Bulletin Board #13





#1

Virus (hoax)

Date: Wed, 26 Mar 1997 10:07:53 -0700
From: mhmacle@uswest.com (Mary Macleod)
Reply-To: mhmacle@uswest.com
Organization: Security/Finance
MIME-Version: 1.0

To: Tim Johnson
Subject: Re: Bulletin Board # 12

Tim:

Regarding the following item:
#5 Virus warning

Date: Tue, 25 Mar 1997 15:41:54 -0800
From: "Charles J. Weiss"
Subject: VIRUS -"PENPAL GREETINGS"

Dave -- In case you are not aware of this one please be advised it is a very dangerous one!!

It is self-replicating. DO NOT DOWNLOAD -- ERASE IMMEDIATELY!!
[I received this info from a reliable source.]
Call me for further info unless you are already knowledgable about it.
You have my phone nr.

Charlie

===============================================

The above Virus warning is a HOAX. This is one of many virus hoaxes circulating the Internet, causing confusion and wasting time and valuable resources. Anyone receiving an e-mail message warning of a devastating new virus should check the validity of the message before passing it on.

Following are Internet resources I find helpful:

http://www.kumite.com/myths/
http://ciac.llnl.gov/ciac/CIACHoaxes.html
http://www.virusafe.com/
http://www.symantec.com/avcenter/index.html

Mary

Mary H. Macleod, CISSP, Security Manager
1801 California Street, Room 3210, Denver, CO 80202
Phone: 303-896-9591 Fax: 303-896-9676
"You are the Key to Information Asset Protection"



#2

More useless, but interesting info from #2 son

From: "johnson"
Date: Sat, 22 Mar 97 10:41:55 PST

How To Install Software -- A 12-Step Program

  1. Examine the software packaging until you find a little printed box that explains what kind of computer system you need to run the software. It should look something like this:
    SYSTEM REQUIREMENTS
    2386 PROCESSOR OR HIGHER
    628.8 MEGAHERTZ MODEM
    719.7 MB FREE DISK SPACE
    3546 MB RAM
    432323 MB ROM
    05948737 MB RPM
    ANTILOCK BRAKING SYSTEM
    2 TURTLE DOVES

    NOTE: This software will not work on your computer.
  2. Open the software packaging and remove the manual. This will contain detailed instructions on installing, operating, and troubleshooting the software. Throw it away.
  3. Find the actual software, which should be in the form of either a 3.5-inch floppy diskette or a CD-ROM, located inside a sealed envelope that says:
    LICENSING AGREEMENT:
    By breaking this seal, the user hereinafter agrees to abide by all the terms and conditions of the following agreement that nobody ever reads, as well as the Geneva Convention and the U.N. Charter and the Secret Membership Oath of the Benevolent Protective Order of the Elks and such other terms and conditions, real and imaginary, as the Software Company shall deem necessary and appropriate, including the right to come to the user's home and examine the user's hard drive, as well as the user's underwear drawer if we feel like it, take it or leave it, until death do us part, one nation indivisible, by the dawn's early light,...finders keepers, losers weepers, thanks you've been a great crowd, and don't forget to tip your servers.
  4. Hand the software to a child aged 3 through 12 and say, "(Name of child), please install this on my computer."
  5. If you have no child age 3 through 12, insert the software in the appropriate drive, type "SETUP" and press the Enter key.
  6. Turn the computer on, you idiot.
  7. Once again type "SETUP" and press the Enter key.
  8. You will hear grinding and whirring noises for a while, after which the following message should appear on your screen:
    The Installation Program will now examine your system to see what would be the best way to render it inoperable. Is it OK with you? Choose one, and be honest:
    +-------+  +--------+
    | YES |  | SURE |
    +-------+  +--------+
  9. After you make your selection, you will hear grinding and whirring for a very long time while the installation program does God knows what in there. Some installation programs can actually alter molecular structures, so that when they're done, your computer has been transformed into an entirely new device, such as a food processor. At the very least, the installation program will create many new directories, sub-directories sub-sub-directories, on your hard drive and fill them with thousands of mysterious files with names like "puree.exe," "fester.dat," and "doo.wha."
  10. When the installation program is finished, your screen should display the following message:
    CONGRATULATIONS
    The installation program cannot think of anything else to do to your computer and has grown bored. You may now attempt to run your software. If you experience any problems, electrical shocks, insomnia, shortness of breath, nasal discharge, or intestinal parasites, you should immediately *!@!$)$%@&*^^)$*!#$_$*^^&
  11. At this point your computer system should become less functional than the federal government, refusing to respond even when struck with furniture.
  12. Call the toll-free Technical Support Hotline number listed on the package and wait on the line for a representative, who will explain to you, in a clear, step-by-step manner, how to adopt a child aged 3 through 12.




#3

From: Kelleypi@aol.com
Date: Wed, 26 Mar 1997 00:38:21 -0500 (EST)
Subject: Re: Bulletin Board # 12

Tim, I want to use the microcassette concealed on my person for recording conversations between myself and others. The other person would be unaware of the recording and would be approximately 4 to 10 feet away. I was able to find a regular cassette unit at Radio Shack tonight that has some features I needed. It had AUX jack, Remote jack, Speaker jack, Remote Microphone jack, and most important, a manual record level function. I purchased this unit and will use it for recording in locations where I have control of the area. The auto record limiter on most models prevents the effective recording of low level audio. I would still like a microcassette with a remote mike capability and manual record level function. I know this last requirement is the hardest to fine. To the issue of transmitters; didn't you have a memo in one BB that mentioned a transmitter with good range? Thanks for the help,

Tim. And keep in touch. Jack



# 4

Date: Wed, 26 Mar 1997 13:29:39 -0600
From: Trace Carpenter
To: Tim Johnson
CC: Kelleypi@aol.com
Subject: RadShk Transmitter Response

Jack,
The transmitter you are referring to is a wireless mic that operates around 170MHz. Once you take them out of their case you'll find two connected PC boards which make a slightly smaller package. If you increase the input voltage just a few volts, the range is really quite good. As for receivers, you can use a scanner, or purchase a receiver with the unit. There are several freq's available and will be documented with the unit.

