Path: utzoo!attcan!uunet!super!udel!rochester!cornell!mailrus!bbn!oberon!pollux.usc.edu!papa From: papa@pollux.usc.edu (Marco Papa) Newsgroups: comp.sys.amiga Subject: Re: Internet UNIX (BSD) virus Keywords: UNIX, BSD. Virus, worm Message-ID: <13322@oberon.USC.EDU> Date: 8 Nov 88 20:46:02 GMT References: <13232@oberon.USC.EDU> <2954@sugar.uu.net> <13280@oberon.USC.EDU> <2965@sugar.uu.net> Sender: news@oberon.USC.EDU Reply-To: papa@pollux.usc.edu (Marco Papa) Organization: Felsina Software, Los Angeles, CA Lines: 78 In article <2965@sugar.uu.net> peter@sugar.uu.net (Peter da Silva) writes: >In article <13280@oberon.USC.EDU>, papa@pollux.usc.edu (Marco Papa) writes: >> In article <2954@sugar.uu.net> peter@sugar.uu.net (Peter da Silva) writes: >Besides, "fingerd" is another BSD program. I presume it's a server to support ^^^^^^^ >remote user lookup (my BSD manual is an OLD 4.2 one, and there's nothing ^^^^^^^ >between fastboot and ftpd). Another case of BSD's priorities in the >convenience-vs-security spectrum. You "presume"? You are talking about things you know nothing about. For your interest, fingerd is a protocol based on RFC742 that provides an interface to the name and finger programs at several network sites. It is available not only on BSD, but on a variety of commercial UNIX SysV implementaions. The password guessing program would work just fine on ANY UNIX, not just BSD. >They left themselves open to this attack. This isn't a UNIX problem. As Matt pointed out nicely, this *IS* a UNIX problem. Even the MIT "Kerberos UNIX" got infected. So much for "protected" UNIX. >The virus was tracked to its source in a matter of hours. Wrong. The virus was started at 9PM Wednesday, and 24 hours later still the source was unknown. Quoting the WSJ: "At some locations around the nation, the virus wasn't eradicated until Friday, and there is no way to be sure that it has been caught everywhere." >> > and a simple reboot would clear it out. >> ^^^^^^^^^^^^^ >You can get re-infected if you re-connect to the net after the reboot without ^^^^^^^^^^^ >clearing up the holes that left you open in the first place. Aha! Then a "simple" reboot is not enough. Just what I said. >> I can assure you that in $$$$$, this >> virus was much more costly that ANY of the Amiga viruses combined. > >In dollars? If the result is a little tightening of internet security this >virus will have had a positive dollar value. Sure, I agree. The real problem is with people like you that say that "it is NOT a UNIX problem, but just a BSD problem" and that "don't expect anything as virulent as the Byte Bandit or Brain virus [on UNIX]". Sweet dreams :-) Quoting a fellow on the net that took the time for a personal reply: "You must be running UNIX System V, in single user mode, with no network connection, without any application binary on disk" :-) >I suspect that the cost of a program like "Rogue", in grad-student-hours, is >far greater than this little mishap. Quoting again the Wall Street Journal: "At NASA's Ames center, the 52,000 outside researchers hooked up to Ames each has had to spend four to eight hours figuring out whether their computers were infected. That's 142 man-years of work just because some bozo sticks a virus on the machines, a NASA spokesman says." >Oh, speaking of ftpd: >From the 4.2BSD manual, 4 March 1983... in the BUGS section: [lots of "preistoric" stuff deleted] I guess Matt already responded to this one. 1983? 4.2BSD? You must be joking. That confirms that you're talking with total ignorance of what has been going on during the past 5 years. >That was 5 years ago. You people never learn. You definitely have a long way to go (5 years to catch up). Go buy the 4.3 manuals at least; they're only $55 from USENIX. -- Marco Papa 'Doc' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= uucp:...!pollux!papa BIX:papa ARPAnet:pollux!papa@oberon.usc.edu "There's Alpha, Beta, Gamma and Diga!" -- Leo Schwab [quoting Rick Unland] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=