Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!rutgers!ukma!tut.cis.ohio-state.edu!cs.utexas.edu!ut-emx!osmigo From: osmigo@ut-emx.UUCP Newsgroups: comp.sys.mac Subject: Re: SCORES ordeal + new(?) SCORES info Message-ID: <6764@ut-emx.UUCP> Date: 11 Oct 88 03:48:24 GMT References: <6685@ut-emx.UUCP> <10330053@eecs.nwu.edu> Reply-To: osmigo@emx.UUCP (Ron Morgan) Organization: Speech Communication UT Austin Lines: 62 In article <10330053@eecs.nwu.edu> jln@eecs.nwu.edu (John Norstad) writes: > I find several of your remarks >quite puzzling. > >I don't understand why you formatter wouldn't work, even though it was >infected with Scores. According to the documentation that came with KillScores, it can cause applications to crash or do strange things. I had several applications that bombed mercilessly until I disinfected them, then they worked perfectly. The formatter was no exception. I should point out here, BTW, that the hard disk's manufacturer spent a WEEK testing the device, and found nothing wrong with it. It reformatted and worked flawlessly on their bench. Their software, of course, wasn't infected. So, they sent it back. Then we went through the same thing AGAIN. >I also don't understand why your "repaired" hard disk worked fine until >you ran an infected application. Systems usually continue to work properly ^^^^^^^ Apparently "usually" is the correct word. >In your case your floppy probably became full after the five viral resources >were installed on your system file. Scores continued to try to infect >the other four files, but nothing happened because the floppy was full. No, the floppy isn't full. Has about 45K left. Also, and correct me if I'm wrong, but Scores doesn't simply "infect" the other four files (desktop, notepad, scrapbook). It *creates* them. They will be present in an infected System Folder even if they (spec. Scrapbook and Notepad) were previously removed from the System. >> I understand that the FBI knows who created this unseen horror. >> If so, whatever happened to him? >Why hasn't this criminal been arrested and prosecuted? Can anybody answer this? Perhaps it's a question of proof. How can one *prove* that the virus caused a program with 400,000 bytes of code to crash, short of hiring a team of programmers to spend 10 years going through the code word-by-word and figuring it out? And yes, you're right. Scores is still very much alive and spreading. I've already met two other people with infected systems composed of large hard drives and dozens of infected applications. Both of them are very active in downloading/uploading applications to and from BBS's. There's no question in my mind that ANY application that isn't shrink-wrapped when you get it should be considered dangerous. Just think of the damage *one* single infected application on a BBS or public database (Genie, comp.sys.mac, et. al.) could do over time. Keep in mind that we're talking about a virus that will actually search out applications to infect, even if they aren't run. If you've ever seen your infected disk drive start spinning for no reason, that's the Scores virus on a "hunting trip." Who knows, unless Apple builds a virus-guard/killer into its ROM or System files, Scores will probably be with us for a long, long time. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ >--Ron Morgan--------------{ames, utah-cs, uunet}!ut-sally!ut-emx!osmigo-------< >--Univ. of Texas--{gatech, harvard, pyramid, sequent}!ut-sally!ut-emx!osmigo--< >--Austin, Texas--------osmigo@ut-emx.UUCP-------osmigo@emx.utexas.edu---------< =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+