Great Circle Associates Firewalls
(December 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: [Fwd: Caution : Internet Virus]
From: Michael Dillon <michael @ memra . com>
Organization: Memra Software Inc. - Internet consulting
Date: Tue, 3 Dec 1996 00:24:27 -0800 (PST)
To: firewalls @ GreatCircle . COM
Cc: Hisham Khalifa Al Saad <webmaster @ internic . uob . bh>
In-reply-to: <Pine . SOL . 3 . 91 . 961202203657 . 1170A-100000 @ parka . winternet . com> 
On Mon, 2 Dec 1996, Ron DuFresne wrote:

> CD-Rom manufacturer Chinon America, Inc. says computer vandals have
> ilegally put its name on a virus-ridden file and relased it on the
> INTERNET.

This is old news and is also an interesting study in social engineering.

> In a statement from Torrance, CA., Chinon says "The program, allegedly
> a shareware PC utility that will convert an ordinary CD-ROM drive into
> a CD-Recordable (CR-R) device, which is technically impossible, instead
> destroys the files on the PC hard drive.

> Chinon says that the CD-IT.ZIP file 'promises to enable read/write to
> your CD-ROM drive', and lists the program as being authored by Joseph S.
> Shriner, couriered by HDA, and copyrighted by Chinon Products.
> Saying that it has no division by that name, Chinon management
> speculates that the vandals picked its company name to make it seem
> that the software was being endorsed by a well know and reputable
> CD-ROM manufacturer.

Not so fast Chinon. This was a trojan horse targetted at specific
individuals. Who were some of the first people to buy CD-R devices when
they came on the market? Warez dealers, of course! And lots of little
warez collectors out there were drooling and waiting for the price
of CD-R devices to drop low enough that they could start making a few
bucks selling CD-ROM's. But there is an additional clue that this
was targetted at the warez people. The software claimed to be "couriered"
by HDA. Warez people use the word "courier" to refer to the process of
stealing a copy of commercial or not-for-distribution software and 
quickly distributing it around the world.

As I remember it, Chinon was a fairly popular brand of cheap CD-ROM at one
time so this trojan was trying to pretend it was a top-secret program
stolen from Chinon and it was targetted at a specific group who
desperately wanted a cheap way to record CD-ROM's.

Hunt around IRC and you will find that in this day and age of cheap CD-R
devices there are quite a lot of warez entrepreneurs selling you
everything you could imagine. If you ask the right folks I'm told that
full copies of NT's source code are available too although I can't be too
sure if I believe the source of that info. 

Michael Dillon                   -               Internet & ISP Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael @
 memra .
 com
References:
Indexed By Date Previous: Re: restricting OUTBOUND access
From: Pauline van Winsen - Uniq Professional Services <Pauline . van . Winsen @ uniq . com . au>
Next: Re: POP3 for TIS firewall
From: Erik BEAUVALOT <erik @ beauvalot . com>
Indexed By Thread Previous: Re: [Fwd: Caution : Internet Virus]
From: Ron DuFresne <dufresne @ parka . winternet . com>
Next: RE: [Fwd: Caution : Internet Virus]
From: Denis Valois <Denis . Valois @ pt . nce . sita . int>
Google
 
Search Internet Search www.greatcircle.com