Virus alert for Novell Netware

Virus alert for Novell Netware

ISSN: 0142-0496 SEPTEMBER 1990 Editor: TlNAMONK USEditor: DR. HAROLD JOSEPH HIGHLAND Compulit Inc New York Editorial Advisors: Professor Henry J...

334KB Sizes 4 Downloads 81 Views

ISSN: 0142-0496

SEPTEMBER 1990

Editor: TlNAMONK

USEditor: DR. HAROLD JOSEPH HIGHLAND

Compulit Inc New York

Editorial Advisors: Professor Henry J. Beker, UK; William A.J. E Fitzgerald, California, USA; Dr Allan Fox, UK; Hans Gliss, West Germany; rrea M. ureguras, l.ialflorma, U;:'1\; AlistaIr I\elman, UK; Dr Peter Lammer, UK; Dr Les Lawrence, New South Wales, Australia; David T. Undsay, UK; Belden Menkus, Tennessee, USA; Donn B. Parker, California, USA; Michael I. Sobol, Massachusetts, USA; Peter Sommer, UK; Mark Tantam, UK. Correspondents: Frank Rees, Melbourne, Australia, John Sterlicchl, California, USA.

NEWS Virus alert for Novell Netware A variant of the Jerusalem B/Friday 13th virus has shown up in Novell Netware programs which should not have been open to public access. The Computer Emergency Hesponse Team at Carnegie Mellon has now issued a virus alert to all Netware users to check for the presence of this virus, and the extent of the problem is not yet known. CERT were originally contacted by Jon David, a computer security consultant in the New York area, after an authorized Novell distributor sent him infected diskettes for analysis. David examined 14 files; one DOS utility, three Norton utilities and the other 10 were Netware programs which should not have been accessible. One file had been re-infected no less than 56 times. The virus installs itself as a TSR that hooks INT 21 if loaded before the LAN TSRs and both 21 and 08 if loaded afterwards.

©1990 ElsevIer Science Pub&hers Ltd., England.I9o/$O.oo + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A.-please see special regulations listed on back cover.)

Computer Fraud & Security BiJlletin

The virus variant alters date/time stamps either locally or on the server, increases infected file lengths by just over 1800 bytes and deletes, on being triggered, any .EXE or .COM file executed. These alterations all take place regardless of whether the rights to do the alterations have been granted.The virus triggers on Friday 13th dates. David notes that files deleted after the trigger date will show the error message "Bad Command or file name message... Note the upper case 'C' in Command. ft.

David recommends using CHKDSK at nodes after booting and before and after program execution to indicate loss of available RAM or disk space on dates other than Friday 13th. The Friday 13th trigger can be avoided by advancing the server system date at the end of Thursday 12th to Saturday 14th, but Richard King, Novell vice-president, assures users that files deleted by the virus can be recovered using the SALVAGE command. Richard King, and Novell, are insisting that software shipped from Novell is still clean, and that exposure to the virus can only come from importing infected DOS programs from an external source.

Data protection for the US still remote Congressman Bob Wise (D-WV) and some of his congressional colleagues are concerned that the US is lagging far behind its industrialized trading partners in implementing data protection standards and guidelines. The US currently has a patchwork quilt of various federal. state and even county legislation. Without a Federal ombudsman. such as a Data Protection Board, individuals who feel that their privacy has been victimized can only tum to the courts. These are the same courts that are backlogged for months in dealing with drug cases, savings and loan scandals, and other major crimes. Although many feel that data privacy is just as important an issue, the courts do not have the same view.

2

September 1990

There is another, more compelling reason why the US must improve its national data protection regime. Many countries around the world have already legislated data protection in law or even in their constitutions. Certain international data protection guidelines such as those issued by the Council of Europe and those which will be submitted to the United Nations General Assembly in September 1990, specify that personal data can be withheld from those jurisdictions that have either no or weaker data protection legislation in place than that which exists in the originating country. Therefore the US may find itself in the unwelcome position of having data sanctions applied against it. In 1989, CongressmanWise introduced data protection legislation in the House of Representatives. This legislation, known as the 'Data Protection Act of 1989' (House Resolution 3669), would 'create' an independent, non-regulatory federal agency known as the Data Protection Board. Since 1974 other congressional members have tried to create a Federal Data ProtectionlPrivacy Board. These have included former US Representatives Gilbert Gude of Maryland, Bella Abzug of New York, Edward Koch of New York, current Representatives Don Edwards (a former FBI agent), Glenn English and Cardiss Collins. The late Senator Sam Ervin (Chairmanof the Senate Watergate Committee), former Senator Charles Percy and current Senator William Cohen also tried to push similar legislation in the US Senate. All of these efforts came to no avail. They were stymied by opposition from Presidents Ford, Reagan and now Bush. Arrayed against such legislation is a formidable group that includes the military, intelligence community, law enforcement and big business. Bob Gellman, counsel to the subcommittee on Government Information and Justice, stated that unfortunately, the issue of data protection and privacy is not receiving the groundswell of support that is needed to see legislation passed. Wayne Madsen

©1990 Elsevier Science Publishers Ltd