Xref: utzoo comp.misc:2169 comp.sys.ibm.pc:13742 Path: utzoo!mnetor!uunet!husc6!think!bloom-beacon!gatech!ncar!oddjob!gargoyle!att-ih!chinet!dag From: dag@chinet.UUCP (Daniel A. Glasser) Newsgroups: comp.misc,comp.sys.ibm.pc Subject: Re: Commercial liability for distributing a virus Message-ID: <4123@chinet.UUCP> Date: 25 Mar 88 22:42:14 GMT References: <500@xios.XIOS.UUCP> <4811@ecsvax.UUCP> <622@sun.soe.clarkson.edu> Reply-To: dag@chinet.UUCP (Daniel A. Glasser) Organization: Chinet - Public Access Unix Lines: 48 In article <622@sun.soe.clarkson.edu> nelson@sun.soe.clarkson.edu.UUCP (Russ Nelson) writes: +In article <4811@ecsvax.UUCP> kotlas@ecsvax.UUCP (Carolyn M. Kotlas) writes: ++In article <500@xios.XIOS.UUCP>, dont@xios.XIOS.UUCP (Don Taylor) writes:> +++ [I did ] a 'strings' on MS Word (version 2 I think) and I saw a chilling +++ message that said something to the effect: 'the fruits of evil are bitter, +++ wiping your hard disk now...'. ++This isn't the only instance of little messages being sprinkled in ++Microsoft products. + +I saw a message that went approximately like this in a Microsoft program +that I disassembled. The message would appear if you invoked the program +with an (undocumented) /M switch. Unfortunately, I cannot locate the +program again. Maybe it was the mouse driver, maybe it was recover. +Chris Peters worked on the new dos. Microsoft rules ok! Back when I worked as a basic programmer for OSI (Ohio Scientific Instruments) there was what we called a 'germ' in the PROMs for the Challenger 2P. This particular 'germ' would, apparently randomly, hang up the system with some cute message. I don't remember what the message was, but BOY was it annoying. I don't know if this germ was in the ROMs that got shipped to customers. (OSI used MS 8 K basic!) I remember hearing about a secret screen hidden in some version of MAC or Lisa ROMs, that was there as an easy way for the insiders to tell if someone had cloned their ROMs. These are not viruses any more than the messages in expensive software packages as they do not self propogate. With the exception of the problem on the OSI C2P's, none are destructive. The most virus-like thing I've ever heard of acutally built into a 'commercial' software release is the login/cc hack in which cc would recognize that it was compiling login and include code that would allow the author to log in (as root, I believe) on the system without the root password, and would recognize that it was compiling a new version of cc, and insert the code to recognize itself and login, so the sources to cc and login did not contain the security holes, just the binaries. This was done, so the story goes, as a demonstration by the author of the hack (was it dmr, kt or bk?) of how easy it was to get around the security in UNIX, and not intended to be distributed, but a few unix tapes were shipped with compilers infected with the virus. The entire story may be apocriphal, but I heard it from a good source. -- Daniel A. Glasser dag@chinet.UUCP One of those things that goes "BUMP!!! (ouch!)" in the night. ...!att-ih!chinet!dag | ...!ihnp4!mwc!dag | ...!ihnp4!mwc!gorgon!dag