This is an emergency warning. As such it has been sent to several important
lists; please excuse the multiple cross-posting.
 
A dangerous REXX exec named DIR EXEC has been detected on our node, thanks
to a watchful recipient. This exec purports to be able produce a directory
listing of the user's disks in a MS/DOS (PC) format.
 
However, when the exec is run, it will produce the promised listing BUT it
will also send a copy of itself to all net addresses found in the user's
NAMES and NETLOG files.
 
This will, of course, swamp the BITNET network in a very short time if it
is allowed to run unchecked. Its behavior is, damagewise, identical to the
CHRISTMA EXEC which attacked both BITNET and VNET (IBM's corporate net)
approximately three years ago.
 
All system operators, postmasters and people in charge: if you find the DIR
EXEC in your system's RDR queue, flush immediately. The copy we detected has
the following characteristics:
 
FILENAME FILETYPE FM FORMAT LRECL       RECS     BLOCKS
DIR      EXEC     B1 V        116        167          1
 
The datestamp is not a reliable indicator; in two different copies found in
our RDR queue, the date was different.
 
Also, please post warnings on your systems, alerting your users about this
problem.
 
Thanks for your immediate attention to this urgent problem.
 
Juan
 
/-----------------------------------------------------------------------\
  Juan M. Courcoul                  | Phone: (835) 820-0000  Ext. 4151
  Postmaster / Listserv Coordinator |
  Dept. of Academic Services        | Net: [log in to unmask]
  Monterrey Campus                  |      [log in to unmask]
  Monterrey Institute of Technology |      [log in to unmask]
  Monterrey, N. L., Mexico  64849   |      [log in to unmask]
\-----------------------------------------------------------------------/