home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Turnbull China Bikeride
/
Turnbull China Bikeride - Disc 2.iso
/
STUTTGART
/
ANTIVIRUS
/
VIRUSINFO
< prev
next >
Wrap
Internet Message Format
|
1999-04-23
|
4KB
From rusmv1!ira.uka.de!yale.edu!qt.cs.utexas.edu!cs.utexas.edu!uunet!mcsun!uknet!ukc!acorn!aglover Mon Oct 21 12:57:26 MET 1991
Article: 2303 of comp.sys.acorn
Path: rusmv1!ira.uka.de!yale.edu!qt.cs.utexas.edu!cs.utexas.edu!uunet!mcsun!uknet!ukc!acorn!aglover
From: aglover@acorn.co.uk (Alan Glover)
Newsgroups: comp.sys.acorn
Subject: Re: Icon Virus
Message-ID: <10455@acorn.co.uk>
Date: 18 Oct 91 09:02:06 GMT
References: <3254@m1.cs.man.ac.uk>
Sender: aglover@acorn.co.uk
Distribution: comp
Organization: Acorn Computers Ltd, Cambridge, England
Lines: 90
Here's info on all the viruses I've come across so far. Mail me if you can
add to the list.
Alan
....
Viruses
A number of viruses have become known within the Acorn world and staff
at Acorn have been investigating how we may best help developers in
this area. The following information may be used as a guideline.
The Known Viruses
1) Extend
This lives in applications, using one of eight possible names. It
modifies/creates a !Boot file to load itself. Apart from claiming more and
more memory (eventually causing the system to run out of memory) it is
harmless, but very contagious.
Quick Check : Press <F12> and type 'help extend' - a message of the form
'Module is...' indicates that it's loaded.
2) Icon (also known as Filer)
There are a number of variants of this around - two have been encountered
already. Both use !Boot files to propagate. One variant does nothing apart
from spread itself. The other generates a nonsensical error message when it
is first loaded.
Quick Check : a file called Icon inside an application which is filetyped as
a sprite, but is actually BASIC.
3) FF8 (also known as ArchieVirus)
This is by far the oldest virus, but various bugs in its coding make the
chances of it successfully infecting other programs quite small.
Unlike the other viruses discussed here, it works by merging itself with
files typed FF8 (Absolute).
On the 13th of the month, any infected application will fail to run, giving
the message 'Archievirus strikes again'.
Quick Check : Load a file into !Edit, and look for '1210' at the end of the
file (though 'Hypo1210' indicates an innoculation instead).
4) RISCOSext (also known as Thanatos)
This is by far the worst of the viruses discussed here. It has various nasty
things on particular dates, with a random chance of something happening at
any time. Any outbreaks of this virus should be treated rapidly to avoid any
chance of data loss.
Quick Check : Look in the Task Manager display for 'Thanatos'.
5) DataDQM (also known as VigayVirus)
This one causes the screen to judder an increasing amount during each
Thursday.
Quick Check : An application called 'TaskManager' - not to be confused with
the real 'Task Manager' which will appear in the list of module tasks.
6) CeBit
Aside from infecting applications (via the !Boot file as usual) it will stop
proceedings on every 16th infection to display a message from 'Devil, The
Lord of Darkness'. This virus was discovered in Germany, and is not thought
to have spread to the UK yet.
Quick Check : press <F12>, then 'help tlodmod'. A message of the form
'Module is...' shows that it is loaded.
7) MyMod
This is a harmless virus, which will display a message on each Friday 13th.
It can exist in two forms, the first being the trojan used initially to
release it, and the second being the form in which it infects applications.
Quick Check : press <F12> then 'help mymod'. A message of the form 'Module
is...' shows that it is loaded.
--------------------------------------------------------------------------
aglover@acorn.co.uk - Moderator of comp.binaries.acorn/comp.sources.acorn
Mail submissions to submit@acorn.co.uk, other mail to moderator@acorn.co.uk