Path: utzoo!utgpu!watmath!clyde!att!rutgers!deimos!uxc!uxc.cso.uiuc.edu!uxg.cso.uiuc.edu!uxh.cso.uiuc.edu!fons
From: fons@uxh.cso.uiuc.edu
Newsgroups: comp.sys.mac
Subject: Re: Transfers and Viruses
Message-ID: <20200014@uxh.cso.uiuc.edu>
Date: 3 Dec 88 05:55:00 GMT
References: <1006@ccnysci.UUCP>
Lines: 20
Nf-ID: #R:ccnysci.UUCP:1006:uxh.cso.uiuc.edu:20200014:000:1369
Nf-From: uxh.cso.uiuc.edu!fons    Dec  2 23:55:00 1988


To add more fuel to the fire, a friend of mine at the University of Illinois
recently purchased a cms pro 60 from Hardware House and with it came CMS 
Utility to 80MB.  I came over to his apartment the night he unpacked the 
machine and indeed just about everything on his machine was infected by nVir.
(He had a bunch of public domain programs that I though initially was the
problem-but his CMS source disk was infected-and it was LOCKED).  It must have
come from the company in that manner.  Note that the CMS utility disk has
a copy of the system and the Finder on it hence it CAN infect ones hard disk
(resource locking on the code segment of the utility program itself is 
irrelevent).  In any case CMS sent a new version of the program (he had 3.4)
and CMS sent a new copy v4.0.  Needless to say, I promptly checked the 
program for him and it was NOT infected-perhaps they have learned their lesson.
                                                        Paul Fons
                                        University of Illinois
                                        Coordinated Science Laboratory
                                        1101 W. Springfield Av.
                                        Urbana, Illinois 61801 U.S.A.
                              email:   Fons@uiucvmd.bitnet or...
                                        Fons@uxh.cso.uiuc.edu