_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Advisory Notice Virus Inadvertently Distributed in Novell Network Support Encyclopedia Update December 18, 1991 1000 PST Number C-11 _________________________________________________________________________ PROBLEM: 5 1/4 inch diskettes sent from Novell to customers from December 9 - 16, 1991 contain the Stoned-3 virus. PLATFORM: PC/MS-DOS systems running Novell Netware software. DAMAGE: Potential to overwrite boot sector of fixed and floppy disks; potential to create infected floppyless boot image files and thereby propagate the virus via the network. SOLUTION: Scan all incoming software. DETECTION/ERADICATION: Data Physician Plus, other antiviral packages. __________________________________________________________________________ Critical Facts about Inadvertent Virus Distribution CIAC has learned that Novell, Inc. has inadvertently sent diskettes infected with the Stoned-3 virus to Novell Netware customers. These diskettes are labelled "Network Support Encyclopedia - Standard Volume Update." The Novell part number for these disks is 883-001495-004. Infected diskettes were distributed from December 9 - 16, 1991. The Stoned-3 virus is a minor variation of the Stoned virus. This virus infects the boot sector of a hard disk or diskette and will sometimes display the message (sic): "Your PC is now Stoned!.....LEGALISE MARIJUANA!" This virus becomes memory resident and will infect any other disks accessed by the PC while the virus is memory resident. For additional information, please see CIAC bulletins A-28 for more information on the Stoned virus family, and B-16 for a summary of known viruses. If you discover that the Stoned virus has infected your PC, it may be removed using the VIRHUNT package licensed to DOE by Digital Dispatch Incorporated. CIAC also recommends that you follow a policy of scanning all new software before using or installing it on your PC. This policy should be followed for all vendor-supplied shrink-wrapped software as well as bulletin board or shareware software, since a few other vendors have inadvertently distributed viruses with packaged software in the past. CIAC recommends that if you are from a DOE site and are not already using an effective anti-viral scanner, you should contact your site's computer security department to obtain a free copy of Data Physician PLUS! (which contains VIRHUNT and several other useful packages). In addition, since new viruses are constantly being discovered, we recommend that you ensure that your anti-viral scanner has been updated to the most recent version. The most recent version of Data Physician PLUS! is V 3.0C. For additional information or assistance, please contact CIAC: Karen Pichnarczyk Tom Longstaff (510)422-1779** or (FTS) 532-1779 (510)423-4416** or (FTS) 543-4416 karyn@cheetah.llnl.gov longstaf@llnl.gov (FAX) (510) 423-8002** or (FTS) 543-8002 Send e-mail to ciac@llnl.gov or call CIAC at (510) 422-8193**/(FTS)532-8193. **Note area code has changed from 415, although the 415 area code will work until Jan. 1992. PLEASE NOTE: Many users outside of the DOE and ESnet computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Some of the other teams include the NASA NSI response team, DARPA's CERT/CC, NAVCIRT, and the Air Force response team. Your agency's team will coordinate with CIAC. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government nor the University of California, and shall not be used for advertising or product endorsement purposes.