; 1. for a memory resident virus to be scooped up by this service.. and return to reinfect the machine at a later date? Presumably by the service's reusing of the file fragment that contains the "screen primitive" and the "scooped" virus code. 2. for a virus to be written to take advantage of this transmission method? (I'm not sure that the "service" retains a complete copy of it's users "staging file"; after all they claim nearly 1 million users and at ~1meg per user that's 10^12 bytes? (wow) And I'm not sure the data from one user is seen by another's machine.) - -- | suned1!lev@elroy.JPL.Nasa.Gov | * S.T.A.R.S.! . + o | | lev@suned1.nswses.navy.mil | The Revolution has begun! . + | | sun!suntzu!suned1!lev | My Opinions are Mine mine mine hahahah!|