From lehigh.edu!virus-l Tue Aug 25 23:39:05 1992 Date: Tue, 25 Aug 1992 23:37:02 -0400 Message-Id: <9208260151.AA01769@barnabas.cert.org> Comment: Virus Discussion List Originator: virus-l@lehigh.edu Errors-To: krvw@cert.org Reply-To: Sender: virus-l@lehigh.edu Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas From: To: Multiple recipients of list Subject: VIRUS-L Digest V5 #142 Status: R VIRUS-L Digest Tuesday, 25 Aug 1992 Volume 5 : Issue 142 Today's Topics: Re: Netware and viruses - some new results (PC) new virus found (PC) Re: Need Advice on Evaluating and Ordering Antivirus Software (PC) Re: help, high weirdness (PC) Re: Waldo ?? (PC) New "Vengeance" virus on Fidonet (PC) Stoned/Azusa haunting (PC) V-SIGN virus (PC) 15xx problems (PC) On integrity checking (PC) is there a SCAN95? (PC) Anyone for a Feist ??? (PC) Re: os/2 changes to boot sector (OS/2) Unix servers and DOS viruses (PC) (UNIX) Brandau virus followup - four years later (Mac) Network Virus protection. Help. (c) Brain - part 2 (CVP) Re: Jerusalem virus (CVP) Re: Jerusalem virus (CVP) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on cert.sei.cmu.edu or upon request.) Please sign submissions with your real name. Send contributions to VIRUS-L@LEHIGH.EDU. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available by anonymous FTP on cert.org (192.88.209.5). Administrative mail (comments, suggestions, and so forth) should be sent to me at: . Ken van Wyk ---------------------------------------------------------------------- Date: Wed, 19 Aug 92 13:45:11 -0400 From: JFORD@seebeck.ua.edu Subject: Re: Netware and viruses - some new results (PC) >Date: Wed, 19 Aug 92 08:06:46 -0500 >From: cohen@fitmail.fit.qut.edu.au (Mr Fred Cohen) > >At QUT, we have set up an experimental network to test viruses in >networked environments, and the first results have just come in - >unbelievable! > >Test 1: Exhaustive test of netware preotection setting on files and >directories against common viruses. > >Result: Only 3 of the 15 bits provide any protection - Execute ONLY? >NO GOOD!!! Read ONLY? NO GOOD!!! Is this using "FLAG (or FLAGDIR) file parameters" or using Syscon to grant specific File and directory rights to the account? - ---------- James Ford - Consultant II, Seebeck Computer Center jford@seebeck.ua.edu, jford@risc.ua.edu The University of Alabama (in Tuscaloosa, Alabama) ------------------------------ Date: Wed, 19 Aug 92 14:59:31 -0500 From: sapao@dcc.ufmg.br Subject: new virus found (PC) A new virus not detected by McAfee's Scan93 nor Virx version 2.3 was found in Brazil. F-prot said it's a new variant of jerusalem. This virus is a file infector for both .com and .exe files, including command.com. Infected files grow of 1870 bytes (.com) or a variable lenght of 1870 to 1885 bytes (.exe). Command.com grows 77 bytes, the virus seems to overwrite some portion of it. It can be found using the following string: (hex) 56 56 56 00 00 00 43 4f 4d 4d 41 4e 44 2e 43 4f 4d 00 2a 2e 43 4f 4d but this string is not much secure, because the virus was not disassembled yet. Samples were sent to well known virus researchers. Lucas de Carvalho Ferreira Computer Science Student - UFMG - Brazil Internet Adress: Sapao@dcc.ufmg.br ------------------------------ Date: Thu, 20 Aug 92 11:28:26 -0400 From: Joe Simpson Subject: Re: Need Advice on Evaluating and Ordering Antivirus Software (PC) We evaluated anti-viral software for MS-DOS. We used the criteria: Cost Distribution off campus (the data doesn't stay on campus). Frequency and quality of updates (anti-viral programs require frequent update) General concerns about the nature of the supplier. Prophylaxis as well as identification/removal. "Ease of Use" Co-existance with dos, windows, networks, various apps. We ended up liking McAfee's product and Fridrick Skuulassen's product. Bought f-prot on the basis of ease of distribution off campus. We think we gave up some technical support by making this decision. We very much admire McAfee's company and can testify to the support they have to offer. ------------------------------ Date: Thu, 20 Aug 92 14:31:47 -0000 From: leveret@warren.demon.co.uk (Nick Leverton) Subject: Re: help, high weirdness (PC) hurd@sfu.ca (Peter L. Hurd) writes: >2) Keyboard spaceyness, it gets to thinking that the shift is down, so >even numbers show up as @#$%^, and the alt ,and ctrl keys don't quite >do what I expect them to (usually happens in WP5.1) This is a known problem with some BIOSes. There is a set of