FROM DIA WASHINGTON, DC//DSM-4// TO AIG 7894 AIG 7005 USAISC FT SHERIDAN, IL//ASQNA-SHD-0// NAVWPNCEN CHINA LAKE, CA//CODE 2408// SECDEF WASHINGTON DC//C3I-T/C3I-IS/ JOINT STAFF WASHINGTON DC//6JT/DIRM:SCD/ HQ AFOSI BOLLING AFB DC//IVSC/SCX// AFCSC KELLY AFB TX//SR/SRE/SRM/SRMA// HQ ESC KELLY AFB TX//INAR// DA WASHINGTON DC//DAMI-AM/DAMI-CIC/SAIS-SS// CDRINSCOM FORT BELVOIR VA//IAOPS-CI-TO/IAM-AUT-L/ CDRUSAOPSGP FT GEORGE G MEADE MD //IAGPC-TSE// CDR730THMIBN MUNICH GE//IAGPE-SCM// COMNAVINTCOM WASHINGTON DC//OOQ/OOJ// NAVINVSERV ERREG LONDON UK//60HQ// NAVINVSERVRA LONDON UK//60LN// AFOSI DET 7008 MUNICH GE//CC// CMC WASHINGTON DC//INTX// USCENTCOM MACDILL AFB FL//J2/J6// USCINCEUR VAHINGEN GE//ECJ2/ECJ2-P/ECJ6/EUCOM AIDES// USCINCLANT NORFOLK VA//J2/J6/J63// USCINCPAC HONOLULU HI//J2I/J6// CINCSAC OFFUTT AFB NE//INYSCC// USCINCSO QUARRY HEIGHTS PM//J2/J6// USCINCTRANS SCOTT AFB IL//J2/J6// USCINCFOR FT MCPHERSON GA//J2/J6// USSPACECOM PETERSON AFB CO//J2/J6// USNMR SHAPE BE//DACOS INTEL// NSACSS FT MEADE MD//C912/X43/ CDRINSCOM FORT BELVOIR VA//IAIM-AUT-L// NAVELEXSECCEN WASHINGTON DC//CODE 04/CODE 043// DCAA CAMERON STATION VA//OWN// CMC WASHINGTON DC//CODE CCIS// DIS WASHINGTON DC//V0060// DMATSC RESTON VA//IS// SECDEF WASHINGTON DC//USDP/DSAA// DLA CAMERON STATION VA//IA// SECDEF WASHINGTON DC//PHYSICAL SECURITY DIV// USUHS BETHESDA MD//UCC// SECDEF WASHINGTON DC//DARPA-ITSO/SQUIRES// SDIO WASHINGTON DC//POI// NCRLANT NORFOLK VA// DOE LIVERMORE CA//LLNL// SUBJECT: COMPUTER SECURITY ALERT FOR VIRUSES DETECTED ON VENDOR ORIGINATED SOFTWARE (ASSIST 91-13) (U). 1. (U) SUMMARY: TWO RECENT OCCURRENCES OF VENDOR ORIGINATED SOFTWARE DISKETTES CONTAINING BOOT SECTOR MALICIOUS CODE HAVE BEEN REPORTED. THE FIRST REPORT CAME THROUGH THE FIRST SYSTEM AND INVOLVED A CONTAMINATED DEMO DISK FOR A CLIPPER UPGRADE WHICH IF EXECUTED ON THE 24TH OF THE MONTH WILL DISPLAY A VULGAR MESSAGE ON THE SCREEN. THE SECOND INCIDENT OCCURED AT A DOD SITE WHILE LOADING A NEW COPY OF A BOOT SECTOR CONTAMINATED DBASE IV DISKETTE. IN THE DBASE CASE, THE HARD DISK FAILED AND DETECTION WAS MADE UPON REBOOT (AN ANTI-VIRUS PRODUCT WAS IN USE). 2. (U) INVOLVED HARDWARE/SOFTWARE: SOFTWARE PERSPECTIVE'S DEMO "THE CLIP/++ EXTENSION FOR CLIPPER AND BORLAND'S DBASE IV. 3. (U) VULNERABILITY DESCRIPTION: INTRODUCTION OF MALICIOUS CODE (VIRUS) INTO THE SYSTEM SOFTWARE. 4. (U) ESTIMATE OF IMPACT: NEITHER OF THE VIRUSES INTRODUCED ARE DESTRUCTIVE BY NATURE. HOWEVER, EACH VIRUS HAS BEEN REPORTED AS DISRUPTING SERVICE AND CONTAMINATING LOGICAL DISK PARTITIONS CAUSING HARD DISK FAILURES. 5. (U) STATUS: THE INDIVIDUAL VENDORS HAVE BEEN NOTIFIED AS TO THE SUSPECT SOURCE OF THE MALICIOUS CODE. EACH VENDOR IS WORKING TO CORRECT DISTRIBUTION PROCEDURES TO PRECLUDE SPREAD OF THE VIRUS THROUGH IT'S SOFTWARE. 6. (U) RECOMMENDATIONS: A. RECOMMEND THAT USERS UTILIZING EITHER THE DBASE OR CLIP/++ CHECK THEIR SYSTEMS AND ORIGINAL DISKETTES FOR THE PRESENCE OF THE VIRUS. B. NEW RECIPIENTS OF THE DBASE IV PROGRAM SHOULD CHECK THE DISKETTES FOR MALICIOUS CODE PRIOR TO ANY OPERATION (INCLUDING MAKING THE WORKING COPY THROUGH THE USE OF DISKCOPY). C. ONLY SOFTWARE FROM RELIABLE SOURCES SHOULD BE INTRODUCED ONTO DOD COMPUTERS. D. SITES WHICH IDENTIFY EITHER VIRUS ON THEIR SYSTEMS SHALL REPORT IMMEDIATELY TO THE ASSIST DUTY OFFICER FOR ERADICATION PROCEDURES. 7. (U) POINT OF CONTACT: ASSIST POINT OF CONTACT FOR THIS MATTER IS MIKE HIGGINS, COMM (703) 284-0182 / DSN 251-0182. ASSIST CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER (202) 896-6863 (FROM A TOUCH TONE PHONE ENTER THE CALL BACK NUMBER AFTER THE TONE PROMPT) OR AUTOVON DIAL 243-8000 AND ASK TO HAVE THE ASSIST DUTY OFFICER PAGED.