c't Virus

Alias:	---
Strain:	---
detected when:	---
where:	---
Classification:	System (=BootSector) Virus, Reset-resident.
Length:	512 Byte
Preconditions
Operating System(s):	ATARI-TOS
Version/Release:	1.0 (06.02.86), 1.2 (TOS 1.4 not tested)
Computer model(s):	All types of the Atari ST Series
Caroname:	c't_Virus
Attributes
Easy identification:	---
Type of Infection:	The virus tests two longwords near the top of the available memory at locations (memtop)-$200 and (memtop)-$200+$A. The first longword is checked for $12123456, the second one for $07A31CDF. If one of these doesnot match, the virus is installed. The virus is reset-resident. 1st: Virus is copied to a new location in memory; 2nd: Virus's age is increased by 1.
Infection Technique:
Infection Trigger:	Each time a diskette is changed, the new one will be infected.
Storage Media affected:	Damages Hard disks.
Interrupts hooked:	No interupts used.hdv_bpb and hdv_mediach vectors are changed for installation in the system.
Stealth:
Tunneling/Selfprot:
Oligo/Polymorphism:
Encoding Method:
Damage:	Transient/Permanent damage: A damage can occur only if a harddisk is connected to the system. Because of an error in the virus, the partition information will be destroyed, if the virus tries to write to the harddisk. Otherwise, the following message is displayed on the screen after every 20th infection: "ARRRGGGHHH Diskvirus hat wieder zugeschlagen"
Damage Trigger:	Value of infection counter: every 20th infection.
Particularities:	---
Similarities:	---
Agents
Countermeasures:	---
Standard means:	Write-protect the disk. Write a well-known program to the boot sector; 'manually' change the check- sum to a value other than $1234 .
Acknowledgements
Location:	Virus Test Center, University Hamburg, FRG
Classification by:
Documentation by:	Michael Gaudlitz
Date:	July 30, 1989
Information Source:	c't (Computer Magazine)

c't Virus

Preconditions

Attributes

Agents

Acknowledgements