home *** CD-ROM | disk | FTP | other *** search
/ The Atari Compendium / The Atari Compendium (Toad Computers) (1994).iso / files / umich / utils / virus / atarivir.lzh / atarivir.690 < prev    next >
Text File  |  1992-03-10  |  34KB  |  643 lines
  1. ========================================================================
  2. ==                Computer Virus Catalog (Version 1.2)                ==
  3. ==                      *** 18 Atari Viruses ***                      ==
  4. ========================================================================
  5. ==      Status:        June 5, 1990                                   ==
  6. ==      Classified:  6 Atari-Viruses (ATARIVIR.A89): Nov. 15, 1989    ==
  7. ==                 +12 Atari-Viruses (ATARIVIR.690): June  5, 1990    ==
  8. ========================================================================
  9. ==       List of classified Atari Viruses:                         =Doc=
  10. ==       ---------------------------------                         =---=
  11. ==          +  1) ACA Virus                                        =690=
  12. ==             2) Anthrax = Milzbrand Virus                        =A89=
  13. ==          +  3) ANTI-2 Virus                                     =690=
  14. ==          +  4) Blot Virus                                       =690=
  15. ==             5) c't Virus                                        =A89=
  16. ==             6) Emil 1A = "Key" = "BPL" Virus ="Virus 1A"        =A89= 
  17. ==             7) Emil 2A Virus = "Virus 2A"                       =A89=
  18. ==          +  8) Goblins Virus                                    =690=
  19. ==          +  9) Kobold 2 Virus                                   =690=
  20. ==          + 10) LAB Virus                                        =690=
  21. ==          + 11) MAD Virus                                        =690=
  22. ==          + 12) Maulwurf (=Mole) Virus                           =690=                  
  23. ==            13) Mouse (Inverter) Virus                           =A89=
  24. ==          + 14) Oli Virus                                        =690=
  25. ==          + 15) Pirate Trap Virus                                =690=
  26. ==          + 16) Screen Virus                                     =690=
  27. ==            17) Zimmermann-Virus                                 =A89=
  28. ==          + 18) 5th Generation Virus                             =690=
  29. == Remark: new entries are marked "+" in column 13; the suffix (A89,  ==
  30. == 690) refers to the specific documents where entry is published.    ==
  31. ==                                                                    ==
  32. == Presently, the following viruses are analysed:                     ==
  33. ==             .) Freeze Virus                                        ==
  34. == Generally, we have problems to receive Atari viruses for analysis, ==
  35. == since many users wish to exchange their viruses (like stamps)      ==
  36. == against our's, which we principally refuse: the Virus Test Centers ==
  37. == ethical standard is, that we do not spread viruses!                ==
  38. ========================================================================
  39.  
  40.  
  41. ======== Computer Virus Catalog 1.2: "ACA"-VIRUS (5-June-1990) ========
  42. Entry............... "ACA" Virus
  43. Alias............... ---
  44. Strain.............. ---
  45. Detected when....... October 1988
  46.          where...... Utrecht (Netherlands)
  47. Classification...... System (Bootsector) Virus, Reset-resident
  48. Length of virus..... 512 Bytes
  49. ------------------------Preconditions----------------------------------
  50. Operating System(s). Atari TOS
  51. Version\Release..... All versions
  52. Computer models..... All Atari ST,STE
  53. -------------------------Attributes------------------------------------
  54. Easy identification. If the bootsector is infected, the string "ACA"
  55.                      can be found at bootsector position $04 and $4E.
  56.                      In memory, the same string can be found at $630.
  57. Type of infection...: Self-Identification: The Virus tests boot sector-
  58.                       position 4 for String "AC"; if string does not 
  59.                       match, virus infects boot sector.
  60.                       Reset-resident at address $600 via magic long-
  61.                       word ($12123456) and checksum ($1234).
  62. Infection Trigger...: Reset
  63. Storage media affected: The virus infects drive A,B!
  64. Interrupts hooked...: No Interrupts used.
  65.                       No system vectors changed
  66. Damage..............: Permanent Damage: Only after reset overwriting 
  67.                       boot sectors.
