Guide to the CIAC-2300 Series Documents William J. Orvis CIAC-2300 U. S. Department of Energy Computer Incident Advisory Capability UCRL-MA-115652 Lawrence Livermore National Laboratory Livermore, California December 13, 1993 DISCLAIMER ========== This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. Work performed under the auspices of the U. S. Department of Energy by Lawrence Livermore National Laboratory under Contract W-7405-Eng-48. ================================ Table Of Contents ----------------- Introduction Additional Information and Assistance From CIAC From Felicia and Irbis For emergencies Abstracts CIAC-2300 Abstracts of the CIAC-2300 Series Documents CIAC-2301 The Virus Information Update CIAC-2302 The FELICIA Bulletin Board System and the IRBIS Anonymous FTP Server; Computer Security Information Sources for the DOE Community CIAC-2303 The Console Password Feature for DEC Workstations ============================== Abstracts of the CIAC-2300 Series Documents Introduction ------------ The Computer Incident Advisory Capability (CIAC) creates public information documents for the Department of Energy (DOE) related to computer security. These documents, known as the CIAC-2300 Series documents, are primarily concerned with information on security threats and methods for protecting systems from those threats. This document is a compilation of the abstracts of these documents. To obtain copies of the documents, see your system security manager or contact CIAC at the numbers indicated on the following page. Additional Information and Assistance ------------------------------------- From CIAC DOE sites and contractors may obtain additional information or assistance from CIAC by: ¥ Phone: (510) 422-8193 ¥ FAX: (510) 423-8002 ¥ Internet: ciac@llnl.gov Other government agencies should contact their respective response teams. From Felicia and Irbis Anti-virus documents and software are available via dial-up from the CIAC BBS (Felicia) and via the Internet from irbis.llnl.gov. ¥ Access Felicia at 1200 or 2400 baud at (510) 423-4753 or at 9600 baud at (510) 423-3331 (8 bit, no parity, 1 stop bit). High speed ISDN access can be obtained at the Lawrence Livermore National Laboratory (LLNL) and the Lawrence Berkeley National Laboratory (LBL) using 423-9885. ¥ Access to Irbis is via the Internet (IP address 128.115.19.60) using anonymous FTP. Log in with FTP, use ÒanonymousÓ as the user name and your E- mail address as the password. For emergencies For emergencies only, call 1-800-SKYPAGE and enter PIN number 855-0070 or 855- 0074. Abstracts; of the CIAC-2300 Series Documents -------------------------------------------- CIAC-2300 Abstracts of the CIAC-2300 Series Documents This document you are reading contains abstracts for existing CIAC-2300 series documents. CIAC-2301 The Virus Information Update While CIAC periodically issues bulletins about specific computer viruses, these bulletins do not cover all the computer viruses that affect desktop computers. The purpose of this document is to compile information on most of the known viruses for MS-DOS and Macintosh platforms and give an overview of the effects of each virus. We also include information on some Windows, Atari, and Amiga viruses. This document is updated periodically as new virus information becomes available. There are eleven tables in this document. The first five tables contain computer virus information for the Macintosh, PC-DOS/MS-DOS, Windows, Amiga, and Atari computers. The sixth table is a list of the known viruses for which we do not have any information in the main tables at this time. Because there are so many PC-DOS/MS-DOS virus names and aliases, the seventh table is a cross-reference of PC-DOS/MS-DOS virus names and aliases. The last four tables contain expanded definitions for descriptions used in the virus tables. CIAC-2302 The FELICIA Bulletin Board System and the IRBIS Anonymous FTP Server Computer Security Information Sources for the DOE Community The Computer Incident Advisory Capability (CIAC) operates two information servers for the DOE community: FELICIA (formerly FELIX) and IRBIS. FELICIA is a computer Bulletin Board System (BBS) that can be accessed by telephone with a modem. IRBIS is an anonymous ftp server that can be accessed on the Internet. Both of these servers contain all of the publicly available CIAC, CERT, NIST, and DDN bulletins, virus descriptions, the virus-L moderated virus bulletin board, copies of public domain and shareware virus- detection/protection software, and copies of useful public domain and shareware utility programs. This guide describes how to connect to these systems and obtain posted files. CIAC-2303 The Console Password Feature for DEC Workstations Newer VAXstations and all DECstations offer a ÒhardwareÓ password feature that, when enabled, restricts unauthorized access to your system console terminal when turned on or restarted. VAXstation 3100s shipped after July, 1989 offer this feature. A description of this feature should be part of the Hardware User Guide for your workstation; however, some of the early systems did not document this security enhancement. This document is based on the authorÕs investigation as well as information provided by Digital Equipment Corporation.