Path: utzoo!attcan!uunet!lll-winken!lll-lcc!lll-tis!helios.ee.lbl.gov!pasteur!ucbvax!husc6!mit-eddie!mit-amt!hkbirke
From: hkbirke@mit-amt (Hal Birkeland)
Newsgroups: comp.sys.ibm.pc.rt
Subject: Re: Internet Virus can appear on RT
Summary: RTs seem to be partially succeptable
Keywords: RT, virus
Message-ID: <3259@mit-amt>
Date: 5 Nov 88 02:51:07 GMT
References: <1044@entropy.ms.washington.edu>
Reply-To: hkbirke@media-lab.media.mit.edu (Hal Birkeland)
Distribution: na
Organization: MIT Media Lab, Cambridge MA
Lines: 35

In article <1044@entropy.ms.washington.edu> fetrow@bones.biostat.washington.edu (Dave Fetrow) writes:
>
>It was expected only to infect SUN and Vaxen. It can partly infect an IBM
>RT as well....at least to the extent that an RT can accept the virus files
>and run at least one virus process. (We found the virus on most of our RTs.
>We are running ACIS/AOS not AIX)
>
> It may not be virulent on an RT but sysops should know enough to check and
>delete virus files and processes. 
> 
>BITNET:   dfetrow@uwarita                            -- david d. fetrow --

david has summarized the situation very well... IBMs are succeptable to some aspects of
the virus, but not all. For example, my RT running ACIS 4.3 w/NFS was not fully struck
by the virus either.  The sendmail i am running has debug turned off which defeats the
initial attack by the virus.  furthermore, the machine doesn't appear in any .rhosts
files or hosts.equiv.

just remember, any UNIX machine running sendmail can get the first stage of the virus (the
mailer -> sed -> cc -> net communications to get the rest of the virus) but it seems that
only VAXen and Sun 3's will actually compile and run it (at least we couldn't infect our
RT even though we tried).

--hal
REMEMBER:  fix fingerd
	   fix sendmail
	   run viruscheck on passwords (so accounts aren't broken into)
	   discourage .rhosts files
	   strip hosts.equiv to the vare minimum
	
	INSTALL THE CONDOM (the directory /usr/tmp/sh owned by root, protected as 000 with a couple of files
                            in it with the same protection. Therefore, the virus can't get a toehold)

Thank god that it didn't infect HP9000s3x0 workstations running HP-UX6.0

hkbirke@media-lab.media.mit.edu