| Alias: | --- |
| Strain: | --- |
| detected when: | October 1991 |
| where: | Cornell University, USA |
| Classification: | Hypercard stacks infector |
| Length: | 1384 Bytes (XCMD Resources) |
Preconditions | |
| Operating System(s): | MacOS proprietary and Hypercard |
| Version/Release: | All |
| Computer model(s): | Apple Macintosh: all models with 128 KByte ROM |
| Caroname: | Merry_Xmas |
Attributes | |
| Easy identification: | Stack contains resources "XCMD" ID 69 and ID 405 |
Type of Infection: | |
| Infection Technique: | XCMD 69 "openbackground", XCMD 405 "viralcopy" |
| Infection Trigger: | Virus will infect other stack scripts when an infected stack is opened. An uninfected Home stack will be infected first. |
| Storage Media affected: | |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent/Transient damage: Virus contains an XCMD which will shutdown the System without saving open documents; therefore, new documents are lost. But virus script does not contain any command to execute XCMD. |
| Damage Trigger: | The script contains no commands to execute the damage routine which is in XCMD id 69 (at least in the version available for analysis). |
| Particularities: | Virus is written in Hypertalk. |
| Similarities: | --- |
Agents | |
| Countermeasures: | merryxmas vaccine |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Thomas Piehl, Ralf Stegen |
| Documentation by: | Ralf Stegen |
| Date: | 31-July-1993 |
| Information Source: | --- |
(c) 1996 Virus-Test-Center, University of Hamburg