INTERNET is the source of current up to the minute information on viruses. It is also the source of anti virus software. To be told this when you don't have access to INTERNET can be extremely frustrating. I have therefore made up a catalogue of useful products for those who don't have access. This also includes a number of INTERNET tools and information files for those who are thinking about it or just getting started. catolog.txt.
For those who do have access the following addresses should be of help. INTERNET is in a rapid state of flux. This is the one part of the book which can be guaranteed to be out of date as soon as it is published. Corrections, new resources are therefore more than welcome. Time will not permit individual thanks so I note them here. Heroic efforts will be acknowledged in future revisions.
I have not verified every entry. The state of flux is such, that no sooner had I got to the end I'd have to start again (I now know what it's like to paint the Forth Bridge!). My time can be better spent. As I use these entries for my own purposes I correct what I find. You will discover the joys of INTERNET as serendipity lends a hand. Many of these entries have come from other lists. Too many have proved to be out of date or incorrect. A significant number I have just stumbled across whilst wondering around INTERNET. Therefore by my not spending too much time on these entries could prove beneficial.
Most areas have a FAQ (frequently asked questions) and a README (or INDEX) file, you should access these first and read them.
As well as a source of up to date information and help INTERNET is also a source of viruses. Ensure that you check everything BEFORE you use it. If you do find a virus (or suspect something suspicious) alert the source.
This book is entirely my own work, but it was only through INTERNET that I was able to gain the thoughts of the many heroes (& a few villains) to add the final polish.
Files can be accessed by ftp from:
lehigh.eu cs.ucr.edu corsa.ucr.edu
E-mail can be used to obtain the FAQ file.
LISTSERV@LEHIGH.EDU info virus-lTo subscribe
LISTSERV@LEHIGH.EDU SUB VIRUS-L <your name> {eg SUB VIRUS-L Fred Bloggs}
To participate, post mail to the list
VIRUS-L@LEHIGH.EDUThe list moderator is Ken R Van Wyk
ken@assist.mil
SCNR@aol.com {The Scanner} HRRWood@aol.com {Howard Wood Editor} Howard.Wood@Flagship.org informatik.uni-hamburg.de OAK.oakland.edu
celustka@sun.felk.cvut.cz {Editor - Suzana} mxserver@ubik.demon.co.uk {subscription requests}
anonymous ftp from following sites
ftp.informatik.uni-hamburg.de in /pub/virus/texts/alive ftp.demon.co.uk in /pub/antivirus/journal/alive ftp.elte.hu in /pub/virnews ftp.u.washington.edu in public/Alive ftp.elf.stuba.sk in /pub/pc
Gophers
saturn.felk.cvut.cz ursus.bke.hu
World Wide Web
http://www-iwi.unisg.ch/~sambucci/icaro/texts/alive
HOT TIP: A person's address can often be adapted.
fred@freds_place.com --> http://www.freds_place.com
Many of these sites are strongly inter-linked, that is once at one you can jump to many of the others. Therefore in the first instance you may find it simpler (and faster) to go to a local site or one on the same network. For example users in the UK and on JANET (the high speed academic backbone) will find fastest access if they choose a site in the ac.uk domain.
A useful jumping off point is SYMANTEC. They maintain a virus alert. They also have hot links (WWW) to many other virus sites. This entry indicates the rate of change. At the time of writing this was true (having accessed the site a couple of days before), a couple of days later (to verify what I'd written) it was no longer true. But, a note was posted to say change was under way so I'll leave this as a cautionary note! It could even be be that I originally found these links some place else. That is the joy (!) and the disadvantage of INTERNET - one can never be quite sure what one will stumble across, where, or even if one can correctly find ones way back. If you've never used INTERNET but have visited Hampton Court Maze then you will know the feeling, those of you who are regular surfers won't need reminding!
http://www.symantec.com
John McAfee's corporate address
mcafee.com ftp.mcafee.com {anonymous ftp} http://www.mcafee.com
Sophos corporate address {virus & security products}
sophos.com http://www.sophos.com
Virus Bulletin
virusbtn.com virusbtn@vax.ox.ac.uk {e-mail}
Frisk Software International {F-Prot}
sales@complex.is support@complex.is frisk@complex.is {Fridrik Skulason}
Data Fellows act as agents for Fridrik Skulason's F-Prot. They also produce a bulletin for each F-Prot update which though aimed primarily at providing information on F-Prot also contains useful virus information (NB I have included this with the F-Prot disk). Data Fellows have hot links to several other sites including the Virus Research Centre at the University of Hamburg. I could give the address for VRC but it is so long that I doubt if anyone could type it in correctly (especially as it is in German)! I suggest therefore that you go to VRC via DF, then save the address for future visits. Data Fellows can also be used to access the Italian Anti-virus Research Organisation (ICARO), which like VTC has an extremely long name (in Italian).
http://www.datafellows.fi http://www.datafellows.com telnet bbs.datafellows.fi
Virus Research Centre at University of Hamburg - see above.
