Path: utzoo!attcan!uunet!ogicse!decwrl!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: DUCKENFP@carleton.edu (Paul Duckenfield (Consultant, User Services))
Newsgroups: comp.virus
Subject: WDEF details (Mac)
Message-ID: <0009.9002211611.AA05733@ge.sei.cmu.edu>
Date: 20 Feb 90 20:19:00 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 32
Approved: krvw@sei.cmu.edu

>From:    wcpl_ltd@uhura.cc.rochester.edu (Wing Leung)
>Subject: More about WDEF

>        Can someone tell me is WDEF an illegal string in the resource code?
>        How about the program called WDEF uploaded in comp.binaries.mac?
>        In fact, I've found some WDEF code in system version 6.0.3
>        Please tell me more about this resource code.

        WDef is a system resource which (basically) tells the Mac how
to draw its windows. There are several programs in the FREE/SHAREware
market which change how the window appear on your Macs screen. They
make it look like a NeXT or MS Windows or some other form other than
the "standard Apple"-look. They take advantage of the WDef resource in
the SYSTEM file.

        The virus WDef is a little trickier. It infects the invisible
DESKTOP file in the root directory of any disk. You can't seem this
file, but it is there, keeping track of all your files.

        That is the difference between WDef SYSTEM resource and WDef
DESKTOP resource (for the layman).

        Incidentily, I have heard reports that it is possible
(although not easy) for someone to rename the WDef virus's resource to
CDef. Potentially this will create another virus, exactly the same as
the first except for the name, which can propogate quickly as well.
Anyone know anything about this?

                Paul Duckenfield
                CC User Services
                Micro Consultant
                DUCKENFP@Carleton.Edu