Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-ncis!helios.ee.lbl.gov!pasteur!ucbvax!AI.AI.MIT.EDU!BARTH From: BARTH@AI.AI.MIT.EDU (Richard Barth) Newsgroups: comp.sys.misc Subject: Strange virus??? Message-ID: <519874.890113.BARTH@AI.AI.MIT.EDU> Date: 14 Jan 89 04:08:15 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 46 - To:info-micro@wsmr-simtel20.army.mil Cc:barth Subject: Strange virus??? ---Feeding the line eater--- The SYSOP of an Annapolis BBS ran across a message relating to a virus that allegedly infects 2400 baud modems, and as a result removed his 2400 and is running at 1200 baud only. I was just a tad incredulous, but before writing it off I thought I'd consult the combined experiences of this bunch. Anyone heard of this before? The following text is supposed to have originated on a Seattle BBS. ... quote I've just discovered probably the world's worst computer virus yet. I had just finished a late night session of BBSing and file trading when I exited Telix 3 and attempted to run pkxarc to unarc the software I had downloaded. Next thing I knew my hard disk was seeking all over and it was apparently writing random sectors. Thank God for strong coffee and a recent backup... Everything was back to normal, so I called the BBS again and downloaded a file. [ the disk got trashed again]. ... I hooked up my test equipment and different modems (I do research and development for a local computer telecommunications company and have an in-house lab at my disposal). After another hour of corrupted hard drives I found what I think is the world's worst computer virus yet. The virus distributes itself on the modem sub-carrier present in all 2400 baud and up modems. The sub-carrier is used for ROM and register debugging purposes only, and otherwise serves no purpose. The virus sets a bit pattern in one of the internal modem registers, but it seemed to screw up the other registers on my USR. A modem that has been "infected" with this virus will then transmit the virus to other modems, that use a subcarrier (I suppose those who use 300 and 1200 baud modems should be immune). The virus then attaqches itself to all binary incoming data and infects the host computer's hard disk. The only way to get rid of the virus is to completely reset all the modem registers by hand, but I haven't found a way to vaccinate a modem against the virus, but there is the possibility of building a subcarrier filter. End of quote. The above message was dated 6 Oct 88. Any comments?