Trace Carpenter
214.828.4520
214.828.1917 Facsimile



# 5

From: Johnson M SSgt 7CS/SCBBH
To: dbugman
Subject: stuff
Date: Wed, 26 Mar 97 14:03:00 cst

From my # 2 Son--something other than humor, someone must have spoken to him at home?

Dad,
here is some information that I found on one of the Security Pages Bulletin 96-24
Release date: December 12, 1996, 11:30 AM EST (GMT -5)

SUBJECT: Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost, and PENPAL Greeting.

SUMMARY: This bulletin identifies several internet hoaxes; how to identify a hoax; and what to do in the event a warning is received.

BACKGROUND: This bulletin contains information from ASSIST on the PENPAL hoax in addition to several internet hoaxes described by the U.S. Department of Energy Computer Incident Advisory Capability (CIAC), team.

IMPACT: Significant lost of productivity.

RECOMMENDED SOLUTIONS: See section of CIAC bulletin that addresses "What to do when you receive a warning."

PENPAL GREETINGS! Warning Hoax

The PENPAL GREETINGS! hoax encourages readers to kill an e-mail chain letter. PENPAL claims that the chain letter contains a self starting Trojan that destroys your hard drive and then sends copies of itself to everyone whose address in your mailbox.

Actually, reading an e-mail message can not run such a Trojan nor any attachment. If anyone receives e-mail entitled PENPAL GREETINGS!, please do not forward it; rather, delete it ASAP! If you have any questions or concerns please contact ASSIST.

[Begining of CIAC bulletin]

Introduction

The Internet is constantly being flooded with information about computer viruses and Trojans. However, interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, they are still time consuming and costly to handle. At CIAC, we find that we are spending much more time de-bunking hoaxes than handling real virus incidents. This advisory addresses the most recent warnings that have appeared on the Internet and are being circulated throughout world today. We will also address the history behind virus hoaxes, how to identify a hoax, and what to do if you think a message is or is not a hoax. Users are requested to please not spread unconfirmed warnings about viruses and Trojans. If you receive an unvalidated warning, don't pass it to all your friends, pass it to your computer security manager to validate first. Validated warnings from the incident response teams and antivirus vendors have valid return addresses and are usually PGP signed with the organization's key.

PKZ300 Warning

The PKZ300 Trojan is a real Trojan program, but the initial warning about it was released over a year ago. For information pertaining to PKZ300 Trojan reference CIAC Notes issue 95-10, that was released in June of 1995.

http://ciac.llnl.gov/ciac/notes/Notes10.shtml

The warning itself, on the other hand, is gaining urban legend status. There has been an extremely limited number of sightings of this Trojan and those appeared over a year ago. Even though the Trojan warning is real, the repeated circulation of the warning is a nuisance. Individuals who need the current release of PKZIP should visit the PKWARE web page at http://www.pkware.com.

CIAC recommends that you DO NOT recirculate the warning about this particular Trojan.

Irina Virus Hoax

The "Irina" virus warnings are a hoax. The former head of an electronic publishing company circulated the warning to create publicity for a new interactive book by the same name. The publishing company has apologized for the publicity stunt that backfired and panicked Internet users worldwide. The original warning claimed to be from a Professor Edward Pridedaux of the College of Slavic Studies in London; there is no such person or college. However, London's School of Slavonic and East European Studies has been inundated with calls. This poorly thought-out publicity stunt was highly irresponsible. For more information pertaining to this hoax, reference the UK Daily Telegraph at http://www.telegraph.co.uk.

Good Times Virus Hoax

The "Good Times" virus warnings are a hoax. There is no virus by that name in existence today. These warnings have been circulating the Internet for years. The user community must become aware that it is unlikely that a virus can be constructed to behave in the manner ascribed in the "Good Times" virus warning. For more information related to this urban legend, reference CIAC Notes 95-09.

http://ciac.llnl.gov/ciac/notes/Notes09.shtml

Deeyenda Virus Hoax

The "Deeyenda" virus warnings are a hoax. CIAC has received inqueries regarding the validity of the Deeyenda virus. The warnings are very similar to those for Good Times, stating that the FCC issued a warning about it, and that it is self activating and can destroy the contents of a machine just by being downloaded. Users should note that the FCC does not and will not issue virus or Trojan warnings. It is not their job to do so. As of this date, there are no known viruses with the name Deeyenda in existence. For a virus to spread, it must be executed. Reading a mail message does not execute the mail message. Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. CIAC still affirms that reading E-mail, using typical mail agents, can not activate malicious code delivered in or with the message.

Ghost.exe Warning

The Ghost.exe program was originally distributed as a free screen saver containing some advertising information for the author's company (Access Softek). The program opens a window that shows a Halloween background with ghosts flying around the screen. On any Friday the 13th, the program window title changes and the ghosts fly off the window and around the screen. Someone apparently got worried and sent a message indicating that this might be a Trojan. The warning grew until the it said that Ghost.exe was a Trojan that would destroy your hard drive and the developers got a lot of nasty phone calls (their names and phone numbers were in the About box of the program.) A simple phone call to the number listed in the program would have stopped this warning from being sent out. The original ghost.exe program is just cute; it does not do anything damaging. Note that this does not mean that ghost could not be infected with a virus that does do damage, so the normal antivirus procedure of scanning it before running it should be followed.