|
CIAC Advisory number A- 10
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
_____________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY
CIAC
INFORMATION BULLETIN
_____________________________________________________________
Information about the PC CYBORG (AIDS) trojan horse
December 19, 1989, 1600 PST Number A-10
There recently has been considerable attention in the news
media about a new trojan horse which advertises that it
provides information on the AIDS virus to users of IBM PC
computers and PC clones. Once it enters a system, the trojan
horse replaces AUTOEXEC.BAT, and may count the number of
times the infected system has booted until a criterion number
(90) is reached. At this point PC CYBORG hides directories,
and scrambles (encrypts) the names of all files on drive C:
There exists more than one version of this trojan horse, and
at least one version does not wait to damage drive C:, but
will hide directories and scramble file names upon the first
boot after the trojan horse is installed.
At first PC CYBORG was distributed only in Europe, although
several PC CYBORG infections have recently been reported in
the U.S. No DOE site has been affected yet, and the
probability of a widespread infection of this trojan horse
throughout DOE is extremely small. This trojan horse is
introduced into systems through a disk called the AIDS
Information Introductory Diskette, which has been mailed to a
mailing list which the author(s) of this trojan horse
obtained. PC CYBORG is a trojan horse, not a virus, and
thus is limited in ability to spread. This information
bulletin is being distributed in response to questions raised
because of the considerable media attention the trojan horse
has received, more than because of a genuine threat to
systems.
If you receive a disk in the mail which purports to provide
information on AIDS, do not load the disk into your computer.
Please save the disk, and contact CIAC immediately. If you
have already run this disk, please also call CIAC as soon as
possible. It is important to leave your PC on if it is
currently on, or leave it off if it is currently off.
Failure to do so may result in loss of your data, or make
recovery more difficult. CIAC has developed recovery
procedures, which are too lengthy to publish in this
bulletin.
For further information, including information about recovery
procedures, please contact CIAC:
Tom Longstaff
(415) 423-4416 or (FTS) 543-4416
FAX: (415) 294-5054
or send e-mail to: [email protected]
|
|
