From: Thomas E Zerucha <zerucha@shell.portal.com>
To: Bill Frantz <frantz@netcom.com>
Message Hash: b4138df4bd5138e16f9fd17ef8fa0e4088662edd6991e1fd0f07a20dffcd228a
Message ID: <Pine.SUN.3.90.951127123642.15406A-100000@jobe.shell.portal.com>
Reply To: <199511270737.XAA20199@netcom16.netcom.com>
UTC Datetime: 1995-11-27 21:04:59 UTC
Raw Date: Tue, 28 Nov 1995 05:04:59 +0800
From: Thomas E Zerucha <zerucha@shell.portal.com>
Date: Tue, 28 Nov 1995 05:04:59 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Virus attacks on PGP
In-Reply-To: <199511270737.XAA20199@netcom16.netcom.com>
Message-ID: <Pine.SUN.3.90.951127123642.15406A-100000@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
On Sun, 26 Nov 1995, Bill Frantz wrote:
> At 11:40 11/26/95 -0800, Thomas E Zerucha wrote:
> >That woudl be interesting - even with the speaker "off" the power surge
> >causes clicking and other signs. Not to mention that the interrupt count
> >would start moving (of course the virus could replace the entire OS and
> >would only have to find 300K chunks to hide in).
>
> I looked at the memory usage on my 1meg Mac and 5meg is used for the
> system. I have no idea what it is all being used for. A lot can hide
> there.
>
But it would also have to hide in something you load at boot time. For
it to propogate there, it would have to make copies of itself. when crond
and inetd and named all grow over 400K I get curious. Dos has small
usage, and Linux provides a link map (or I can checksum entry points or
such). Another fun thing to do is pkexe or gzexe. The latter turns an
exe into a shell script. Patching compressed files is very difficult.
zerucha@shell.portal.com -or- 2015509 on MCI Mail
finger zerucha@jobe.portal.com for PGP key
Return to November 1995
Return to “Thomas E Zerucha <zerucha@shell.portal.com>”