Icelandic virus

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************



  ICELANDIC SERIES

  ================


  There are four versions of the Icelandic virus.


  All infect EXE files only and they are easily distinguised by their

  file lengths:


          632  One in two programs loaded are infected and one

               cluster is marked as bad on Hard Disks larger than

               20 MB


          642  Minor variant


          656  One in ten programs loaded are infected


          848  Displays message: "Gledileg jol" (Merry Christmas)

               if an infected program is run on 24th December.



==== Computer Virus Catalog 1.2: Icelandic#2 Virus (Sept. 20, 1989)=


Entry...............: "Icelandic virus" (Version #2)

Alias(es)...........:

Virus Strain........: Icelandic Virus

Virus detected when.: July 20 1989

              where.: Iceland

Classification......: .EXE file infecting virus/Extending/Resident

Length of Virus.....: 1. 632-647 bytes added to file

                      2. 2048 bytes in RAM

-------------------- Preconditions --------------------------------


Operating System(s).: MS-DOS

Version/Release.....: 2.0 or higher

Computer model(s)...: IBM PC,XT,AT and compatibles


------------------- Attributes ------------------------------------


Easy Identification.: .EXE Files: Infected files end in 18 44 19 5F

                      (hex).  System:  Byte at 0:37F contains FF (hex)


Type of infection...: Extends .EXE files. Adds 632-647 bytes to the

                      end of the file.  Stays resident in RAM, hooks

                      INT 21 and infects other programs when they are

                      executed via function 4B.  It will remove the

                      Read-Only attribute if necessary, but it is not

                      restored.  .COM files are not infected.


Infection Trigger...: Every tenth program run is checked. If it is an

                      uninfected .EXE file it will be infected.


Storage media affected: ---

Interrupts hooked...: INT 21

Damage..............: none

Damage Trigger......:


Particularities.....: The virus modifies the MCBs in order to hide

                      from detection.  The INT 13 checking in the

                      Icelandic-1 has been removed.  The virus uses

                      the name of the file to determine if it is an

                      .EXE file, but not the true type, as determined

                      by the first 2 bytes.  The virus assumes the

                      program reserves all available memory (FFFF

                      paragraphs needed). Programs that donot will

                      cause a system crash when infected and run.

                      This virus is a version of the Icelandic-1

                      virus, modified so that it does not use INT 21

                      calls to DOS services.  This is done to bypass

                      monitoring programs.


Similarities........:

------------------- Agents ----------------------------------------


Countermeasures.....: All programs which check for .EXE file length

                      changes will detect infections.

Countermeasures successful:

                      Detection of infection:

                           F-FCHK (from F.Skulason's F-PROT package)

                           VIRUSCAN

                      Prevention of infection:   F-FCHK

                      Removal:                   F-FCHK

Standard means......: Use DEBUG to check the byte at 0:37F.


-------------------- Acknowledgement -------------------------------


Location............: University of Iceland/Computing Services

Classification by...: Fridrik Skulason  (frisk@rhi.hi.is)

Documentation by....: Fridrik Skulason

Date................: Sept 20, 1989

Information Source..:


==================== End of Icelandic#2-Virus ======================



  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live from the Mayflower Theatre, Southampton".] Vox Pop 1:  So I'm hoping that this is a lot ruder than the TV, because             they can get away with it. [Cut to Ade's dressing-room door. It opens to reveal a clothes rail, its only contents a brown jacket.] Vox Pop 2:  I just think they're ace, you know, absolutely excellent. [Cut to dressing-gown, pan across a pair of glasses and a revolver.] Vox Pop 3:  It couldn't be too rude, I mean that's what young people want. [Rik's dressing-room door.]
Read more

Fawlty Towers script for "A Touch of Class"

Fawlty Towers A Touch of Class Written by John Cleese and Connie Booth First of first series, first broadcast on September 19, 1975 on BBC2 Transcribed by Jason R. Heimbaugh (jrh@uiuc.edu) on October 10, 1993 Basil Fawlty  John Cleese Sybil Fawlty  Prunella Scales Manuel        Andrew Sachs Polly         Connie Booth Major Gowen   Ballard Berkeley Miss Tibbs    Gilly Flower Miss Gatsby   Renee Roberts Lord Melbury  Michael Gwynn Danny Brown   Robin Ellis Sir Richard   Morris Martin Wyldeck Mr Watson     Lionel Wheeler Mr Wareing    Terence Conoley Mr Mackenzie  David Simeon               [The Fawlty Towers reception lobby. The main entrance is at the               back, with the stairs to the right. The entrance to the dining               room is in the right wall; on the left, the reception desk               running along the left wall, with the entrance to the office               behind it. The entrance to the bar is beyond the desk.] Basil         [on th
Read more