From: Thomas E Zerucha <zerucha@shell.portal.com>
Date: Tue, 28 Nov 1995 05:04:59 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Virus attacks on PGP
In-Reply-To: <199511270737.XAA20199@netcom16.netcom.com>
Message-ID: <Pine.SUN.3.90.951127123642.15406A-100000@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 26 Nov 1995, Bill Frantz wrote:

> At 11:40 11/26/95 -0800, Thomas E Zerucha wrote:
> >That woudl be interesting - even with the speaker "off" the power surge 
> >causes clicking and other signs.  Not to mention that the interrupt count 
> >would start moving (of course the virus could replace the entire OS and 
> >would only have to find 300K chunks to hide in).
> 
> I looked at the memory usage on my 1meg Mac and 5meg is used for the
> system.  I have no idea what it is all being used for.  A lot can hide
> there.
> 

But it would also have to hide in something you load at boot time.  For 
it to propogate there, it would have to make copies of itself. when crond 
and inetd and named all grow over 400K I get curious.  Dos has small 
usage, and Linux provides a link map (or I can checksum entry points or 
such).  Another fun thing to do is pkexe or gzexe.  The latter turns an 
exe into a shell script.  Patching compressed files is very difficult.

zerucha@shell.portal.com -or- 2015509 on MCI Mail
  finger zerucha@jobe.portal.com for PGP key