programs Out There Somewhere (tm) which fix it. I came across them under the name INT099FI.ZIP, so look for that name wherever you usually get your shareware and PD software. Nick Leverton - -- Just my six pounds fourteen shillings and eightpence three-farthings worth. ------------------------------ Date: Thu, 20 Aug 92 16:23:14 +0000 From: m91mfr@bellatrix.tdb.uu.se (Mikael Fredriksson) Subject: Re: Waldo ?? (PC) george@mulgulgum.asis.unimelb.EDU.AU (George Ferenc) writes: >treeves@magnus.acs.ohio-state.edu (Terry N Reeves) writes: >> Anyone know of a virus/trojan/joke/ etc that self-identifies as Waldo? >> >> I have not seen it, unfortunately I have only a sketchy report of a >> message seen periodically on a pc running windows 3.1 & corel draw >> 2.0. I ma told a "waldo virus" is identified. Unfortunately I can't >> even be sure the word virus was in the actual message. > >Hi, > >This is not a virus. If you are runing an old (i.e. not the latest) >version of Corel Draw under Windows 3.1, the program will crash when >you use the 'Blend' function. It worked fine under Windows 3.0. Yep! And the WALDO-error also pops up if you use Corel 2.0 + win 3.1 + Norton Desktop (don't ask!) and try to use the extrude function. Without ND it works alright. /Micke - -- - ----------------------------------------------------------- email: m91mfr@tdb.uu.se smail: Blomdahls vaeg 3, III ; S - 756 49 Uppsala ; SWEDEN voice: +46 18 401481 ------------------------------ Date: 20 Aug 92 19:35:00 -0700 From: Robert Slade Subject: New "Vengeance" virus on Fidonet (PC) In a message in the Fidonet VIRUS_INFO discussion area, a poster identified as "Richard Head" from 1:105/609.0 included a virus he identifies as "Vengeance". It was sent as a "DEBUG script"; a set of commands which will instruct the DEBUG program shipped with every copy of MS-DOS to make a copy of the virus. The fact that it was published on Fidonet means that many "virus-writer-wannabes" around the world will be able to make copies and release them locally. The poster states that SCAN version 86 is unable to find it: F-PROT 2.04B identifies it as a Vienna variant, SCAN 95 identifies it as "Parasite", TBscan 4.1 identifies it as suspect through the "heuristic" analysis. (HTScan 1.18 with VSIG9207 and VIRx 2.3 do not identify it.) Those who do not have these scanners can check programs with a file viewer for the words "Vengeance" and "SKISM/Phalcon" near the end of the file. The poster claims that it is a "hardware damaging" virus, but the "author's notes" accompanying it indicate that it will only "format" the first 32 tracks of the C: and D: drives, thus erasing the system data. The strings "*** Vengeance is ours! ***", "$ SKISM/Phalcon '92 $" and "PATH=*.COM" can be found unencrypted in the body of the virus which is appended to the infected file. The name of the infected file is also found, but this does not transfer to subsequently infected files. Infection is by "direct action": one .COM file will be infected each time the virus is invoked. Activation date is on the 20th of each month. ============== Vancouver ROBERTS@decus.ca | "It says 'Hit any Institute for Robert_Slade@sfu.ca | key to continue.' Research into rslade@cue.bc.ca | I can't find the User p1@CyberStore.ca | 'Any' key on my Security Canada V7K 2G6 | keyboard." ------------------------------ Date: Fri, 21 Aug 92 04:55:25 +0000 From: drt@brolga.cc.uq.oz.au (David Taylor) Subject: Stoned/Azusa haunting (PC) scan a: - 1 virus found [azusa] clean a: [azusa] - 1 virus removed [azusa] scan a: - 1 virus found [stoned] Wow! clean a: [stoned] - 1 virus removed [stoned] scan a: - 1 virus found [azusa] Huh!?!! clean a: [azusa] - 1 virus removed [azusa] Hmmm. OK. scan a: - 1 virus found [stoned] WHAT!!!! clean a: [stoned] - 1 virus removed [stoned] scan a: 1 virus found [azusa] AAAAAARRRRRRRRRRRRRRRRRRRRRRRRGGGGGGGGGGHHH!!!!!!!!!!!!!!! format a: @#%#&@ virii! Anyone know if these two virii mutate when they're together? D.T ------------------------------ Date: Fri, 21 Aug 92 15:37:46 -0400 From: tneuhaus@uwspmail.uwsp.edu Subject: V-SIGN virus (PC) Need info. on "V-Sign" boot sector virus. F-prot 2.04c recognizes but does not remove this virus. Would appreciate receiving any informaiton on this virus, tools, and tips for removal of this virus. Regards, Tom ------------------------------------------------------------------- | Tom Neuhauser | tneuhaus@uwspmail.uwsp.edu | | Information Technology, LRC 26 | attmail!tneuhaus | | University of