New HyperCard Virus
And TidBITS doesn’t have it! I just checked all of the HyperCard stacks on my hard drive with the free "Find HyperVirus 1.3" stack from macclub benelux, the official Macintosh Users’ Group of Holland (where the virus was first reported), Belgium, and Luxembourg, and it doesn’t exist in any TidBITS stacks. Phew.
So what is this virus? It appears (note that I haven’t seen a copy yet) that it is one of the first of the HyperCard script viruses, if not the first (I haven’t seen the Dukakis virus either). I gather that the virus takes advantage of HyperCard’s message passing to install itself in stacks whenever possible. No ill effects have been reported, although one of its scripts plays the song "Muss i denn zum Staedtele hinaus…" which might or might not be an ill effect, depending on your musical tastes. (Do you get the impression that I’m doing this all completely second and third hand and don’t quite know what I’m talking about? Good, because that’s what’s happening.)
I haven’t heard of any of the major virus checking programs other than SAM (and Virex, eventually) changing to find and delete this new virus, probably because it would be extremely difficult to detect and remove any HyperTalk script that could be construed as a virus. I recommend either using the definition below if you own SAM 3.0 (2.0 can’t find it because it doesn’t have a data definitions entry dialog) or finding the free Find HyperVirus 1.3 stack from macclub benelux at your local purveyor of free and useful software.
Paul Cozza, SAM’s author, posted this virus definition for SAM 3.0.
Open the Data Definitions dialog in SAM 3.0 Virus Clinic by choosing "Add Definition (Data)" from the Definitions menu. Then enter the following information:
Virus Name: HC Virus
File Type: STAK
Search String pop-up menu: ASCII
Search String text field: if char 1 to 2 of LookAtDate <11
The string in the Search String text field above is an ASCII string. Blank areas between words are spaces. The string IS case sensitive.
As a guard against incorrect entry, SAM 3.0 has a "Check field" in the Definitions dialog boxes. If all of the above information is entered correctly, then your check field should be A0BD.
Symantec — 408/253-9600
Microcom — 919/490-1277
Paul Cozza, SAM Author
macclub benelux — [email protected]
Patrick Hoepfner — [email protected]
MacWEEK — 16-Apr-91, Vol. 5, #15, pg. 17