From karyn Mon Sep 9 10:26:09 1991 Return-Path: Received: by (4.1/SMI-4.1) id AA24465; Mon, 9 Sep 91 10:25:21 PDT Date: Mon, 9 Sep 91 10:25:21 PDT From: karyn (Karyn Pichnarczyk) Message-Id: <9109091725.AA24465@> To: external Cc: karyn, dave.martin@ebay.sun.com, meg.heller@corp.sun, com Subject: CIAC Bulletin B-40: Virus distributed in PCNFS software fix for MS-DOS computers Status: RO _____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Virus distributed in PCNFS software fix for MS-DOS computers September 9, 1991, 1030 PDT Number B-40 Critical Information about Virus in PCNFS software fix ------------------------------------------------------------------------------- PROBLEM: The Jerusalem-B Virus has inadvertently been distributed with some copies of one version of PCNFS software fix. PLATFORM: MS-DOS computers SOFTWARE: Sun PCNFS software fix PCNFS 3.5b, file NET.EXE DAMAGE: File deletion, file corruption, system slowdown DETECTION: File size of newly distributed PCNFS 3.5b file NET.EXE not equal to 100181 bytes; or use of VIRHUNT, VIRSCAN, FPROT, and others ERADICATION: VIRHUNT, VIRSCAN and others; replacement of NET.EXE ------------------------------------------------------------------------------- CIAC has been notified of the inadvertent distribution of a virus in a Sun Microsystems PCNFS software fix for MS-DOS computers. This distribution, which was sent to a limited user community, contained a file NET.EXE which may have been infected with the Jerusalem-B virus. This fix, entitled "PCNFS 3.5b," was distributed between July and August, 1991 to those requesting a patch for PCNFS 3.5. Sun has contacted all customers who had received the suspect file, and has distributed a new virus-free NET.EXE to all parties. If NET.EXE from PCNFS 3.5b does not have a file size of 100181, this file is probably infected with the Jerusalem-B virus. It is very important to execute a virus detection/eradication package if a suspect NET.EXE file is located. If your site has received the suspect file and follow-up letter, call CIAC, Sun's support number (1-800-USA-4SUN), or your local Sun office for assistance. NOTE: For more information on the Jerusalem virus, see CIAC bulletin "Virus Propagation in Novell and Other Networks" (A-33) or "Little Black Box (Jerusalem) virus alert" (un-numbered series, 1989). CIAC recommends anti-viral scanning of all software (including new software and upgrades to existing software) before installation is initiated. For additional information or assistance, please contact CIAC: Karyn Pichnarczyk (510) 422-1779 or (FTS) 532-1779 * note new area code replacing 415 Send e-mail to karyn@cheetah.llnl.gov Call CIAC at (510) 422-8193 or (FTS) 532-8193 Send e-mail to ciac@llnl.gov Thanks to Sun Microsystems for assistance in providing information described in this bulletin. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government nor the University of California, and shall not be used for advertising or product endorsement purposes.