Wisconsin | | | Stevens Point, WI 54481 | "He who hesitates, waits..." | | 715-346-3058 | | ------------------------------------------------------------------- ------------------------------ Date: Sat, 22 Aug 92 01:37:47 +0000 From: howard@maccs.dcss.mcmaster.ca (Howard Betel) Subject: 15xx problems (PC) My brother recently asked me to disinfect his computer as scan reported that he had been infected with the 15xx virus. After verifying I ran clean to remove the virus. Then I installed vshield (both wer v89) Thinking everything was now clean we started doing some more work. Vshield then caught 15xx again and notified me. I ran clean again thinking that somehow I missed something. Sure enough a little while later another file seemed to be infected. I then scanned again with the all parameter. It picked up an infected file in one of the subdirectories. When I ran scan again with that file name it didn't seem to identify it. I went into the subdirectory and found a file with a name something like '.xxxxx.exe' I can't remember the name but the important thing is that it started with a period. I deleted it and ran a scan again on all files. Everything seemed clean. I recently found out that 15xx mutates. After telling my brother that he may still be infected, he told me that might explain why he has been freezing randomly on boot up (right after vshield finishes checking memory). It also seems like a few more files have been corrupted. So how do I get rid of this and make sure that none of the floppies are infected? Thanks - -- Howard Betel Howard@maccs.dcss.McMaster.CA Dept of Computer Science ...!unet!utai!utgpu!maccs!howard McMaster University ------------------------------ Date: Sat, 22 Aug 92 22:07:22 -0700 From: tck@netlink.cts.com (Kevin Marcus) Subject: On integrity checking (PC) Hey, Vesselin, all that talk about knew products and detecting unknown viruses... Blech. Wouldn't this fool an integrity checker, if the virus were installed to a new system. Maybe install a bad term, makes it sound intentional. If the system were infected...: Assume a stealth virus, which disinfected on the fly - really flying - disinfecting on file opens, reinfecting on a file close, and also on findfirst/next calls. If the virus is unknown to the integrity checker, then woulnd't it fake it out if it were in memory at the time of the scanning? Making a multi-partite infector could have some other interesting options,0as well thrown in, and make inital infection much easier if the integrity checker had a memory resident part notifying you of a change to a file... Or is there something I am missing? - -- INTERNET: tck@netlink.cts.com (Kevin Marcus) UUCP: ...!ryptyde!netlink!tck NetLink Online Communications * Public Access in San Diego, CA (619) 453-1115 ------------------------------ Date: Sun, 23 Aug 92 08:38:06 -0400 From: HAYES@urvax.urich.edu Subject: is there a SCAN95? (PC) Hi. On a local BBS, a file called SCAN95.ZIP was uploaded, with the claim it was fetched from McAfee Associates BBS - as well as some other files. The upload was reported to me by the SYSOP of the above-mentionned BBS. What are these files (beside SCAN their names escape me)? Alpha versions? Up- dates? I do not mind getting the files and making them available on the net, but I'd like to be sure first... Thanks in advance, Claude. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Claude Bersano-Hayes HAYES @ URVAX (Vanilla BITNET) University of Richmond hayes@urvax.urich.edu (Bitnet or Internet) Richmond, VA 23173 ------------------------------ Date: 24 Aug 92 06:46:09 -0500 From: ISB202REID@redgum.qut.edu.au (Did somebody say Coffee ??????) Subject: Anyone for a Feist ??? (PC) A few days ago I came across a machine absolutely covered by the feist virus.. Clean 93 wouldn't remove it, although it was in F-Prot 2.04a's database, wouldn't even recoginise it !! Can someone tell what it does and _can_ it be removed... Thanx... - -Fodd isb202reid@qut.edu.au n1019031@water.fit.qut.edu.au ------------------------------ Date: Sat, 22 Aug 92 16:57:35 -0400 From: Wolfgang Stiller <72571.3352@compuserve.com> Subject: Re: os/2 changes to boot sector (OS/2) In Virus #141, ygoland@edison.SEAS.UCLA.EDU Yaron (The Jester) Goland writes: > I currently run a program called 'Integrity Master' by Wolfgang > Stiller. Among other things, this program checks the boot sector of > each partition against a copy it made of the partition, > to detect any changes. My harddrive is a 210 western digital > pyranna(sp) which is currently set up with three partitions: > OS/2 Boot Manager Partition-A 1 meg partition > Dos Partition-A 1 meg partition > FAT/HPFS-I have one last partition which is 200 or so megs > and is then subdivided into two logical partition, > the first is fat and the second is hpfs. > > My Problem is as follows:When I run IM (Integrity Master) under os/2 > to initialize the boot sector, I don't have any problems. However if > I then change to dos, dos will say that the D drive boot sector > has changed! That's because it _HAS_ changed. When you boot back to DOS you are using a different boot sector. I don't use boot manager myself but I use dual boot and experience exactly what you're talking about. The simple solution would be to check your boot sectors under either DOS or OS/2 (but not both) and stick to that or else use separate .SID and .SRL (sector ID and Sector reload) files for each system. You could use a batch file to switch the files when you boot the other operating system. Also, as I understand it, Boot Manager may switch the active partition. This change alters the master boot record (AKA partition sector). If this is the sector IM is reporting as changed, (it calls the MBR the "partition sector" as opposed to the "DOS Boot sector" to avoid confusion. > In addition it will say that there is a self executing > program in my D drive dos boot sector! What do you mean by "self executing" program? All boot sectors may contain a program. Integrity Master does not talk about "self executing" programs so I'm baffled as to what you are asking about here. > In addition if I then do NOT > re-initalize my data (i.e. its still comparing my current boot > sector to the picture it has in it's memory) and return to os/2, > IM will still say that there is a problem! Please be more specific. What problem does it say there is. I have gone out of my way to make sure that Integrity Master is very clear and very specific. It uses simple language to explain exactly what it finds wrong. It won't just say "there is a problem", it will say exactly what is wrong and also suggest what might have caused the problem and then suggest specific steps to correct the problem. > Matters are further > complicated by the fact that I just had a cmos failure. The specific > failure was that my harddrive and both my disk drives settings were > set to 'disabled'. This could very well be a battery failure You're correct; battery failure is the most likely explanation for these symptoms. > My Question is as follows:Does os/2 change the boot sector of > drives under it's control? Yes, please see my prior comments. > In addition, I understand why my first 1 > meg, boot manager, partition would have a self booting program in it > but why should my D drive have one? Os/2 does NOT boot from D drive > and dos boots from C drive! See my prior comments. All of your boot sectors contain executable code or do you mean something else by "self booting"? > So should there be a self running > program on my D drive? I'm very concerned as this sort of activity > is standard viral activity. This sounds normal, you need not be concerned by this. > And finally, is there any known virus > which targets cmos and clears out sections of it? A virus or trojan certainly could modify your CMOS but this is much more likely to happen due to hardware or software glitch or even an unknowledgeable user executing the setup program on your PC. Regards, Wolfgang Wolfgang Stiller Stiller Research Author of Integrity Master(tm) 2625 Ridgeway St. Tallahassee, FL 32310 U.S.A. ------------------------------ Date: Sat, 22 Aug 92 15:01:05 -0500 From: cohen@fitmail.fit.qut.edu.au (Mr Fred Cohen) Subject: Unix servers and DOS viruses (PC) (UNIX) Well, it's worse than I thought it would be. Unix experiments through last night showed that viruses succeeded in infecting files that didn't have read or write access. I could even run programs with no read, write, or execute privileges! It seems that the Unix networking allows far more than the access controls permit to the local Unix user. Directory protection seemed to work right, but then, I was able to load and execute files from directories with only Execute permission - not a good sign. I got a lot of mail about the last posting. I don't think I'm a moron, and if someone can break Novell in 2 days, I don't think the situation gets better by spending more time. Novell version 3.11 - I used the default installation with no 3rd party software - I do know the difference between file attributes and directory rights, and the inheritence does indeed work the oposite of the way the manual describes it. I am replacing the renowned virus marketing expert John McAfee at the Vbull conference - first speaker on the first day - I think. Full details of the experiments will be published at that conference, and after we get some more experiments done, I hope to submit to Computers and Security. Perhaps some of you should read the paper before making assumptions and calling me names. In anticipation of more questions about Unix, System V3.2 with Sun's PC/NFS on the PCs. Default installation - I still don't think I'm a moron - No I haven't tried setting the file system to Read-Only, I am only looking at how an average network might be installed by an average administrator, not at how the world's leading expert on Novell might do it after spending a year to get it right. Want to repeat the experiment? I think the paper provides adequate documentation to allow a thorough repetition, and we repeated the test with independent people watching to make sure we weren't doing something wrong. By the way, the peron installing the Novell has done a number of commercial installations before, and to claim that they know nothing about how to make Novell safe is confirmation of the fact that it is hard to understand the way inheritence, rights, and attributes work together, and that many Novell installations may be unsafe. I doubt if any legitimate and knowledgeable people from Novell will disagree with my findings once they come to the conference and/or read the paper. Which brings me to one last point. I got a lot of complaints, but only one person wanted to perform similar experiments to confirm our results. There is a big risk associated with unconfirmed (or refuted) results. I don't believe all I read either, but if I really want to know, I repeat the experiment or ask for more details. FC ------------------------------ Date: 21 Aug 92 17:18:00 -0700 From: Robert Slade Subject: Brandau virus followup - four years later (Mac) Canadian content time. This just passed to me from a news type off the AP "Wire" (I suspect he got it off Compuserve): Online Today CANADIAN CHARGED WITH PLANTING ALDUS COMPUTER VIRUS (Aug. 20) Former Canadian computer magazine publisher Richard Brandow, 28, has been accused of planting a computer virus that tainted thousands of copies of Aldus Corp. software in 1988. According to The Associated Press, Brandow, who now writes for "Star Trek," has been charged by prosecutors in King County, Washington with malicious mischief and could face up to 10 years in on if he is convicted. Brandow said he finds the charges surprising. "What are they going to do?" he asked, "It happened four years ago, and I am here in Montreal." He told AP that he arranged for a message to flash briefly on computer screens that wished peace "to all Macintosh users around the s were designed to educate the public to the danger of viruses. Brandow included his name in the message so he could be contacted. The virus made its way eventually to Aldus where it infected a master disk for producing copies of Freehand, an illustration program. After the virus was discovered, Aldus recalled 5,000 copies of Freehand and replaced another 5,000 copies it had in its inventory. The incident cost the firm $7,000. Ivan Orton, King County senior deputy prosecuting attorney, told AP it was the first time the state has brought such criminal charges. He also said he believes the incident was the first time a virus had tainted commercial software. For more news from The Associated Press, consult the Executive News (GO APONLINE). --Cathryn Conroy I think they got his name wrong. ============== Vancouver ROBERTS@decus.ca | "Is it plugged in?" Institute for Robert_Slade@sfu.ca | "I can't see." Research into rslade@cue.bc.ca | "Why not?" User p1@CyberStore.ca | "The power's off Security Canada V7K 2G6 | here." ------------------------------ Date: Thu, 20 Aug 92 09:03:13 -0400 From: "Chuck Bennett (919)966-1134" Subject: Network Virus protection. Help. We currently have 10 DOS based machines and 10 Macintosh machines spread out in 10 medical student labs. Although we have been very lucky and only the Mac's have ever been infected with a virus, we are about to network these machines together. We will be using Novell Netware 3.11 with an Intel 486 server running Windows 3.1 on the DOS machines and System 7.01 on the Mac's. What