PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE
MANAGER {IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,320/DS-SIM 
SUBJ:  {AUTOMATED SYSTEMS SECURITY INCIDENT SUPPORT TEAM {ASSIST}
92-55}
1.  DISCUSSION:  ASSIST HAS LEARNED THAT TWO CORRUPT VERSIONS OF
THE POPULAR ARCHIVING UTILITY PKZIP FOR PC-DOS AND MS-DOS MACHINES
ARE BEING CIRCULATED ON SEVERAL BULLETIN BOARD SYSTEMS AROUND THE
COUNTRY. THE TWO CORRUPTED VERSIONS OF PKZIP ARE, 2.01 {PKZ201.ZIP
AND PKZ201.EXE} AND 2.2 {PKZIPV2.ZIP AND PKZIPV2.EXE}.  IF YOU
HAVE DOWNLOADED ANY OF THESE FILES, DO NOT ATTEMPT TO USE THE
UTILITIES.  THE DESTRUCTION OF ALL THE DATA ON YOUR HARD DISK IS A
POSSIBILITY IF THE PROGRAMS ARE EXECUTED.  AT THE CURRENT TIME,
THE RELEASED VERSION OF PKZIP IS VERSION 1.10.  A NEW VERSION OF
PKZIP IS EXPECTED TO BE RELEASED IN THE NEXT FEW MONTHS.  ITS  
VERSION NUMBER MAY BE 2.00, OR MAY BE A NUMBER GREATER THAN 2.2 TO
PREVENT CONFUSION WITH THE CORRUPT VERSIONS.  PKWARE INC. HAS
INDICATED IT WILL NEVER ISSUE A VERSION 2.01 OR 2.2 OF PKZIP.
2.  ACCORDING TO PKWARE INC., VERSION 2.01 IS A HACKED VERSION OF
PKZIP 1.93 ALPHA.  WHILE THIS VERSION DOES NOT INTENTIONALLY DO
ANY DAMAGE, IT IS ALPHA LEVEL SOFTWARE, AND MAY HAVE SERIOUS BUGS
IN IT.  VERSION 2.2 IS A SIMPLE BATCH FILE THAT ATTEMPTS TO ERASE 
YOUR C:{BACKSLASH} AND C:{BACKSLASH}DOS DIRECTORIES. IF A HARDDISK
HAS BEEN ERASED BY THIS PROGRAM, RECOVERY MAY BE POSSIBLE USING
HARD DISK UNDELETE UTILITIES SUCH AS THOSE IN NORTON UTILITIES, OR
PCTOOLS.  DON'T DO ANYTHING THAT MIGHT CREATE OR EXPAND A FILE ON
YOUR HARD DISK UNTIL THE FILES HAVE BEEN UNDELETED TO AVOID
OVERWRITING THE DELETED FILES WHICH WILL DESTROY THEM.  TO EXAMINE
A FILE TO SEE IF IT IS VERSION 2.2, TYPE IT TO THE SCREEN WITH THE
DOS TYPE COMMAND.  IF THE FILE THAT PRINTS ON THE SCREEN IS A
SHORT BATCH FILE WITH COMMANDS SUCH AS DEL
C:{BACKSLASH}{ASTERISK}.{ASTERISK}, OR DEL
C:{BACKSLASH}{DOS{BACKSLASH}{ASTERISK}.{ASTERISK} THEN YOU HAVE
THE CORRUPTED FILE.
3.  ANY FREEWARE OR SHAREWARE PROGRAM DOWNLOADED FROM A BBS SHOULD
BE SCANNED AND EVALUATED BY A KNOWLEDGEABLE AIS PERSON ON A 
STANDALONE PC BEFORE THE PROGRAM IS INTRODUCED INTO ANY SYSTEM. 
IF YOU OR ANYONE AT YOUR SITE SHOULD HAPPEN TO ENCOUNTER ANY
CORRUPT FILES ON A BBS, PLEASE CONTACT ASSIST IMMEDIATELY.  PKWARE
INC. HAS ALSO ASKED TO BE INFORMED OF ANY OCCURRENCES OF THE
CORRUPT PKZIP FILES, AND CAN BE REACHED AT, VOICE: 414-354-8699,
BBS: 414-354-8670, FAX: 414-354-8559.
4.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.