  68.                       Transient Damage: Clearing first track
  69. Damage Trigger......: Damage occurs after 10 infections. 
  70. Particularities.....: ---
  71. Similarities........: ---
  72. --------------------- Agents -----------------------------------------
  73. Countermeasures.....: Program that search for reset-resident programs, 
  74.                       especialy lower system area ($800).
  75.                       Programs that calculate the checksum and change 
  76.                       it, if it is $1234; the sector is then regarded
  77.                       as not executable. Reboot the system with a
  78.                       'clean' disk! ( Category 1.3 ).
  79. Countermeasures successful:---
  80. Standard means......: Write-protect the disk. 
  81.                       Write a well-known program to the boot sector;
  82.                       'manually' change the checksum to a value other 
  83.                       than $1234.
  84. --------------------- Acknowledgement ---------------------------------
  85. Location............: Virus Test Center, University Hamburg, FRG
  86. Classification by...: Thomas Piehl  
  87. Documentation by....: Thomas Piehl 
  88. Information Source..: from George R. Woodside           
  89. Date................: 5-June-1990
  90. ==================== End of "ACA"-VIRUS ===============================
  91.  
  92.  
  93. ======== Computer Virus Catalog 1.2 "ANTI-2" Virus (5-June-1990) ======
  94. Entry............... "Anti-2" Antivirus Virus
  95. Alias............... ---
  96. Strain.............. ---
  97. Detected when....... October 1988
  98.          where...... Helmond (Netherlands)
  99. Clssification....... Bootsector Virus
  100. Length of virus..... 512 Bytes
  101. ------------------------Preconditions----------------------------------
  102. Operating System(s). Atari TOS
  103. Version\Release..... All versions
  104. Computer models..... All Atari ST
  105. -------------------------Attributes------------------------------------
  106. Easy identification. The string : "This Anti-Virus beeps" can be found 
  107.                         in the bootsector at Byte Nr. $1E, or in memory 
  108.                         at Dskbufp+$600+$1E.
  109. Type of infection... Any non-executable Bootsector will be overwritten
  110. Infection Trigger... Execution of BIOS disk function Getbpb.
  111. Media affected...... Any kind of media. 
  112. Interrupts hooked... hdv_bpb vector (used by BIOS disk functions).
  113. Damage.............. ---
  114. Damage trigger...... ---
  115. Particularities..... The Program can be used as an anti-virus. If the
  116.                         bootsector is executable, the program produces 
  117.                         a sound and the screen flashes.
  118. Similarities........ ---
  119. -----------------------------------------------------------------------
  120. Countermeasures..... Make sure that the virus is not in memory. Modify
  121.                         the last byte in bootsector to another value.
  122. Standart means...... Clear all bytes in bootsector beginning at
  123.                         offset 30 decimal.
  124. -----------------------Acknowledgements--------------------------------
  125. Location............ Virus Test Center, University of Hamburg, FRG
  126. Classification by... Andre' Schaper
  127. Documentation by.... Andre' Schaper
  128. Information Source.. George R. Woodside
  129. Date................ 5-June-1990
  130. ==================== End of "Anti-2" Virus ============================
  131.  
  132.  
  133. ======== Computer Virus Catalog 1.2: "Blot" Virus (5-June-1990) =======
  134. Entry............... "Blot" Virus
  135. Alias............... ---
  136. Strain.............. ---
  137. Detected when....... May 1988
  138.          where...... Amherst (USA)
  139. Classification...... Boot sector virus
  140. Length of virus..... 681 Bytes
  141. ------------------------Preconditions----------------------------------
  142. Operating System(s). Atari TOS
  143. Version\Release..... ROM TOS from 02.06.1986; in other versions,
  144.                          no action is performed.
  145. Computer models..... All Atari ST
  146. -------------------------Attributes------------------------------------
  147. Easy identification. In memory at Phystop +34 and in the boot sector at 
  148.                      the same offset, the following bytes can be found:
  149.                          $0206198600FC0018 
  150. Type of i