are the best (cost/capability) approaches to virus protection that we should consider. Are there any virus protection packages that are NLM's and are they reasonably priced? Based on discussions on this list I have been leaning toward using F-PROTECT for the DOS machines and DISINFECTANT for the Mac's. Of course I will gladly pay the shareware fees. I would even entertain purchasing a set of protectors if there are significant operational or detection advantages. Any help would be appreciated. Chuck Bennett INTERNET #1: uchuck@unc.oit.unc.edu Medical Sciences Teaching Labs INTERNET #2: uchuck@med.unc.edu CB# 7520 University of NC BITNET: uchuck@unc Chapel Hill, NC 27599-7520 PHONE: 919-966-1134 ------------------------------ Date: Fri, 21 Aug 92 10:10:38 -0700 From: rslade@sfu.ca Subject: (c) Brain - part 2 (CVP) HISVIR7.CVP 920810 (c) Brain - part 2 Who wrote the Brain virus? Well, it's quite simple really. In one of the most common Brain versions you will find text, unencrypted, giving the name, address and telephone number of Brain Computer Services in Pakistan. The virus is copyright by "ashar and ashars", so we have two brothers running a computer store who have written a virus. Simple, right? (Oh, the danger of simple answers.) First of all, Alan Solomon's analysis and contention that ashar is older than Brain is quite convincing. Also, in the *most* common version of Brain, the address text does not appear. Further, it would be a very simple matter to have overlaid the text in the ashar or Brain programs with the address text. What motive would the owners of Brain Computer Services have for the writing of a virus? One story is that they sell pirated software, a practice that is legal in Pakistan, but not in the United States. Therefore, the infected disks were sold to Americans in punishment for their use of pirated software. Unconvincing. The moral attitude seems quite contorted, Brain would have no reason to "punish" the United States (its major source of software) and the Brain infection is not limited to the western world. Another story is that Brain wrote some software of their own, and were incensed when others pirated *their* software. Unlikely. Infected disks would be most likely to be sold by Brain Computer Services, and this would tend to mean that a customer would be more likely to get a "clean" copy if it was pirated. (The hypothesis that Brain is some kind of copyright device is absurd: the virus would then be going around "legitimizing" bootleg copies.) Given that Brain is relatively harmless it is possible that the virus was seen as a form of advertising for the company. Remember that this is the earliest known MS-DOS virus, and that the hardened attitude against viral programs had not yet arisen. Brain predates both Lehigh and Jerusalem, but even some time after those two "destructive" infections viral programs were still seen as possibly neutral or even beneficial. In those early, innocent days, it is not impossible that the author saw a self-reproducing program which "lost", at most, 3k of disk space as simply a cute gimmick. copyright Robert M. Slade, 1992 HISVIR7.CVP 920810 ============== Vancouver p1@arkham.wimsey.bc.ca | You realize, of Institute for Robert_Slade@sfu.ca | course, that these Research into rslade@cue.bc.ca | new facts do not User p1@CyberStore.ca | coincide with my Security Canada V7K 2G6 | preconceived ideas ------------------------------ Date: Wed, 19 Aug 92 16:37:08 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Re: Jerusalem virus (CVP) >From: "Olivier M.J. Crepin-Leblond" >PS. I was indeed surprised when Padgett advanced the theory of >anti-semitism, which I had never heard of before. Maybe the ":-)" had >something to do with it... Sorry, it was not I, I have no opinion on the naming of the 1813 Padgett ------------------------------ Date: Thu, 20 Aug 92 06:22:39 -0400 From: "Olivier M.J. Crepin-Leblond" Subject: Re: Jerusalem virus (CVP) Earlier, I wrote: >PS. I was indeed surprised when Padgett advanced the theory of >anti-semitism, which I had never heard of before. Maybe the ":-)" had >something to do with it... Oops, Rob Slade, not Padgett. Apologies, I've been overworked lately. - -- Olivier M.J. Crepin-Leblond, Digital Comms. Section, Elec. Eng. Department Imperial College of Science, Technology and Medicine, London SW7 2BT, UK Internet/Bitnet: - Janet: ------------------------------ End of VIRUS-L Digest [Volume 5 Issue 142] ******************************************