Path: news1.ucsd.edu!ihnp4.ucsd.edu!swrinde!howland.reston.ans.net!math.ohio-state.edu!cis.ohio-state.edu!nntp.sei.cmu.edu!bb3.andrew.cmu.edu!cantaloupe.srv.cs.cmu.edu!das-news2.harvard.edu!oitnews.harvard.edu!purdue!not-for-mail From: spaf@cs.purdue.edu Newsgroups: comp.sys.mac.announce,comp.sys.mac.apps,comp.sys.mac.misc,comp.security.misc Subject: New Macintosh Viruses Discovered (HC-9507) Date: 1 Aug 1995 09:26:46 -0500 Organization: Department of Computer Sciences, Purdue University Lines: 85 Approved: spaf@cs.purdue.edu Expires: +30days NNTP-Posting-Host: uther.cs.purdue.edu Xref: news1.ucsd.edu comp.sys.mac.announce:517 comp.sys.mac.apps:102014 comp.sys.mac.misc:79710 comp.security.misc:17201 Apparently-To: macintosh@nothing.UCSD.EDU New Macintosh Viruses Discovered (HC-9507) 31 July 1995 Virus: HC-9507 Damage: Infects HyperCard stacks only; does not infect system files or applications. Spread: Once the home stack is infected, the virus spreads to other running HyperCard stacks and other randomly chosen stacks on the startup disk. Systems affected: All Apple Macintosh computers, under Systems 6 & 7. The HC-9507 virus causes unusual system behaviors, depending on the day of the week and the time. While running HyperCard with infected stacks, you may observe the screen fading in and out, the word "pickle" being entered automatically, or your system may suffer a shutdown or lockup. According to feedback from the publishers and authors of the major anti-viral software programs, information about upgrades to known, actively supported Mac anti-virus products is as follows: Tool: SAM (Virus Clinic and Intercept) Status: Commercial software Revision to be released: 4.0.5 When available: Immediately Where to find: SAM Virus Definitions available on CompuServe, America Online, Applelink Customer Service: 800-441-7234 For users of SAM 4.0.x, the phone numbers for SAM Virus Definitions Update Server are: In USA: 1-503-334-4082 In Europe: +31-71-353299 In Australia: 02-817-2698 In Southeast Asia: +61-2-817-2698 Tool: Virex Status: Commercial software Revision to be released: A free virus definition will be made available for all versions of Virex 5.5 or later immediately. This definition will be built into versions 5.5.5 and later. When available: Immediately Where to find: Datawatch Corporation, (508) 988-9700 When available: immediately Comments: Datawatch's BBS number is (508) 988-6373 [8,N,1] Other antivirals: CPAV (Central Point Anti-virus) does not normally deal with HyperCard viruses, so no update is needed. Disinfectant does not deal with HyperCard viruses, so no update is needed. Gatekeeper is no longer actively supported. However, its design is such that no update would be needed. No information is available at this time about the "Rival" antivirus program and this virus. VirusDetective is not supported against HyperCard viruses so no update is needed. If you discover what you believe to be a virus on your Macintosh system, please report it to the vendor/author of your anti-virus software package for analysis. Such reports make early, informed warnings like this one possible for the rest of the Mac community. If you are otherwise unsure of who to contact, you may send e-mail to spaf@cs.purdue.edu as an initial point of contact. Also, be aware that writing and releasing computer viruses is more than a rude and damaging act of vandalism -- it is also a violation of many state and Federal laws in the US, and illegal in several other countries. If you have information concerning the author of this or any other computer virus, please contact any of the anti-virus providers listed above. Several Mac virus authors have been apprehended thanks to the efforts of the Mac user community, and some have received criminal convictions for their actions. This is yet one more way to help protect your computers. -- Gene Spafford, COAST Project Director Department of Computer Sciences Purdue University, W. Lafayette IN 47907-1398 spaf@cs.purdue.edu (317) 494-7825 http://www.cs.purdue.edu/people/spaf .