DIA WASHINGTON DC//DSM-4// AIG 7894 AIG 7005 USAISC FT SHERIDAN IL//ASQNA-SHD-0// NAVWPNCEN CHINA LAKE CA//CODE 2408// SECDEF WASHINGTON DC//C3I-T/C3I-IS// JOINT STAFF WASHINGTON DC//6JT/DIRM: SCD// HQ AFOSI BOLLING AFB DC//IVSC/SCX// AFCSC KELLY AFB TX//SR/SRE/SRM/SRMA// HQ ESC KELLY AFB TX//INAR// DA WASHINGTON DC//DAMI-AM/DAMI-CIC/SAIS-SS// CDRINSCOM FORT BELVOIR VA//IAOPS-CI-TO/IAM-AUT-L// CDRUSAOPSGP FT GEORGE G MEADE MD//IAGPC-TSE// CDR730THMIBN MUNICH GE//IAGPE-SCM// COMNAVINTCOM WASHINGTON DC//OOQ/OOJ// NAVINVSERV ERREG LONDON UK//60HQ// NAVINVSERVRA LONDON UK//60LN// AFOSI DET 7008 MUNICH GE//CC// CMC WASHINGTON DC//INTX// USCENTCOM MACDILL AFB FL//J2/J6/SOJ2-SSO/SOJ2-IS// USCINCEUR VAIHINGEN GE//ECJ2/ECJ2-P/ECJ6/ EUCOM AIDES// USCINCLANT NORFOLK VA//J2/J6/J63// USCINCPAC HONOLULU HI//J2I/J6// CINCSAC OFFUTT AFB NE//INYSCC// USCINCSO QUARRY HEIGHTS PM//J2/J2-ID/J6/ SCJ6-A/SSO// USCINCTRANS SCOTT AFB IL//J2/J6// USCINCFOR FT MCPHERSON GA//J2/J6/FCJ6-TPM// USSPACECOM PETERSON AFB CO//J2/J6// USNMR SHAPE BE//DACOS INTEL// NSACSS FT GEORGE G MEADE MD//C912/X43// CDRINSCOM FT BELVOIR VA//IAIM-AUT-L// NAVELEXSECCEN WASHINGTON DC//CODE 04/CODE 043// DCAA CAMERON STATION VA//OWN// CMC WASHINGTON DC//CODE CCIS/INTZ// DIS WASHINGTON DC//V0060// DMATSC RESTON VA//IS// SECDEF WASHINGTON DC//USDP/DSAA// DLA CAMERON STATION VA//IA// SECDEF WASHINGTON DC//PHYSICAL SECURITY DIV// USUHS BETHESDA MD//UCC// SECDEF WASHINGTON DC//DARPA-ITSO/SQUIRES// SDIO WASHINGTON DC//POI// NCRLANT NORFOLK VA// DOE LIVERMORE CA//LLNL// COMDT COGARD WASHINGTON DC//G-TPS-4/G-OIN// FTC WRIGHT PATTERSON AFB OH//DXST// HQ DOE WASH DC//IN-40// CG FIRST MEB//SSO// CG SECOND MAW//G2/SSO// CG THIRD MAW//G2/SSO// FORSCOM AISA FT BRAGG NC CNO WASHINGTON DC//OP941/OP942/OP945/OP943/921// COMSPAWARSYSCOM WASHINGTON DC//PMW161/PMW162/PD60// CG FMFLANT//G2/G6/ISMO// CDRUSAISC FT HUACHUCA AZ//ASIS-A// CDR USACIDC WASH DC//C1ID-IN-SC// CG FIRST MEF//G-2/ISSO// HQDA WASHINGTON DC//JDMSS-W/JDPP-SO// CDR 751STMIBN PYONGTAEK KOR//IABDK-FS-IMO// MARCORINTCEN QUANTICO VA//MCIC10// HQ AFISA BOLLING AFB WASH DC//INDXS// CJTF FIVE//J64// CSG USSPACECOM NORAD CMAFB COLORADO SPRINGS CO COMUSFOREA INTEL TAEGU KOR//IABDK-ISD-S// CINCUSNAVEUR LONDON UK//N2/N23/N26/N6/N8/016// CDR 902ND FT MEADE MD//IAGPA-OP-I/IRGPA-T/ IAGPA-A-OP// COMNAVAIRTESTCEN PATUXENT RIVER MD//SYO2B2// HQ AFLC WRIGHT PATTERSON AFB OH//INS// CTJF FOUR/J2 DEA WASHINGTON DC//AIC// PM ASAS MCLEAN VA UCTRANS INTEL CEN SCOTT AFB IL//TCJ2-S/TCJ2-PG// CDR USARPAC FT SHAFTER HI//APIN-SC// CDR USARSO FT CLAYTON PM//SOIN-CIS// CINCUSAREUR HEIDELBERG GE//AEAGB-CI/AEAGB-CI-S// DIRNSA FT MEADE MD//C91/X411// NAVOCEANSYSCEN SAN DIEGO