floyd@starsend.UUPC (Floyd Miller) (09/14/89)
An article in the September 11th issue of Info-World warns of a DOS virus which is supposed to be triggered on Oct. 12 and destroy hard disk track 0. It is has been called, "Datacrime 89", A.K.A "The Columbus Day Virus", A.K.A. "The Icelandic Virus." It is reported to propogate itself by attaching to .COM files (COMMAND.COM is supoosed to be immune). The article offers a possible way to determine if your file system might be infected. Has anyone discovered this beasty on their system? ******* ***************************************************** ***** ********************** Floyd Miller ************ *** ******************************************** * ************ floyd%starsend@PRC.Unisys.com ***** starsend!floyd@burdvax.PRC.Unisys.com *** *
erck12@castle.ed.ac.uk (Gnome) (09/15/89)
In article <0000@starsend.UUPC> floyd@starsend.UUCP writes:
-An article in the September 11th issue of Info-World warns of a DOS virus
-which is supposed to be triggered on Oct. 12 and destroy hard disk track 0.
-It is has been called, "Datacrime 89", A.K.A "The Columbus Day Virus",
-A.K.A. "The Icelandic Virus."
Could someone post to tell the world how to detect this virus. I think
there is considerable interest!
--
Geoff Ballinger, JANET: Geoff@Ed.Ac.Uk
CS/AI, ARPA: Geoff%Uk.Ac.Ed@nsfnet-relay.Ac.Uk
Edinburgh University. UUCP: ...!uunet!mcvax!ukc!Ed.Ac.Uk!Geoffgcw20877@uxa.cso.uiuc.edu (G. Wang) (09/15/89)
In article <0000@starsend.UUPC> floyd@starsend.UUCP writes: >An article in the September 11th issue of Info-World warns of a DOS virus >which is supposed to be triggered on Oct. 12 and destroy hard disk track 0. >It is has been called, "Datacrime 89", A.K.A "The Columbus Day Virus", >A.K.A. "The Icelandic Virus." > >It is reported to propogate itself by attaching to .COM files (COMMAND.COM >is supoosed to be immune). The article offers a possible way to determine >if your file system might be infected. > >Has anyone discovered this beasty on their system? > I just want to state promptly that the DATACRIME VIRUS is *NOT* a large risk in the USA... The comp.virus newsgroups is a very good newsgroup to read if you are interested in the current events of viruses... There have been about 40 cases reported in Europe and only 7 reported cases in the USA... The paranoia stirred up by recent articles should be freak out the average user... Basically the most common virus (as reported by John McAfee, author of VIRUSCAN) reported in the past 30 days is the JERUSALEM-B virus... I don't recall the exact percentage break downs but after that follows 1701/1704 Boot Virus, Ping Pong, and Cascade... All other viruses compose only about 5% I think it was... I highly recommend John McAfee's VIRUSCAN program.. It can be found on many BBS and also on SIMTEL... The most recent versions can be found on John's BBS - HomeBase BBS - (408) 988-4004 Hope this helps... George Wang University of Illinois gcw20877@uxa.cso.uiuc.edu
lisbon@vpnet.UUCP (Gerry Swetsky) (09/15/89)
In item 1646 on vpnet, floyd@starsend.UUPC [Floyd Miller] warns: > An article in the September 11th issue of Info-World warns of a DOS virus > which is supposed to be triggered on Oct. 12 and destroy hard disk track 0. > It is has been called, "Datacrime 89", A.K.A "The Columbus Day Virus", > A.K.A. "The Icelandic Virus." A large group of infected disks which aren't destroyed on the 12th might meet their Waterloo on the following day, Friday October 13th, another popular day for triggering trojan horse programs! Sounds like a nice week to go on vacation! -- ============================================================================= | Help stamp out stupid .signature files! Gerry Swetsky | | | | Home (312)833-8122 Vpnet (312)833-8126 lisbon@vpnet.uucp | =============================================================================
frisk@rhi.hi.is (Fridrik Skulason) (09/18/89)
In article <0000@starsend.UUPC> floyd@starsend.UUCP writes: >An article in the September 11th issue of Info-World warns of a DOS virus >which is supposed to be triggered on Oct. 12 and destroy hard disk track 0. >It is has been called, "Datacrime 89", A.K.A "The Columbus Day Virus", >A.K.A. "The Icelandic Virus." A few corrections: 1) This virus will NOT attack on Oct. 12. The activation date is Oct. 13. The relevant part of the virus looks as follows: MOV AX,startdate ; AX = OCT. 12 CMP AX,current ; compare to current date JL Destroy ; if Oct 12. < current, format disk JMP Infect ; Else infect program Note that keeping your computer turned off on Oct 13. will not protect you in any way - the virus will format the start of drive C: the first time an infected program is run ANYTIME AFTER OCT. 12. 2) This virus has NOTHING what so ever to do with the Icelandic virus. That virus has no specific activation date. 3) This virus exists in two different versions, called "1168" and "1280". >It is reported to propogate itself by attaching to .COM files (COMMAND.COM >is supoosed to be immune). Any .COM file where the seventh letter in the name is "D" is immune. > >Has anyone discovered this beasty on their system? > This virus is VERY rare. In fact, it is almost only known in Europe, and has only been reported at 50 sites or so. It is NOT a serious threat in the USA, at least not compared to the other two or three viruses that will attack on the same date. Programs to detect/remove this virus (and the other 20 viruses or so) are available. See comp.virus for more information on this (and other viruses). -- Fridrik Skulason University of Iceland frisk@rhi.hi.is Guvf yvar vagragvbanyyl yrsg oynax .................