n8735053@unicorn.wwu.edu (Iain Davidson) (10/29/89)
In article <0007.8910261143.AA02119@ge.sei.cmu.edu> okay@tafs.mitre.org (Okay S J) writes: >I received this from Amiga-relay this morning....From all reports, it >appears that Xeno, if it is a virus, is the 1st non-boot infector virus >in the Amiga community. All the others I've seen so far live in the boot >sector and most Amiga anti-virals seem to only worry about the boot sector >and in RAM at the time. >I'll cross-post anything I hear from either side to their respective >lists. > >Stephen Okay Technical Aide, The MITRE Corporation >x6737 OKAY@TAFS.MITRE.ORG/m20836@mwvm.mitre.org [Text deleted] Well, while up in Vancouver, BC at an Amiga Users Group meeting, a interesting thing was demostrated..... I call it the "2608" virus. (don't know the offical name). It worked like the IRQ virus attaching itself to the first executable in the startup-sequence. But with a slight twist. It would copy the found executable to devs:" " and copy itself into the old name in the "C" directory (size 2608 bytes). The way that it was noticed was that the person had typed "echo blah blah" in his startup-sequence, but in "C" directory he had "echo" called "Echo" . One day he had noticed that the command was in all lowercase and 2608 bytes long (not the usual 653? bytes long). He also noticed that he had a extra file " " in the devs: directory the same size as the echo command. Evidently, the virus copyed itself to the command location, then copied the command to the devs: directory. Everytime the command was executed it would call the virus-program which in turn would call the REAL command. Appearing as though all worked fine. Another interesting thing.... about every 5 times he warm-boot, a message would come up saying something like "Virus Exterminator.. blah blah.... Virus by Blah Blah (i don't remember the specifics)" this only appeared for a brief second ... not long enough to read the whole thing. Anybody else have any info on this ? - -Iain Davidson IAIN@wwu.edu n8735053@unicorn.wwu.edu uw-beaver!wwu.edu!IAIN