CA//422// EW MGT DIR ROBINS AFB GA//LNN// MAC INTEL CEN SCOTT AFB IL//IND// CDR AMC ALEXANDRIA VA//AMCMI-C// AUCADRE MAXWELL AFB AL//WGOI// FOSIF ROTA SP NAVELECENG SUPACT PHILADELPHIA PA NAVELECSYSENGACT PORTSMOUTH VA 3480TCHTW GOODFELLOW AFB TX//TTOZ// CDR USAIA WASHINGTON DC//ZS// DIS HQS DIR INDUST SEC WASHINGTON DC SUBJECT: COMPUTER SECURITY ALERT FOR VIRUS FOUND ON FACTORY DELIVERED HARDWARE/SOFTWARE {ASSIST 91-18} XXXXXXXX/DSM-4 1. {U} SUMMARY: ASSIST HAS BEEN NOTIFIED BY SEVERAL SOURCES THAT NEW COMPUTERS RECEIVED DIRECTLY FROM THE FACTORY HAVE BEEN FOUND TO BE CONTAMINATED WITH THE "MICHAELANGELO" VIRUS. 2. {U} HARDWARE/SOFTWARE AFFECTED: ACCORDING TO ONE SOURCE, EASY DATA MODEL 386 PCS AND SEPARATE SPARE PART HARD DRIVES WERE RECEIVED THAT WERE INFECTED WITH THE VIRUS. VIDEO DRIVER SOFTWARE FROM THE TRIDENT VGA COMPANY THAT CAME WITH THE EASY DATA PCS WAS ALSO INFECTED WITH MICHAELANGELO. AN ARMY ELEMENT RECEIVED INFECTED AUVA 350/25 (386 MACHINES) ASSEMBLED IN TAIWAN FROM INFORMATION MANAGEMENT CONSULTANTS LOCATED IN BROOKFIELD, WIS. THE ORIGIN OF THESE CONTAMINATIONS IS NOT KNOWN AT THIS TIME. 3. {U} VULNERABILITY DESCRIPTION: FACTORY DELIVERED EQUIPMENT AND SHRINK WRAPPED SOFTWARE CANNOT BE TRUSTED AS VIRUS FREE. PLEASE FOLLOW STANDARD PROCEDURES FOR SCANNING ALL NEW ADP PRODUCTS FOR VIRUS CONTAMINATION. 4. {U} ESTIMATE OF IMPACT: MICHAELANGELO WAS IDENTIFIED IN APRIL 1991 AND IS A VARIATION OF THE "STONED" VIRUS. THE VIRUS IS RESIDENT IN THE BOOT SECTOR AND REFORMATS THE HARD DRIVE ON MARCH 6TH. OUTDATED VIRUS CONTROL PACKAGES (PRE-APRIL) WILL NOT IDENTIFY THIS VIRUS. AFTER THE VIRUS WAS IDENTIFIED, ONE SOURCE FORWARDED THE PC CLOCK TO MARCH 6TH AND THE VIRUS REFORMATTED THE HARD DRIVES OF MACHINES LOADED WITH DOS AND SCO UNIX. THE VIRUS WAS ABLE TO REPLICATE ITSELF AND SPREAD IN THE DOS ENVIRONMENT, BUT NOT IN SCO UNIX. 5. {U} ASSIST REQUESTS ANYONE HAVING INFORMATION ABOUT EQUIPMENT PURCHASED FROM THE SOURCES LISTED IN THIS MESSAGE NOTIFY ASSIST AND TAKE THE NECESSARY ACTIONS TO ENSURE ANY VIRUSES PRESENT ARE DETECTED AND REMOVED. 6. {U} POINT OF CONTACT: ASSIST POINT OF CONTACT FOR THIS MATTER IS MIKE HIGGINS, COMM {202} 373-8852\8855 / DSN 243-8852\8855 OR PHONE DSN 243-8000 AND ASK TO HAVE THE ASSIST DUTY OFFICER PAGED. ASSIST CAN BE REACHED 24 HOURS A DAY VIA PAGER. INSTRUCTIONS FOR USING THE PAGER SYSTEM TO REACH THE ASSIST TEAM ARE AS FOLLOWS: A. DIAL 1-800-759-7243 (1-800-SKY-PAGE). B. ENTER 213-3937, PRESS # BUTTON. C. ENTER TELEPHONE NUMBER OR OTHER NUMERIC MESSAGE FOR ASSIST, PRESS # BUTTON. D. CONFIRM MESSAGE, PRESS # BUTTON. (TO CANCEL MESSAGE PRESS * BUTTON). E. FOR HELP CALL 1-800-759-8737 (1-800-SKY-USER).