"Lisbon" Virus

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************


 

 

===== Computer Virus Catalog 1.2: "Lisbon Virus" (5-June-1989) ======


Entry...............: "Lisbon" Virus

Alias(es)...........: ---

Virus strain........: Vienna Virus strain

Virus detected when.: ---

              where.: ---

Classification......: Program virus (extending), direct action

Length of virus.....: 648 bytes


--------------------- Preconditions ----------------------------------


Operating system(s).: MS-DOS

Version/release.....: 2.0 and higher

Computer model(s)...: All MS-DOS machines


--------------------- Attributes -------------------------------------


Easy identification.: Last five bytes of file = "@AIDS" (Ascii)


Type of infection...: Self-Identification: The time stamp of an

                           infected file is changed: the seconds are

                           set to 62 (= 2 * 1Fh).

                           When infected file is executed, .COM-files

                           in the current directory as well as in the

                           directories in the DOS-PATH are extended by

                           appending the viral code; no infection if

                           the file size<10 or file size>64000 bytes.


Infection trigger...: A selected .COM-file is infected by "random" IF

                           (system seconds AND 58h) <> 0 ELSE damaged!


Storage media affected: Current media and media accessed via DOS-PATH.


Interrupts hooked...: --


Damage..............: A selected .COM-file is damaged permanently:

                           Overwriting the first five bytes by "@AIDS"


Damage trigger......: IF (system seconds AND 58h) = 0, ELSE infection!


Particularities.....: The virus ignores READ-ONLY and HIDDEN

                      attributes.


Similarities........: Dissimilarities to Vienna:

                           Different trigger byte (7);

                           the five damage bytes are changed.


--------------------- Agents -----------------------------------------


Countermeasures.....: Category 3: ANTI!LIS.EXE (d:) (/f)


Countermeasures successful: My Antivirus ANTI!LIS.EXE looks for

                           infected files on a given drive (d:) and

                           optionally removes the virus (if /f given).


Standard means......: ---


--------------------- Acknowledgement -------------------------------


Location............: Virus Test Center, University Hamburg, FRG

Classification by...: Daniel Loeffler

Documentation by....: Daniel Loeffler

Date................: June 5, 1990

Information Source..: ---



===================== End of "Lisbon"-Virus =========================

 


  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live fro...
Read more

Evidence supporting quantum information processing in animals

              Evidence supporting quantum            information processing in animals                    James A. Donald                    1068 Fulton Av                    Sunnyvale, CA 94089-1505                    USA I show that quantum systems can rapidly solve some problems for which finite state machines require a non- polynomially large time. This class of problems is closely related to the class of problems that animals can solve rapidly and effortlessly, but are intractable for computers by all known algorithms. 1. Introduction      Animals, including very simple animals, can rapidly and effortlessly perceive objects, whereas computers take nonpolynomial time to do this by all...
Read more

ARMIES OF CHAOS

                          ARMIES OF CHAOS -      Before anyone proposes more gun control, he or she should know  about a simple, deadly weapon 4 times as powerful as Dirty Harry's  legendary .44 Magnum -- and at least twice as concealable -- that  _can't_ controlled.        This simple, deadly weapon can be made by anyone -- even a  child -- with unpowered hand tools in an hour's time using $5 worth  of materials, most of which are available around the house anyway.   In traditional form it's reusable an unlimited number of times, and  modern plastics have rendered its disposable version electronically  undetectable.  You can clear a room with such a weapon (more of a  hand-held directional grenade than a gun -- sort of a recycleable  Claymore mine) and it's just one of hundreds of similar time-proven  designs. ...
Read more