johnv@tower.actrix.gen.nz (John Veldthuis) (05/07/91)
I have worked out what the Saddam virus does and it is very nasty. There are a few different stages to it so I will go through it. It infects your machine by AmigaDOS using the Disk-Validator on the disk you insert in the drive. When you write to the root directory of any drive the virus will move the BitMap page pointer to another slot. If the virus is active then when the root block is read it moves it back so AmigaDOS thinks the disk is okay. If the virus is not running AmigaDOS will see no BitMap pages and run the Disk-Validator on the disk and infecting your machine again. When AmigaDOS writes to Data blocks the virus will change the first bit to IRAK and encode the rest of the block. If the virus is running when the block is read it replaces in memory the IRAK with the proper number (8) and decode the data block. If the virus is not running you will get a read write error as AmigaDOS can't find a valid DATA block there. No comes the worst bit. When the virus is triggered it will (if the disk is write enabled) wipe out both sides of the disk with random data (what ever is in memory at the time) by writing to every track on the disk. It will then bring up an Alert() telling you it is the SADDAM virus and reboot the machine once the alert is canceled. So beware this virus and try to wipe it out early. Please CBM fix this little loophole before you finish 2.0 so that the Disk-Validator is got from L: instead of :L/ first -- *** John Veldthuis, NZAmigaUG. johnv@tower.actrix.gen.nz ***
peter@cbmvax.commodore.com (Peter Cherna) (05/07/91)
In article <4917.tnews@tower.actrix.gen.nz> johnv@tower.actrix.gen.nz (John Veldthuis) writes: >Please CBM fix this little loophole before you finish 2.0 so that the >Disk-Validator is got from L: instead of :L/ first The disk-validator for 2.0 is part of the file-system, which is in ROM. On-disk copies of disk-validator are ignored, and there is no 2.0 version of disk-validator on disk. Yet another good reason to upgrade when the time comes... >*** John Veldthuis, NZAmigaUG. johnv@tower.actrix.gen.nz *** Peter -- Peter Cherna, Operating Systems Development Group, Commodore-Amiga, Inc. {uunet|rutgers}!cbmvax!peter peter@cbmvax.commodore.com My opinions do not necessarily represent the opinions of my employer. "If all you have is a hammer, everything looks like a nail."
peter@cutmcvax.cs.curtin.edu.au (Peter Wemm) (05/12/91)
johnv@tower.actrix.gen.nz (John Veldthuis) writes: [... how it works, what it does - deleted.. ] >So beware this virus and try to wipe it out early. >Please CBM fix this little loophole before you finish 2.0 so that the >Disk-Validator is got from L: instead of :L/ first >-- >*** John Veldthuis, NZAmigaUG. johnv@tower.actrix.gen.nz *** I beleive that 2.0 has the disk validator in rom? I dont think that the disk -- Peter Wemm ------------------------------------------------------------------------------ peter@cs.curtin.edu.au (Home) +61-9-450-5243 Curtin University of Technology, Perth, Western Australia. Nuke the Simpsons!