Computer virus trends: Trigger dates awaken dormant computer viruses, and a
new virus enters the "wild"

Anti-virus researchers at S&S tally, analyze computer virus attacks during
March, April

BURLINGTON, MASS., May 30, 1995 -- Another virus is loose "in the wild,"
threatening computer users.

And trigger dates timed for March and April activated several viruses that
had been dormant for months, according to the industry-leading anti-virus
researchers at S&S Software International Inc., maker of "DR. SOLOMON'S
ANTI-VIRUS TOOLKIT."

The noteworthy specters reanimating during March and April included Maltese
Amoeba and Michelangelo, among others.

Tracking attacks by known computer viruses during a two-month reporting
period, S&S reports that users of standalone systems running under
MS/PC-DOS or Windows were most likely to encounter "Form."

The virus most often attacking multiple machines, including networked
offices, was "Parity.B."

Users of the TOOLKIT contacted the research team at S&S almost
200 times for help identifying and repairing the damage caused by 36 known
computer viruses.

The 36 viruses comprise a fraction of the total number of known viruses,
which topped 6,000 in January 1995 -- a nearly 58 percent increase in one
year from the 3,800 viruses identified by S&S in January 1994.

"This proves the efficacy of the TOOLKIT and emphasizes the need for
regular updates," said Pat Bitton, vice president of S&S.

"A subscription to the TOOLKIT includes regular updates that S&S sends
automatically. Users do not have to remember to download an update. Nor do
they have to request an update. This clearly provides users with the tools
to defend against and minimize the potential for attack," said Bitton.

The company's industry-leading virus research team provides 24-to-48-hour
virus identification and, when possible, repair.

Comprised of anti-virus researchers and technical support engineers
fielding calls from users, the research team also encounters 150 to 200
new computer viruses each month.

Form & Parity.B

The two most prevalent viruses during March and April, Form and Parity.B,
are both boot sector viruses. So, too, is Frank, the virus now loose "in
the wild," threatening users for the first time.

Boot sector viruses subvert the operating system software when a computer
is first switched on or reset. This occurs when a system tries to boot up
from an infected floppy, sometimes inadvertently left in drive A; the
infected floppy typically includes files downloaded from a bulletin-board
system, files shared with a colleague, or files infected when they are
used on another, infected system.

Form sounds a beep with each keystroke, but only on the 18th of the month.
Contained within the virus is an obscene message about someone named
Corinne. The most recent variant of Form replaces the message with a
single word, "STIR."

Parity.B simulates a hardware failure, displaying a "parity error" message
on screen. A stealth virus, it hides from the PC user and anti-virus
programs, usually by trapping interrupt services. It also survives a
"warm" reboot using the CTRL, ALT and DEL keys.

Frank & Michelangelo

Frank is not a new virus. However, until now, researchers have seen this
virus only in the lab; virus authors often send a virus directly to
anti-virus researchers, without releasing it "in the wild," where it may
affect any computer user. This forces the researchers to acknowledge the
existence of the virus, and build defenses against it.

Michelangelo is also a boot sector virus. It triggers each year on March 6,
the birthday of the Renaissance master sculptor, painter and artist.

This year, Michelangelo did not even come close to the apocalyptic
predictions floated by other vendors of anti-virus software. Taking calls
from users worldwide, S&S confirmed just three attacks this year. By
comparison, S&S counted 26 infections in 1992.

2-month statistics

In other tabulations for the two-month reporting period, 22 of the 36
viruses tabulated from user calls were boot sector viruses. This equates
to 61.1 percent. Six file viruses accounted for 16.6 percent of the 36
different viruses. There were eight polymorphic viruses, or 22.2 percent.

Of the 200 calls about known viruses made by users to S&S during March and
April, 80 percent of the incidents involved one computer. Networked
systems represented 20 percent of the incidents.

File viruses infect executable files with the extensions .COM and .EXE. For
a file virus to spread, the user must run an infected program. Normally,
the virus then becomes memory resident, infecting other executable files
as they are launched.

Polymorphic viruses are encrypted, capable of changing their own
appearance. They take on a different profile with each new computer file
they infect. This makes them extremely hard to detect, combat and
prevent.

Maltese Amoeba

A polymorphic example is Maltese Amoeba, which reawakened during this
reporting period. This is a virus that triggers on November 1 and March
15. The virus overwrites file sectors on both a hard disk and floppy disk,
and displays a message based on William Blake's poem:

     To see a world in a grain of sand,
     And a heaven in a flower
     Hold infinity in the palm of your hand
     And Eternity in an hour.
     THE VIRUS 16/3/91

Dr. Solomon's

Winner of multiple awards, the TOOLKIT is the leading European anti-virus
software, with over 2.5 million users worldwide. A new U.S. Toolkit ships
in June. Editions will be available for MS/PC-DOS, Windows, NetWare and
OS/2.

Founded in 1984 and headquartered in the United Kingdom, S&S opened offices
near Boston and Los Angeles to sell and support the TOOLKIT in the United
States. 

S&S Software International Inc
17 New England Executive Park
Burlington, MA 01803
617-273-7400,  fax 617-273-7474
Tech Support: 800-595-9175
Internet: Support@sands.com

 ============================================================
 From the  'New Product News'  Electronic News Service on....
 AOL (Keyword = New Products) & Delphi (GO COMPUTING PRODUCT)
 ============================================================
 This information was processed from data provided by the 
 company or author mentioned. For additional details, please 
 contact them directly at the address/phone number indicated.
 All trademarks are the property of their respective owners.
 ============================================================
 All submissions for this service should be addressed to:
 BAKER ENTERPRISES,  20 Ferro Dr,  Sewell, NJ  08080  U.S.A.
 Email: RBakerPC (AOL/Delphi), rbakerpc@delphi.com (Internet)
 ============================================================
