Re: ECON: Intellectual Property Again

Alejandro Dubrovsky (s335984@student.uq.edu.au)
Mon, 1 Jun 1998 03:36:04 +1000 (GMT+1000)


On Sat, 30 May 1998, Michael Lorrey wrote:

> Alejandro Dubrovsky wrote:
>
> > On Fri, 29 May 1998, Michael Lorrey wrote:
> >
> > >
> > the drive might read the boot sector of the disk, but it does not execute
> > it. AFAIK, you cannot get a virus simply by sticking the disk in the
> > drive, and even if you read data from the floppy you still cannot get the
> > boot record virii (unless, of course, you execute a program on the floppy
> > which contains the virus).
>
> I have a floppy disk in hand with a benign Stealth C variant virus. In order to
> get your virus protection software to go all bongo over this virus on this
> floppy, all you have to do is stick it in the drive. Do nothing else. You also
> do not need to be in Windows for this to happen. It does the same thing in DOS.
> I have tested this myself, as I keep the floppy as a good way to safely test
> antivirus software installations with real virii that do no damage.

this does not mean that the virus would be activated just by sticking it
into the floppy drive. The virus protection software you are running is
running all the time i guess (background in windows, and as a TSR in dos),
and when you stick the disk in the drive and the boot sector is read, the
virus protection detects the virus in the disk.
The virus does not need to run for the virus protection software to detect
it (in fact, if it runs, it's too late). Try the experiment. grab an old
hard drive you don't need, stick the disk in the floppy, take it out, and
then check if the virus is in the hard drive. I bet you 99-1 that it is
not.

>
> BTW, if you want a copy of this virus, all you have to do is exchange files over
> the internet with anyone on a PC at Sturm Ruger, Inc. Their entire network is
> infested with it, or was the last I heard. Be sure to have your antivirus
> software on when you receive it.
>
> > The only way to get a boot sector virus,
> > outside executing an executable with a virus, is to boot from a floppy, in
> > which case the disk's boot sector gets loaded by the BIOS and executed.
> > This is the reason why boot sector virii are almost extincts since the
> > need to boot from floppy is extinct. Same as above holds for CDs.
> > Reading data cannot heart, executing it does.
> >
>
> I was under the impression that the Stealth C variant virus I have on a disk is
> a boot sector virus. If stealth viruses are not boot sector types, please let me
> know....

i think that the stealth virus you've got is a boot sector virus, but
AFAIK, not all stealth virii are, by definition, boot sector virii.

chau
Alejandro Dubrovsky