2.6 Examples of DOS Viruses

Team-Fly    

 
Malicious Mobile Code: Virus Protection for Windows
By Roger A. Grimes
Table of Contents
Chapter 2.  DOS Computer Viruses

2.6 Examples of DOS Viruses

There are so many kinds of DOS viruses that I often feel that mischievous minds have tried every imaginable trick. DOS viruses can infect during bootup or warm booting, across a network, when running programs, when copying files, when you scan files for computer viruses, or when you list the files on your hard drive. They have been known to use modems to dial long distance numbers when unsuspecting users left their PCs on at night. They can display elaborate graphics, sounds, and games . They can corrupt programs, data, and hardware settings. Although most virus payloads wait for a particular activation date or time, they can be computationally random or key off some other event (such as hitting Ctrl-Break). Others lie in wait for the user to unknowingly type in a particular keyword to set off some sort of damage routine. Computer viruses can taunt people and display questions the end user must answer in some twisted form of a quiz show. If you answer incorrectly, they do more damage.

The Cascade virus infects .COM files and makes the letters you were typing fall to the bottom of the screen. The Jerusalem virus infects .COM , .EXE , .BIN , .PIF , and .OVL files. It displays a "pong" black box that floats around the screen and it will delete any executables run on Friday the 13. The Flip virus horizontally flips the screen image between four and five o'clock. The Keypress bug randomly interferes with keyboard typing so that a user thinks she is continually making mistakes. The Sunday virus admonishes users for working on Sundays as it deletes data. The Joshi virus pops up a message each July 5 asking that the user type in "Happy Birthday Joshi." Users who follow the instructions are allowed to work again, otherwise the system will hang. The Holland Girl virus contains a woman 's name and address and asks the infected user to send a postcard. The virus is believed to have been written by an ex-boyfriend.

Viruses work for and against each other. The V2100 virus checks for the leftover existence of the Anthrax virus on the last sectors of a hard drive, and if present, moves it to the hard drive's master boot sector so Anthrax gets control. Some viruses look for and erase other viruses. Such is the case with the Den Zuk boot virus. It will deliberately look for and remove the Ohio or Pakistani Brain viruses as it infects. Some versions of the Yankee Doodle virus look for the Ping Pong virus and modify it so that it becomes destructive. Some versions of Sampo , a boot sector- infecting virus, includes another virus, Kampana , within the code. A clean, write-protected diskette could be made to falsely appear as if it is infected by Kampana . When users then unprotect the diskette to clean the Kampana virus, Sampo jumps in to infect the diskette's boot sector.

Viruses have provided a new forum for distributing political statements. The Bloody virus activates after 128 PC reboots and displays the message, "Bloody! June 4, 1989," the date of the Chinese Army's Tiananmen Square massacre of college students. The Sadam virus, released during the Desert Storm conflict, cautions the Iraqi leader with, "Hey Sadam, Leave Queit(sic) Before I Come!"

Some viruses are meant to be comical like the Red Cross virus that sends a siren-sounding ASCII ambulance careening across the screen or the Yankee Doodle virus that plays `Yankee Doodle Dandy' on PC speakers at 4 p.m. Others are meant from the ground up to do damage. The Ripper virus randomly switches bytes around in the DOS write buffer (i.e., the operating system area used to store data when copying and writing data). This results in the slow, sometimes unnoticeable corruption of programs and data. Some, like Michelangelo , write random characters over the first 10MB of the hard disk, effectively destroying all the data. And even if viruses don't mean to cause intentional harm, they usually end up causing problems anyway. The next few sections will explain how to detect, remove, and prevent DOS-based viruses.


Team-Fly    
Top


Malicious Mobile Code. Virus Protection for Windows
Malicious Mobile Code: Virus Protection for Windows (OReilly Computer Security)
ISBN: 156592682X
EAN: 2147483647
Year: 2001
Pages: 176

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net