Crawly Crypt Collection 1

home *** CD-ROM | disk | FTP | other *** search

/ Crawly Crypt Collection 1 / crawlyvol1.bin / utility / virus / atarivir / atarivir.291 next >

Wrap

Text File | 1992-03-09 | 10KB | 160 lines

====================================================================== == Computer Virus Catalog (Version 1.2) == == *** 20 Atari Viruses *** == ====================================================================== == Status: Feburary 15, 1991 == == Classified: 6 Atari viruses (ATARIVIR.A89): Nov. 15, 1989 == == +12 Atari viruses (ATARIVIR.690): June 5, 1990 == == + 2 Atari viruses (ATARIVIR.291): Feb. 15, 1991 == ====================================================================== == List of 20 classified Atari Viruses: =Doc= == ------------------------------------ =---= == 1) ACA Virus =690= == 2) ANTI-2 Virus =690= == 3) ANTHRAX = Milzbrand Virus =A89= == 4) Blot Virus =690= == 5) c't Virus =A89= == 6) Emil 1A Virus = "Virus 1A" =A89= == 7) Emil 2A Virus = "Virus 2A" = mad Virus =A89= == + 8) Freeze Virus =291= == + 9) Gauweiler Virus =291= == 10) Goblins Virus =690= == 11) Kobold 2 Virus =690= == 12) Lab Virus =690= == 13) Mad Virus =690= == 14) Maulwurf (=Mole) Virus =690= == 15) Mouse (Inverter) Virus =A89= == 16) Oli Virus =690= == 17) Pirate Trap Virus =690= == 18) Screen Virus =690= == 19) Zimmermann-Virus =A89= == 20) 5th Generation Virus =690= == == == Remark: new entries are marked "+" in column 13; the suffix (A89,== == 690,291) refers to the documents where entry is published. == == == == We have problems to get Atari viruses, as many users wish to ex- == == change their viruses (like stamps) against our's, which we gene- == == rally refuse: the Virus Test Center's ethical standard says, that = == we do not help to spread viruses! Please send infected programs == == without preconditions; we may only then continue our work. == ====================================================================== ====== Computer Virus Catalog 1.2: Freeze Virus (31-January-1991) ==== Entry...............: "Freeze" Virus Alias...............: --- Strain..............: --- Detected when.......: October 1988 where......: Helmond (Netherlands) Clssification.......: System (bootsector) virus, overwriting Length of virus.....: 512 Bytes ------------------------Preconditions--------------------------------- Operating System(s).: Atari TOS Version\Release.....: All versions Computer models.....: All Atari ST -------------------------Attributes----------------------------------- Easy identification.: The words : $487A,$0010 can be found in the boot sector at Positon $100, or in memory at :phystop-$300+$100 (all: hex). Type of infection...: Executable bootsectors are not infected. Infection Trigger...: Execution of BIOS disk functions. Media affected......: The virus infects drive A and B. Interrupts hooked...: Timer interrupt installed for damage; hdv_bpb changed to infect bootsector of new disk. Damage..............: Every second the timer-routine increases a delay counter by 1 and then counting it down to zero; this will slowdown the system. Damage trigger......: When the virus is booted. Particularities.....: If harddisk SH204 is connected, the virus causes an address error and will not be installed. Similarities........: The same installation routine as MAD virus; only different damage action and damage trigger. ---------------------------------------------------------------------- Countermeasures.....: Make sure that virus is not in memory; modify last byte in bootsector to another value. Standard means......: Clear all bytes in bootsector beginning at offset 30 (decimal). -----------------------Acknowledgements------------------------------- Location............: Virus Test Center, University of Hamburg FRG Classification by...: Thomas Piehl Documentation by....: George R. Woodside Date................: 31-January-1991 ===================== End of FREEZE Virus ============================ === Computer Virus Catalog 1.2: "Gauweiler" Virus (31-January-1991) == Entry...............: "Gauweiler" Virus Alias(es)...........: --- Virus Strain........: --- Virus detected when.: November 1990 (?origin) where.: Kassel, FRG (?) (when/from where VTC received the sirus code) Classification......: Bootsector virus Length of Virus.....: 510 Bytes --------------------- Preconditions ---------------------------------- Operating System(s).: Atari-TOS Version/Release.....: 1.0, 1.2 ,1.4 Computer model(s)...: All types of the Atari ST series --------------------- Attributes ------------------------------------- Identification......: At the end of the boot sector, following text "AIDS" and "Gauweilers Rache V 3.0 4.7.88"; at the begin of bootsector: $52F6498A (hex). Remark: Dr. Gauweiler is a Bavarian politician well known for his resentments against people seeking asylum in Bavaria. Type of infection...: Infects bootsector of the disk A, if it is regarded to be uninfected, or if an old version of this virus is on bootsector (V2.0). Infection Trigger...: Check if bootsector is executable. Media affected......: Infection of disk in drive A. Interrupts hooked...: BIOS-trap used and changed by this virus. Damage..............: Infects the bootsector of the disk, if it is regarded to be uninfected; clears first 9 sectors of track 0 with the FAT. Damage Trigger......: If counter at start of virus + 6 modulo 32=0; value depends on number of infections. Particularities.....: --- Similarities........: --- --------------------- Agents ----------------------------------------- Countermeasures.....: Programs that calculate bootsector's checksum and modify it, if = $1234. Then, the sector is regarded as not executable. The suspected more dangerous second part of the virus might not be recognized because it does not need to have the correct checksum. Countermeasures successful: --- Standard means......: Write-protect the disk; write an easily identifiable bootsector; "manually" change the checksum to a value other than $1234. --------------------- Acknowledgement -------------------------------- Location............: Virus Test Center, University Hamburg, FRG Classification by...: Ralf Stegen Documentation by....: Ralf Stegen Date................: 31-January-1991 Information Source..: --- ===================== End of "Gauweiler" Virus ======================= ======================================================================= == The Computer Virus Catalog may be copied free of charges provided == == that the source is properly mentioned at any time and location == == of reference. == == == == Editor: Virus Test Center, Faculty for Informatics == == University of Hamburg == == Schlueterstr. 70, D2000 Hamburg 13, FR Germany == == Prof. Dr. Klaus Brunnstein, Simone Fischer-Huebner == == Tel: (040) 4123-4158 (KB), -4175 (SFH), -4162(Secr.) == == Email (EAN/BITNET): Brunnstein@RZ.Informatik.Uni-Hamburg.dbp.de == ======================================================================= == Critical and constructive comments as well as additions are == == appreciated. Especially, descriptions of recently detected viruses= == will be of general interest. To receive the Virus Catalog Format,== == please contact the above address. == ======================================================================= ======================================================================= == End of ATARIVIR.291 document == == (158 Lines, 10k Bytes) == =======================================================================