_____________________________________________________
              The Computer Incident Advisory Capability
                          ___  __ __    _     ___
                         /       |     / \   /
                         \___  __|__  /___\  \___
         _____________________________________________________
         Advisory Notice
 
      Virus Inadvertently Distributed in
        Novell Network Support Encyclopedia Update
 
December 18, 1991 1000 PST             Number C-11
_________________________________________________________________________
PROBLEM:  5 1/4 inch diskettes sent from Novell to customers from 
  December 9 - 16, 1991 contain the Stoned-3 virus.
PLATFORM:  PC/MS-DOS systems running Novell Netware software.
DAMAGE: Potential to overwrite boot sector of fixed and floppy disks; 
  potential to create infected floppyless boot image files and 
  thereby propagate the virus via the network.
SOLUTION: Scan all incoming software.
DETECTION/ERADICATION: Data Physician Plus, other antiviral packages.
__________________________________________________________________________
   Critical Facts about Inadvertent Virus Distribution

CIAC has learned that Novell, Inc. has inadvertently sent diskettes
infected with the Stoned-3 virus to Novell Netware customers.  These
diskettes are labelled "Network Support Encyclopedia - Standard Volume
Update."  The Novell part number for these disks is 883-001495-004.
Infected diskettes were distributed from December 9 - 16, 1991.

The Stoned-3 virus is a minor variation of the Stoned virus.  This
virus infects the boot sector of a hard disk or diskette and will
sometimes display the message (sic):

  "Your PC is now Stoned!.....LEGALISE MARIJUANA!"

This virus becomes memory resident and will infect any other disks
accessed by the PC while the virus is memory resident.  For additional
information, please see CIAC bulletins A-28 for more information on
the Stoned virus family, and B-16 for a summary of known viruses.

If you discover that the Stoned virus has infected your PC, it may be
removed using the VIRHUNT package licensed to DOE by Digital Dispatch
Incorporated. CIAC also recommends that you follow a policy of
scanning all new software before using or installing it on your PC.
This policy should be followed for all vendor-supplied shrink-wrapped
software as well as bulletin board or shareware software, since a few
other vendors have inadvertently distributed viruses with packaged
software in the past.  CIAC recommends that if you are from a DOE site
and are not already using an effective anti-viral scanner, you should
contact your site's computer security department to obtain a free copy
of Data Physician PLUS! (which contains VIRHUNT and several other
useful packages).  In addition, since new viruses are constantly being
discovered, we recommend that you ensure that your anti-viral scanner
has been updated to the most recent version.  The most recent version
of Data Physician PLUS! is V 3.0C.

For additional information or assistance, please contact CIAC:

Karen Pichnarczyk      Tom Longstaff
(510)422-1779** or (FTS) 532-1779  (510)423-4416** or (FTS) 543-4416
karyn@cheetah.llnl.gov      longstaf@llnl.gov

(FAX) (510) 423-8002** or (FTS) 543-8002

Send e-mail to ciac@llnl.gov or call CIAC at (510) 422-8193**/(FTS)532-8193.  

**Note area code has changed from 415, although the 415 area code will
work until Jan. 1992.

PLEASE NOTE:  Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents.  Some of the other teams include the NASA NSI response team,
DARPA's CERT/CC, NAVCIRT, and the Air Force response team.  Your
agency's team will coordinate with CIAC.

Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights.  Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California.  The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.