NYYUVAL%WEIZMANN.BITNET@VMA.CC.CMU.EDU (Yuval Tal (972)-8-474592) (09/21/89)
There is a new virus in Israel. It has been going around in Israel
since August. The name of the virus is MIX1 becuase of its signature.
Ori Berger (the author of JIV - an anti-viral software which was
written in Israel) made a program that identifies the virus and
exterminates it. (I myself, got the virus but didn't look at it yet.
After I disassemlies it, I'll report back). This following report
was made by him:
Virus Name..............: The Mix1
Attacks.................: .EXE files
Virus Detection when....: 22.August.1989
at......: Israel
Length of virus.........: 1. The infected .EXE files are growing bigger
in 1618-1634 bytes.
2. 2048 bytes in RAM.
Operating system(s).....: PC/MS DOS version 2.0 or later.
Identifications.........: 1) The signature at the EOF of each infected
file is - MIX1 .
2) Byte 0:33C=77h.
Type of infection.......: .EXE files only. The virus is put at the end
of the .EXE file and the header is changed to
point to the virus beginning at the file.
Infection trigger.......: EXE file execution through interrupt 21h
service 4bh.
Interrupt hooked........: 14h,17h,21h, optionally 8,9 (after 6th level
of infection).
Damage..................: Garbled output on parallel and serial
connections, optionally boot is disabled,
num-lock is constantly on.
Damage trigger..........: Loading of infected file. After 6th level
infection vectors 8 and 9 are hooked.
Particularities.........: 1) All output through vectors 14h and 17h is
garbled.
2) Booting may crash the computer(possibly
a bug).
3) Memory allocation is done through direct
MCB control.
4) Does not allocate stack, and therefore
makes some files unusable.
5) Infects only files which are bigger than
16K (This makes disassembly very hard).
- -Yuval
+--------------------------------------------------------------------------+
| BitNet: NYYUVL@WEIZMANN Domain: NYYUVAL@WEIZMANN.WEIZMANN.AC.IL |
| InterNet: NYYUVAL%WEIZMANN.BITNET@CUNYVM.CUNY.EDU |
+-----------------------------------+--------------------------------------+
| Yuval Tal | "Remember - the next time you hear a |
| The Weizmann Institute Of Science | fighter jet go by - you are hearing |
| Rehovot, Israel | the SOUNDS OF FREEDOM" - Major Bill |
+-----------------------------------+--------------------------------------+