|
VIRUS NEWS
PKZIP. T4, and Chinatalk Chinatalk Trojan Erases Mac Directories A routine file examination on the commercial bulletin board service MAUG has revealed that an upload called CHINAT.CPT is actually a Macintosh Trojan Horse program. "Chinatalk" claims to be a female voice for Macintalk, but when run, it overwrites the directory of any hard disk on line. If anyone has information on the perpetrator of this Trojan Horse program, contact Neil Shapiro at (516) 735-6924. There is a $500 reward for information that leads to the arrest and conviction of this criminal. T4 Virus Masquerades as DisinfectantM The Macintosh T4 virus was discovered at several locations worldwide in June 1992. It was included in the games GoMoku 2.0 and 2.1, copies of which were posted to the USENET newsgroup comp.binaries.mac and to a number of popular bulletin boards and anonymous FTP archive sites. The virus masquerades as Disinfectant in an attempt to bypass Gatekeeper and similar virus detection software. If you see an alert from such an anti-viral tool telling you that "Disinfectant" is changing a file - and Disinfectant is not running -it is a good indication that T4 is attacking your system. T4 spreads to other applications and to the Finder. It also attempts to alter the System file. At least one version of the virus may display the following message: Application is infected with the T4 virus TWO known strains of the T4 virus are T4-A (in GoMoku 2.0) and T4-B (in GoMoku 2.1). The only significant difference is the trigger date: August 15,1992, for T4-A, and June 26,1992, for T4-B. An earlier third strain of the T4 virus appears to have been used for testing. Disinfectant identifies this strain as '74-beta." Disinfectant 2.9, the latest release of the free Macintosh anti-viral utility, detects the new T4 virus. It is now available via anonymous FTP from sumex-aim.standford.edu (cd info-mac/virus, get disinfectant-29.hgx) using binary transfer mode. You may also contact IT-CAP (752 2548) to obtain Disinfectant and other anti virus software. [Editor's Note The following notice appeared in PROMPT (05 August 1992), an electronic publication of North Carolina State University. It is reposted here with permission.] PKZIP Trojan Alert There are two bogus versions of the archiving utility PK21P for DOS-based machines being circulated on several BBSs around the country. The two bogus versions are PKZIP 2.01 (PKZ201.21P and PKZ201.EXE) and PKZIP 2.2 (PKZIPV2.ZIP and PK2 IPV2.EXE). If you have downloaded any of these files, do not attempt to use them. You run the risk of destroying all data on your hard disk if you use them. The current version of PKZIP is 1.10. A new version is expected to be released in the next few months It was going to be version 2.0, but this may be increased to a number greater than 2.2 to avoid any confusion with the bogus versions. PKWARE, Inc. has indicated it will never release a version 2.01 or 2.2 of PKZ1P. This information came from the CIAC, the Computer Incident Advisory Capability Information Bulletin.
|