The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #053 [Re: Disassembled virus?] (1 message, 620 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/053.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: "Matt Crawford" <matt@oddjob.uchicago.edu>
To: phage
Date: Sat 10:30:06 05/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 055] [Thread Next: 079] [Message Prev: 048] [Message Next: 399]

>>    It now looks like two of our machines were infected after all, but we
>> didn't notice any particularly abberant behavior during the time at which
>> they should have been infected, and I'm trying to figure out why this
>> beastie seems to have made it in, but was unable to do anything beyond that.

Same here.  Several machines were obviously hit, but another had been
entered about 6 times without anything appearing to have happened.
There were traces of deleted files in /usr/tmp and entries of the
smtp transactions in syslog, but no other symptoms.  This was on a
sun-3/280 running sunos 3.5 with an "average" number of local mods.

				Matt

END OF DOCUMENT