The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V1 #42 1989-12-15 (1 file, 1355 bytes)
SOURCE: http://securitydigest.org/exec/display?f=zardoz/archive/142.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Date: Fri, 15 Dec 89 12:40:33 PST
Subject: Security Digest V1 #42

Security Digest Volume 1 Issue 42

subject(s):

            destructive PC trojan horse warning

------------------------------------------------------------------------

Date: Fri, 15 Dec 89 11:43:27 PST
From: neil@cpd.com (Neil Gorsuch)
Subject: destructive PC trojan horse warning

[ This was posted to news group news.announce.important, and since it
describes a deliberately destructive piece of software that someone
went to a fair amount of trouble and expense to distribute, I am also
sending it out to the security list. Further details can be found in
the news group comp.virus - neil ]

 --- Forwarded from comp.sys.ibm.pc ---
This is an urgent forward from John McAfee:

     A distribution diskette from a corporation calling itself PC
Cyborg has been widely distributed to major corporations and PC user
groups in Europe.  The diskette contains a highly destructive Trojan
Horse.  The Chase Manhattan Bank and ICL Computers were the first to
report problems with the software.  Systems that ran the enclosed
programs had all data on the hard disks destroyed.  Hundreds of
systems were affected.  Other reports have come in from user groups,
small businesses and individuals with similar problems.  The
professionally prepared documentation that comes with the diskette
purports that the software provides a data base of AIDS information.
The flyer heading reads - "AIDS Information - An Introductory
Diskette".

If the software is installed using the included INSTALL program, the
first thing that the program does is print out an invoice for the
software.  Then, after the system is re-booted a random number of
times the system self destructs.

Whoever has perpetrated this monstrosity has gone to a great deal of
time, and more expense, and they have clearly perpetrated the largest
single targeting of destructive code yet reported.  The mailings are
professionally done, and the style of the mailing labels indicate the
lists were purchased from professional mailing organizations.  The
estimated costs for printing, diskette, label and mailing is over
$3.00 per package.  The volume of reports imply that many thousands
may have been mailed.  In addition, the British magazine "PC Business
World" has included a copy of the diskette with its most recent
publication - another expensive avenue of distribution.  The only
indication of who the perpetrator(s) may be is the address on the
invoice to which they ask that $378.00 be mailed:

          PC Cyborg Corporation
          P.O. Box 871744
          Panama 7, Panama

Needless to say, a check for a registered PC Cyborg Corporation in
Panama turned up negative.

        End of Security Digest Volume 1 Issue 42
        **********************

END OF DOCUMENT