Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!umd5!purdue!i.cc.purdue.edu!j.cc.purdue.edu!h.cc.purdue.edu!s.cc.purdue.edu!rsk From: rsk@s.cc.purdue.edu (Frozen Wombat) Newsgroups: comp.sys.amiga Subject: Re: Viruses are here to stay (long) Message-ID: <1847@s.cc.purdue.edu> Date: 4 Jan 88 00:06:14 GMT References: <5996@oberon.USC.EDU> Reply-To: rsk@s.cc.purdue.edu.UUCP (Frozen Wombat) Organization: Purdue Computing Center Unix Systems Staff Lines: 39 In article <5996@oberon.USC.EDU> papa@pollux.usc.edu () writes: >I installed a variety of viruses as part of a graduate course on computer >security at USC over 4 years ago. One was a spoofing program that would >simulate a UNIX login prompt, and would be left running on a shared terminal, >for the casual user to log on and get his password. Another one was to let >everybody know of a wonderful new program that would "improve" the UNIX "ls" >command by copying his shell (with his protections) in my own area... Neither of these is a virus in the traditional sense of a self-replicating program which propagates itself in the manner of an organic virus. The former is a simple spoof which (unless it did more than is claimed here) simply masquerades as another program at the user interface level; the latter was simply an exploitation of the path-dependent execution inherent in the Unix shell. I am surprised, however, that routine coursework involved breaking the security of individual users' accounts. Our SOP for dealing with such individuals is to revoke their account and refer them to the Dean of Students; if evidence exists that they used their access to a user's account to read private files, then they're probably in violation of the Federal Privacy Act. One of the classic papers on viruses is the one by Shoch (of Xerox PARC) in the CACM a few years back; I can give a more precise reference if anyone is interested. >IBM's VNET worldwide network was put to a halt for almost two >weeks just before Christmas, when a "virus Christmas card" was sent out over >it. The virus would spread by remailing itself to everybody in your VNET >mailing lists, generating "billions and billions" of messages. I believe the >net totally crashed at least twice and more at various locations. The >perpetrator was never found, and worse of all there seem to be no quick >answer/change that will avoid this in the near future. This is an extremely inaccurate account of the incident, its repercussions, and its resolution. (For instance, the perpetrator was found.) See recent articles in comp.risks for a number of articles providing a correct account of the incident. -- Rich Kulawiec, rsk@s.cc.purdue.edu, s.cc.purdue.edu!rsk PUCC Unix Staff