New Macintosh Virus Discovered
           12 Apr 1993


Virus: INIT-17
Damage: Alters System and applications files; may crash some
  Macs.  See text below.
Spread: unknown
Systems affected: All Apple Macintosh computers, under both System 6 &
      System 7

The INIT-17 virus was recently discovered and analyzed.  It spreads to
the System file and many applications as they are run, and is likely
to spread quite quickly on an infected machine.  The infection is
accomplished by altering existing program code, but the virus code
that does this contains several bugs of various types.  These bugs,
coupled with the behavior of altering applications and the System
file, may result in damage to those files.  On some older Macs (e.g.,
Mac Plus, SE, Classic), the presence of the virus will cause those
systems to crash during execution of infected applications.

The only overt action by the virus is to display an alert message in a
window entitled "From the depths of Cyberspace" the first time an
infected machine is rebooted after 6:06:06 pm, 31 Oct 1993.

The authors of all other major Macintosh anti-virus tools are planning
updates to their tools to locate and/or eliminate this virus. Some of
these are listed below. We recommend that you obtain and run a CURRENT
version of AT LEAST ONE of these programs.


Some specific information on updated Mac anti-virus products follows:

    Tool: Central Point Anti-Virus
    Status: Commercial software
    Revision to be released: 2.01d
    Where to find: Compuserve, America Online, sumex-aim.stanford.edu,
                   Central Point BBS, (503) 690-6650
    When available: immediately
    Comments: The MacSig file will be dated 4/10/93


    Tool: Disinfectant
    Status: Free software (courtesy of Northwestern University and
    John Norstad)
    Revision to be released: 3.1
    Where to find: usual archive sites and bulletin boards --
             ftp.acns.nwu.edu, sumex-aim.stanford.edu,
                   rascal.ics.utexas.edu, AppleLink, America Online,

                   CompuServe, Genie, Calvacom, MacNet, Delphi,
                   comp.binaries.mac
    When available: immediately


    Tool: Gatekeeper
    Status: Free software (courtesy of Chris Johnson)
    Revision to be released: No new revision needed; 1.2.7 works
    Where to find: usual archive sites and bulletin boards --
             microlib.cc.utexas.edu, sumex-aim.stanford.edu,
                   rascal.ics.utexas.edu, comp.binaries.mac
    When available: immediately


    Tool: Rival
    Status: Commercial software
    Revision to be released: INIT17 Vaccine
    Where to find it: AppleLink, America Online, Internet, Compuserve.
    When available: Immediately.


    Tool: SAM (Virus Clinic and Intercept)
    Status: Commercial software
    Revision to be released: 3.5.5
    Where to find: CompuServe, America Online, Applelink, Symantec's
                   Customer Service @ 800-441-7234
    When available: immediately
    Comments: Updates to various versions of SAM to detect and remove
          INIT-17 are available from the above sources.


    Tool: Virex
    Status: Commercial software
    Revision to be released: 3.92
    Where to find: Datawatch Corporation, (919) 490-1277 
    When available: immediately
    Comments: Virex 3.92 will detect the virus in any file, and
    repair any file that has not been permanently damaged.  All Virex
    subscribers will automatically be sent an update on diskette.  All
    other registered users will receive a notice by mail.  Datawatch's
    BBS number is: (919) 419-1602.
    UDV Code for INIT 17
    ----Guide Number = 11583776
    1: 0310 0011 2006 9230 / 7A
    2: FE84 7520 0056 4952 / 4C
    3: 7900 3400 11A9 A081 / D5
    4: 0210 0001 30FE 8475 / F6
    5: 2000 5649 5279 0034 / 89
    6: 0011 A9A0 8182 8090 / 91


    Tool: VirusDetective
    Status: Shareware
    Revision to be released: 5.0.8
    When available: immediately
    Comments: VirusDetective is shareware.  Search strings for the new
           virus will be sent only to registered users.


If you discover what you believe to be a virus on your Macintosh
system, please report it to the vendor/author of your anti-virus
software package for analysis.  Such reports make early, informed
warnings like this one possible for the rest of the Mac community.  If
you are otherwise unsure of who to contact, you may send e-mail to
spaf@cs.purdue.edu as an initial point of contact.

Also, be aware that writing and releasing computer viruses is more
than a rude and damaging act of vandalism -- it is also a violation of
many state and Federal laws in the US, and illegal in several other
countries.  If you have information concerning the author of this or
any other computer virus, please contact any of the anti-virus
providers listed above.  Several Mac virus authors have been
apprehended thanks to the efforts of the Mac user community, and some
have received criminal convictions for their actions.  This is yet one
more way to help protect your computers.