home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / SWAP.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  3.8 KB  |  96 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ====== Computer Virus Catalog 1.2: "Swap" Virus (15-Feb-1990) ========
  11.  
  12. Entry...............: Swap Virus
  13. Alias(es)...........: = Israeli Boot Virus
  14. Virus Strain........: ---
  15. Virus detected when.: June, 1989
  16.               where.: Israel
  17. Classification......: Boot Sector infection, resident in RAM
  18. Length of Virus.....: 1.   740 Byte on storage medium
  19.                       2. 2.048 Byte in RAM
  20.  
  21. -------------------- Preconditions -----------------------------------
  22. Operating System(s).: MS-DOS
  23. Version/Release.....: versions 2.0 or later
  24. Computer model(s)...: ---
  25.  
  26. -------------------- Attributes -------------------------------------
  27.  
  28. Easy Identification.: A) Boot sector:
  29.                          A1) Bytes from $16A in boot sector are:
  30.                              31 C0 CD 13 B8 02 02 B9 06 27 BA 00
  31.                              01 CD 13 9A 00 01 00 20 E9 XX XX
  32.                          A2) First 3 bytes in boot sector are:
  33.                              JMP 0196 (this is, the boot sector was
  34.                                        loaded to CS:0)
  35.                       B) FAT: track 39 sector 6-7 are marked as bad.
  36.                       C) The message:
  37.                            "The Swapping-Virus. (C) June, by the CIA"
  38.                          located in bytes 02B5-02E4 on track 39,sector
  39.                          7.
  40.  
  41. Type of infection...: Resident in RAM. A diskette is infected when it
  42.                           is inserted into the drive and ANY command
  43.                           that reads from or writes to the diskette is
  44.                           executed.
  45.  
  46. Infection Trigger...: Virus starts to work after 10 minutes.
  47.  
  48. Storage media affected: Infects diskettes; hard disks are NOT
  49.                            infected.
  50.  
  51. Interrupts hooked...: Int $8 Timer-Tick: responsible for
  52.                            letter-dropping
  53.  
  54.                       Int $13 Disk Drive: Infects!
  55.  
  56. Damage..............: Permanent Damage: track 39 sector 6-7 will be
  57.                       marked as bad.
  58.  
  59. Damage Trigger......: Whenever a diskette is infected.
  60.  
  61. Particularities.....: A diskette will be infected only if track 39
  62.                       sectors 6-7 are empty.
  63.  
  64. Similarities........: ---
  65.  
  66. -------------------- Agents ------------------------------------------
  67.  
  68. Countermeasures.....: Category 1: .1 Monitoring Files:          ---
  69.                                   .2 Monitoring System Vectors: ---
  70.                                   .3 Monitoring System Areas:   ---
  71.                       Category 2: Alteration Detection:         ---
  72.                       Category 3: Eradication:                  ---
  73.                       Category 4: Vaccine:                      ---
  74.                       Category 5: Hardware Methods:             ---
  75.                       Category 6: Cryptographic Methods:        ---
  76.  
  77. Countermeasures successful: ---
  78.  
  79. Standard means......: ---
  80.  
  81. ------------------- Acknowledgement ---------------------------------
  82.  
  83. Location............: Weizmann Institute, Rehovot
  84. Classification by...: Yuval Tal
  85. Documentation by....: Yuval Tal
  86. Date................: August 1989
  87. Information Source..:
  88.  
  89.  
  90. =================== End of "Swap"-Virus =============================
  91.  
  92.  
  93.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  94.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  95.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  96.