PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICE
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE
MANAGER {IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,300/DS-SIM {DCPO}
SUBJ:  CDEF VIRUS FOUND IN DEVICE DRIVER SOFTWARE {AUTOMATED
SYSTEMS SECURITY INCIDENT SUPPORT TEAM {ASSIST} 92-52}
1.  ASSIST WAS NOTIFIED BY A DOD ELEMENT ON 19 JUNE 92, THAT THE
SITE HAD RECEIVED FLOPPY DISKS CONTAMINATED WITH THE CDEF
{MACINTOSH INFECTOR} VIRUS.  THE CONTAMINATED DISKS CONTAINED THE
DEVICE DRIVER SOFTWARE FOR A SEIKO COLORPOINT PS-X PRINTER THAT
HAD RECENTLY BEEN PURCHASED.  THE VIRUS WAS DISCOVERED AT THE SITE
WHEN THE FLOPPY DISKS WERE REMOVED FROM THE VENDOR APPLIED SHRINK
WRAPPED PLASTIC PACKAGING AND SCANNED ON A STAND ALONE PC.  THE
PRINTER WAS PURCHASED FROM AMERICAN COMPUTER RESOURCES OF
VIRGINIA.
2.  THE SITE REPORTING THIS INCIDENT WAS ABLE TO AVOID WIDESPREAD
INFECTION OF ADP SYSTEMS THROUGH THE USE OF SOUND VIRUS SCANNING
PROCEDURES.  SOFTWARE/HARDWARE PRODUCTS DELIVERED FROM THE VENDOR 
IN FACTORY SEALED PACKAGING CANNOT BE TRUSTED AS VIRUS FREE.  ALL
SOFTWARE/HARDWARE AND MEDIA CONTAINING DATA COMING INTO DOD
FACILITIES FROM ANY SOURCE SHOULD BE SCANNED FOR COMPUTER VIRUSES. 
THE VIRUS SCANNING SHOULD BE COMPLETED USING STANDALONE EQUIPMENT
DEDICATED TO THIS FUNCTION WHENEVER POSSIBLE.
3.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.  ASSIST CAN BE REACHED VIA E-MAIL
AT "DOD-CERT{AT-SIGN}DDN-CONUS.DDN.MIL."