The University of Hamburg houses the Virus Research Centre. Once there work your way down through the directories.
ftp ftp.informatik.uni-hamburg.de/pub/virus
The Italian Anti-virus Research Organisation (ICARO) has interesting material (as well as being a Romulan outpost!). It also provides links to many other sites.
http://www-iwi.unisg.ch/~sambucci/icaro/
Command Software {Security & F-Prot Agents}
ftp ftp.commandcom.com winword@commandcom.com {e-mail Word macro virus help} command@command.co.uk {e-mail London}
Datawatch
http://www.zobkiw.datawatch.com
FIRST
http://www.first.org
IBM
http://www.research.ibm.com http://www.brs.ibm.com/ibmav.html gopher index.almaden.ibm.com
KAMI
http://www.thenet.ch
MicroSoft
http://www.microsoft.com
National Computer Security Assoc
http://www.ncsa.com
Norman Data Defence
http://www.norman.com
Dr Solomon
http://www.drsolomon.com http://www.us.drsolomon.com
The Open University maintains a virus support service for its far flung student population. There is a news letter on current viruses and an archive of earlier news letters. The OU is a useful starting place as it has links to several other sites. It can also be reached via Datafellows Ltd.
http://www.open-tech.ac.uk
Humour is not what immediately springs to mind when you think of the word virus, so maybe it is time for a few virus jokes.
gopher chiphead.cc.ndsu.nodak.edu Other Stuff | Fun Stuff | Virus Alert
The SimTel depository and its various mirrors are good sources of software, including anti virus software - use ftp
oak.oakland.edu wuarchive.wustl.edu ftp.Coast.NET 205.137.48.28 ftp.cdrom.com 192.216.191.11 uiarchive.cso.uiuc.edu 128.174.5.14 ftp.uoknor.edu 129.15.2.20 ftp.orst.edu 128.193.4.2 ftp.pht.com 198.60.59.5 ftp.switch.ch {Switzerland} ftp.funet.fi {Finland} src.doc.ic.ac {UK} archie.au {Australia} archive.orst.edu 128.193.2.13 ftp.uu.net 192.48.96.9 NCTUCCCA.edu.tw 140.111.1.10 ftp.technion.ac.il 132.68.1.10 garbo.uwasa.fi 128.214.87.1 ftp.demon.co.uk 158.152.1.68 atlantis.utmb.edu 129.109.12.7 ftp.unt.edu ftp.elte.hu {Hungary} ftp.unicamp.br {Brazil} ftp.pku.edu.cn {China} pub.vse.cz {Czech Republic} ftp.ibp.fr {France} ftp.ruhr-uni-bochum.de {Germany} ftp.tu-chemnitz.de {Germany} ftp.uni-mainz.de {Germany} ftp.uni-paderborn.de {Germany} ftp.uni-tuebingen.de {Germany} ftp.cs.cuhk.hk {Hong Kong} hkstar.com 202.82.0.48 ftp.technion.ac.il {Israel} cnuce-arch.cnr.it {Italy} ftp.saitama-u.ac.jp {Japan} ftp.riken.go.jp {Japan} ftp.crl.go.jp {Japan} ftp.kornet.nm.kr {Korea} ftp.nuri.net 203.255.112.4 ftp.nic.surfnet.nl {Netherlands} ftp.vuw.ac.nz {New Zealand} ftp.cyf-kr.edu.pl {Poland)} ftp.icm.edu.pl {Poland} ftp.ua.pt {Portugal} ftp.sun.ac.za {South Africa} ftp.uakom.sk {Slovak Republic} ftp.arnes.si {Slovenia} ftp.sunet.se {Sweden} nctuccca.edu.tw {Taiwan} ftp.nectec.or.th {Thailand} ftp.metu.edu.tr {Turkey}
Wherever possible use the nearest site. Always observe restriction on time of access.
Likely directories are
pub/SimTel/msdos/virus pub/msdos/virus /pub/virnews /pub/antivirus /Simtel/msdos/virus /pub/mirrors/simtel/msdos/virus /mirrors/SimTel/msdos/virus /mirrors/simtel.coast.net/Simtel/msdos/virus
In the UK two national software archives are to be found. If the micros archive is typical, poorly maintained and carrying some very old software, versions are more likely than not to be old versions
http://micros.hensa.ac.uk {Lancaster University} http://unix.hensa.ac.uk {University of Kent at Canterbury}
If you are looking for a specific file or piece of software use archie. Alternatively post a message on virus-l.
408 988 4004 {McAfee Assoc USA} +44 1235 559936 {Sophos UK} +44 1494 724946 {S & S Int UK} 1 408 244 0813 {Excalibur! USA} +358-0-478 44 500 {Data Fellows Finland} +358-0-478 44 501 {Data Fellows Finland} +42 7 2048 232 {Slovak Antivirus Center} +42 7 2048 295 {Slovak Antivirus Center} +44 171 259 5752 {Command Software London}
To reiterate what what was said at the beginning. For those without INTERNET access (or modem) much of this material is available on disk - see catolog.txt. Beginners guides to INTERNET are also available on disk.
Reproduced with kind permission from Virus: A computer malaise - Keith Parkins (Books on Disk : 1995) (c) Keith Parkins 1995.