VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Virus Wars: A Serious Warning

John Dvorak
PC Magazine
ISSN 1210-5708
February 1988

[Back to index] [Comments]

A new computer virus is infecting microcomputers around the world. Where is the utility that will prevent our PCs from becoming victims in this epidemic?

A computer virus (sometimes called a Trojan horse or a worm) is a small and sinister piece of software code that literally infects your machine. It is inserted into a public-domain or bootleg program and, when the program is used, the virus code is alerted and rewrites itself into something in your system and typically (and eventually) calls a hard disk routine and tells the disk to erase itself. Computer sabotage. It's getting worse and we should all be aware of it. On the West Coast a battle wages where Apple Macintosh users and IBM PC users are loading software with viruses to "attack" their foe: a user of the other kind of machine.

The Lehigh virus

Meanwhile, one virus has made headlines. It was released at Lehigh University. Here's an excerpt from a memo sent out over UseNet from Kenneth R. van Wyk, User Services Senior Consultant, Lehigh University Computing Center. It describes the virus that was set loose just before Thanksgiving last year and is now floating around the world.

"Last week, some of our student consultants discovered a virus program that's been spreading rapidly throughout Lehigh University. It has the chance of spreading much farther than just our University. We had no idea where the virus started, but some users have told me that other universities have recently had similar problems.

"The virus itself is contained in the stack space of COMMAND.COM. When a PC is booted from an infected disk, all a user need do to spread the virus is to access another disks via TYPE, COPY, DIR, etc. If the other disk contains COMMAND.COM, the virus code is copied to the other disk. Then, a counter is incremented on the parent. When this counter reaches a value of 4, and and every disk in the PC is erased thoroughly. The boote the FAT tables, etc.

All Norton's horses couldn't put it back together again. This affects both floppy and hard disks. Meanwhile, the four children that were created go on to tell four friends, and then they tell four friends, and so on, and so on.

"Detection: while the virus appears to be very well written, the author did leave behind a couple footprints. First, the write date of COMMAND.COM changes. Second, if there's a write protect tab on an uninfected disk, you will get a write protect error. So, boot up from a suspected virus'd disk and access a write-protected disk - if an error comes up, then you're sure. Note that the length of COMMAND.COM Does not get altered.

"I urge anyone who comes in contact with publicly accessible disks to periodically check their own disks. Also, exercise safe computer - always wear a write protect tab.

"This is not a joke. A large percentage of our public site disks has been gonged by this virus in the last couple days."

The mainstream computer magazines seldom discuss these destructive little gags, even though there are plenty of them. PC users must make themselves aware of these things. If a virus program got into a corporation and started eating hard disks, you can be sure that the next time someone brought in some software from home, it would quickly be confiscated. This kind of thing only encourages MIS departments to take total control of the microcomputer installation. Remember, that most talented of the hackers love to design programs like this just to harass the average PC user.

We need some utilities that check the integrity of our computer systems. Of course, these programs would be quickly defeated by some maniac who would find the loophole in the algorithm, and the integrity checker would have to be forever updated. (Sounds like a money-maker!) Some say that the solution to these sick jokes is to perpetually back up the hard disk like a good little boy. Great. I back up my hard disk once a year whether it needs it or not. So what am I (and most users) supposed to do in between times?

All you can do is be careful and know that someone out there is about to make your life miserable if you're not prudent.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka