Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Hacking Techniques :: ciaca10.txt

Information about the PC Cyborg (AIDS) Trojan Horse




_____________________________________________________________

        THE COMPUTER INCIDENT ADVISORY CAPABILITY



                         CIAC



                INFORMATION    BULLETIN

_____________________________________________________________



Information about the PC CYBORG (AIDS) trojan horse 



December 19, 1989, 1600 PST                     Number A-10



There recently has been considerable attention in the news 

media about a new trojan horse which advertises that it 

provides information on the AIDS virus to users of IBM PC 

computers and PC clones.  Once it enters a system, the trojan 

horse replaces  AUTOEXEC.BAT, and may count the number of 

times the infected system has booted until a criterion number 

(90) is reached.  At this point PC CYBORG hides directories, 

and scrambles (encrypts) the names of all files on drive C:   

There exists more than one version of this trojan horse, and 

at least one version does not wait to damage  drive C:, but 

will hide directories and scramble file names upon the first 

boot after the trojan horse is installed.



At first PC CYBORG was distributed only in Europe, although 

several PC CYBORG infections have recently been reported in 

the U.S.  No DOE site has been affected yet, and the 

probability of a widespread infection of this trojan horse 

throughout DOE is extremely small.    This trojan horse is 

introduced into systems through a disk called the AIDS 

Information Introductory Diskette, which has been mailed to a 

mailing list which the author(s) of this trojan horse 

obtained.   PC CYBORG is a trojan horse, not a virus, and 

thus is limited in ability to spread.  This information 

bulletin is being distributed in response to questions raised 

because of the considerable media attention the trojan horse 

has received, more than because of a genuine threat to 

systems.



If you receive a disk in the mail which purports to provide 

information on AIDS, do not load the disk into your computer.  

Please save the disk, and contact CIAC immediately.  If you 

have already run this disk, please also call CIAC as soon as 

possible.  It is important to leave your PC on if it is 

currently on, or leave it off if it is currently off.  

Failure to do so may result in loss of your data, or make 

recovery more difficult.  CIAC has developed recovery 

procedures, which are too lengthy to publish in this 

bulletin.

 

For further information, including information about recovery 

procedures, please contact CIAC:



        Tom  Longstaff

        (415) 423-4416 or (FTS) 543-4416

        FAX: (415) 294-5054



or send e-mail to:  ciac@tiger.llnl.gov








TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH