Malicious Virus On The Loose
Technical Support Coordinator, BAKA Computers
Gene Spafford of Purdue University yesterday released a joint announcement for the various antiviral utility publishers, describing a newly-discovered virus (dubbed INIT-M) and a suite of new versions of the popular antiviral utilities.
INIT-M is a MALICIOUS virus and can result in irreparable damage to your files, folders, and file systems. It is different from the INIT 17 virus announced on 12-Apr-93.
INIT-M rapidly spreads to applications, system extensions, documents and preference files under System 7; it does not spread or activate on System 6 systems. The virus spreads as the application files run, and is likely to spread extensively on an infected machine. The infection is accomplished by altering existing program code. Besides this incidental damage (that may, because of bugs in the virus code, cause more severe damage), the virus also does extensive damage to systems running on any Friday the 13th – NOT just booted on that day. Files and folders will be renamed to random strings, creation and modification dates will be changed, and file creator and type information will be scrambled. In rare circumstances, a file or files may be deleted. This behavior is similar to the previously announced (Mar-92) INIT-1984 virus. Recovery from this damage will be difficult or impossible.
Note that the next three Friday the 13ths are in August 1993, May 1994, and January 1995.
The virus, when present on an infected system, may interfere with the proper display of some application window operations. It will also create a file named "FSV Prefs" in the Preferences folder.
John Norstad has released version 3.2 of his free Disinfectant utility to detect and remove this virus. It is available via anonymous FTP from ftp.acns.nwu.edu (stored as a BinHexed self-extracting archive) or rascal.ics.utexas.edu (stored as a binary self-extracting archive), and from other usual sources.
Recent versions of Chris Johnson’s free Gatekeeper utility (the current version is 1.2.7) and Symantec’s SAM Intercept (in advanced and custom mode) are already effective and should generate an alert if the virus tries to infect a file. Gatekeeper 1.2.7 is available from rascal.ics.utexas.edu and other FTP archives, as well as other usual sources.
The other major antiviral utilities have new versions ready. Contact your utility’s vendor for update information.