New Macintosh Virus Discovered (INIT-M) 22 Apr 1993 Virus: INIT-M Damage: Alters applications and other files; may severely damage file system on infected Macs. See text below. Spread: possibly limited, but has potential to spread quickly Systems affected: All Apple Macintosh computers, under only System 7 The INIT-M virus was recently discovered at Dartmouth College, in a file downloaded off the net. This is a DIFFERENT virus than the INIT-17 virus announced April 12. It is a malicious virus that may cause severe damage. INIT-M rapidly spreads to applications, system extensions, documents and preference files under System 7; it does not spread or activate on System 6 systems. The virus spreads as the application files are run, and is likely to spread extensively on an infected machine. The infection is accomplished by altering existing program code. Besides this incidental damage (that may, because of bugs in the virus code, cause more severe damage), the virus also does extensive damage to systems running on any Friday the 13th -- *not* just booted on that day. Files and folders will be renamed to random strings, creation and modification dates will be changed, and file creator and type information will be scrambled. In some very rare circumstances, a file or files may be deleted. This behavior is similar to the previously announced (March 1992) INIT-1984 virus. Recovery from this damage will be very difficult or impossible. Note that the next three Friday the 13ths are in August 1993, May 1994, and January 1995. The virus, when present on an infected system, may interfere with the proper display of some application window operations. It will also create a file named "FSV Prefs" in the Preferences folder. Recent versions of Gatekeeper and SAM Intercept (in advanced and custom mode) are effective against this virus. Either program should generate an alert if the virus is present and attempts to spread to other files. The authors of all other major Macintosh anti-virus tools are planning updates to their tools to locate and/or eliminate this virus. Some of these are listed below. We recommend that you obtain and run a CURRENT version of AT LEAST ONE of these programs. Some specific information on updated Mac anti-virus products follows: Tool: Central Point Anti-Virus Status: Commercial software Revision to be released: 2.01e Where to find: Compuserve, America Online, sumex-aim.stanford.edu, Central Point BBS, (503) 690-6650 When available: immediately Comments: The MacSig file will be dated 4/22/93 Tool: Disinfectant Status: Free software (courtesy of Northwestern University and John Norstad) Revision to be released: 3.2 When available: immediately Where to find: usual archive sites and bulletin boards -- ftp.acns.nwu.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, AppleLink, America Online, CompuServe, Genie, Calvacom, MacNet, Delphi, comp.binaries.mac Tool: Gatekeeper Status: Free software (courtesy of Chris Johnson) Revision to be released: No new revision needed; 1.2.7 works When available: immediately Where to find: usual archive sites and bulletin boards -- microlib.cc.utexas.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, comp.binaries.mac Tool: Rival Status: Commercial software Revision to be released: INIT-M Vaccine When available: Immediately. Where to find it: AppleLink, America Online, Internet, Compuserve. Tool: SAM (Virus Clinic and Intercept) Status: Commercial software Revision to be released: 3.5.6 When available: immediately Where to find: CompuServe, America Online, Applelink, Symantec's Customer Service @ 800-441-7234 Comments: Updates to various versions of SAM to detect and remove INIT-M are available from the above sources. Tool: Virex Status: Commercial software Revision to be released: 3.93 Where to find: Datawatch Corporation, (919) 490-1277 When available: Detection Strings will be available 4/27 on AOL and on the "DataGate" BBS @ (919) 419-1602. Updated version with detection, repair and prevention capabilities will be available next week. Comments: Virex 3.93 will detect the virus in any file, and repair any file that has not been permanently damaged. All Virex subscribers will automatically be sent an update on diskette. All other registered users will receive a notice by mail. Tool: VirusDetective Status: Shareware Revision to be released: 5.0.9 When available: immediately Where to find: various Mac archives Comments: VirusDetective is shareware. Search strings for the new virus will be sent only to registered users. If you discover what you believe to be a virus on your Macintosh system, please report it to the vendor/author of your anti-virus software package for analysis. Such reports make early, informed warnings like this one possible for the rest of the Mac community. If you are otherwise unsure of who to contact, you may send e-mail to spaf@cs.purdue.edu as an initial point of contact. Also, be aware that writing and releasing computer viruses is more than a rude and damaging act of vandalism -- it is also a violation of many state and Federal laws in the US, and illegal in several other countries. If you have information concerning the author of this or any other computer virus, please contact any of the anti-virus providers listed above. Several Mac virus authors have been apprehended thanks to the efforts of the Mac user community, and some have received criminal convictions for their actions. This is yet one more way to help protect your computers.