**************************************************************************
Security Bulletin 9220                  DISA Defense Communications System
July 28, 1992               Published by: DDN Security Coordination Center
                                      (SCC@NIC.DDN.MIL)   1-(800) 365-3642

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

  The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
  Coordination Center) under DISA contract as a means of communicating
  information on network and host security exposures, fixes, and concerns
  to security and management personnel at DDN facilities.  Back issues may
  be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5]
  using login="anonymous" and password="guest".  The bulletin pathname is
  scc/ddn-security-yynn (where "yy" is the year the bulletin is issued
  and "nn" is a bulletin number, e.g. scc/ddn-security-9220).

**************************************************************************

                   CORRUPTED VERSIONS OF PKZIP UTILITIES
                               July 27, 1992

	
I.   DESCRIPTION

     ASSIST has learned that two corrupt versions of the popular archiving
     utility PKZIP for PC-DOS and MS-DOS machines are being circulated on
     several bulletin board systems around the country.  The two corrupted
     versions are 2.01 (PKZ201.ZIP AND PKZ201.EXE) AND 2.2 (PKZIPV2.ZIP AND
     PKZIPV2.EXE).  If you have downloaded any of these files, do not
     attempt to use these utilities.

     At the current time, the released version of PKZIP is version 1.10.
     A new version of PKZIP is expected to be released within the next
     few months.  Its version number may be 2.00, or it may be a version
     number greater than 2.2 to distinguish it from the corrupted versions.
     PKWARE INC. has indicated it will never issue a version 2.01 or 2.2
     of PKZIP.

II.  IMPACT

     THE DESTRUCTION OF ALL THE DATA ON YOUR HARD DISK IS A POSSIBILITY IF
     THE PROGRAMS ARE EXECUTED.
 
III. SOLUTION

     According to PKWARE INC., version 2.01 is a hacked version of PKZIP 1.93
     alpha.  While this version does not intentionally do any damage, it is
     alpha level software and may have serious bugs in it.  Version 2.2 is
     a simple batch file that attempts to erase the C:(BACKSLASH) and
     C:(BACKSLASH)DOS directories.  If the hard disk has been erased by this
     program, recovery may be possible by utilizing hard disk undelete
     utilities such as those in NORTON UTILITIES or PCTOOLS.
 
     Don't do anything that might create or expand a file on your hard disk
     until the files have been undeleted to avoid overwriting the deleted
     files, which will destroy them.

     To examine a file to determine if it is version 2.2, type it to the
     screen with the DOS `TYPE' command.  If the file that prints on the
     screen is a short batch file with commands such as 

     DEL C:(BACKSLASH)(ASTERISK).(ASTERISK), or 

     DEL C:(BACKSLASH)(DOS)(BACKSLASH)(ASTERISK).(ASTERISK)

     then you have the corrupted file.

     Any freeware or shareware program downloaded from a BBS should be scanned
     and evaluated by a knowledgeable AIS person on a standalone PC before the
     program is introduced into any system.  If you or anyone else at your site
     should happen to encounter any corrupted files on a BBS, Please contact
     the ASSIST immediately
 
     PKWARE Inc. has also requested that they be informed of any occurrences of
     corrupted PKZIP files.  PKWARE Inc. can be reached at (414) 354-8699
     (voice), (414) 354-8670(BBS), (414) 354-8559(FAX).
 
     The ASSIST Point of Contact for this matter is Mr. Mike Higgins,
     COMM (202) 373-8852/55 or DSN 243-8852/55.

     ASSIST can be reached 24 hours a day via commercial pager at
     1-(800) SKY-PAGE, PIN NUMBER 2133937 (FROM A TOUCH TONE PHONE ENTER
     THE CALL BACK NUMBER AFTER THE PROMPT) or AUTOVON dial 243-8000 and
     ask to have the ASSIST Duty Officer paged.  ASSIST can also be reached
     via E-Mail at "DOD-CERT(AT-SIGN)DDN-CONUS.DDN.MIL."

****************************************************************************
*                                                                          *
*    The point of contact for MILNET security-related incidents is the     *
*    Security Coordination Center (SCC).                                   *
*                                                                          *
*               E-mail address: SCC@NIC.DDN.MIL                            *
*                                                                          *
*               Telephone: 1-(800)-365-3642                                *
*                                                                          *
*    NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST,   *
*    Monday through Friday except on federal holidays.                     *
*                                                                          *
****************************************************************************