Not to scare anyboby but to keep you informed, here is a clip from
RED-UG the Trickle mailing list. Be careful out there.
*************************** CLIP CLIP *************************
Forwarded message:
> From RED-UG at HEARN.BITNET Thu Oct 3 12:27:21 1991
> Resent-Date: Thu, 3 Oct 1991 12:28 EET
> Date: Thu, 3 Oct 91 11:13:03 CET
> From: Cezar Cichocki <CEZAR at PLEARN.BITNET>
> Subject: WARNING !!!!
> Sender: Red File Server Users Group on Provided Software
> <RED-UG at HEARN.BITNET>
>> !!!!!!!!! WARNING !!!!!!!!!
> Text was originaly sent from J McAfee. It is big true, this virus is
> very destructive and there is a big problem to catch it.
> I suggest to stop send trickle files originally sent from eastern Europe.
> cezar.
> ==========================================================================
>> Date: Fri, 27 Sep 91 05:55:41 +0000
> From: mcafee at netcom.com (McAfee Associates)
> Subject: New Virus Warning (PC)
>> V I R U S W A R N I N G
>> A new, fast moving, and very destructive virus has been
> reported from multiple countries in Eastern Europe. The virus uses
> a completely new technique for infecting and replicating and it
> cannot be easily identified or removed with existing anti-virus
> removers.
>> The virus infects by first placing itself in the last cluster of
> host disks. It then modifies the directory entries for all
> executable files in the system so that the directory chains point
> to the virus. Then it encrypts the original pointers for the
> executable files and places the encrypted pointers in unused space
> within the directory area. The result of this is that
> whenever a program is executed, the virus is loaded into memory.
> The virus, in turn, loads the program for execution. Programs
> themselves are not modified.
>> A disruptive characteristic of this virus is that if an infected
> system is booted from a clean floppy, none of the executable files
> can be copied from the system. Neither can they be backed up. If
> the system is not booted from a clean floppy, then the files can
> be copied and backed up, but the virus will copied along with the
> programs. It's a catch 22 situation. Additionally, if an infected
> system is booted from a clean floppy, and then a CHKDSK /F
> is run, then all executable files in the system will be destroyed.
>>> The virus is also a stealth virus. While it is active in memory
> it is difficult to detect.
>> The Virus has been named DIR-2. It has been reported at numerous
> sites in Bulgaria, Poland, Yugoslavia and Hungary. We received our
> copy for analysis from Tamas Szalay in Budapest.
>> The virus spreads more rapidly than any virus yet discovered.
> Vesselin Bontchev in Bulgaria reports that it has become the most
> reported virus in his country within the past few weeks.
>> We are currently re-writing our SCAN and CLEAN programs to deal
> with this virus, as are most other anti-virus suppliers. A beta
> version of both programs will be available September 26th. Anyone
> reporting symptoms similar to the above described, please
> contact us.
>> Thank you,
>> John McAfee
> - --
> McAfee Associates | Voice (408) 988-3832 | mcafee at netcom.com (business)
> 4423 Cheeney Street | FAX (408) 970-9727 | aryehg at darkside.com(personal)
> Santa Clara, California | BBS (408) 988-4004 |
> 95054-0253 USA | v.32 (408) 988-5190 | CompuServe ID: 76702,1714
> ViruScan/CleanUp/VShield | HST (408) 988-5138 | or GO VIRUSFORUM
>
