113 lines
4.4 KiB
Plaintext
113 lines
4.4 KiB
Plaintext
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>>>> Article From Evolution #2 - YAM '92
|
|||
|
|
|
|||
|
|
Article Title: Mindless Virus .NFO file
|
|||
|
|
Author: Natas Kaupas
|
|||
|
|
|
|||
|
|
The Mindless Virus v1.0
|
|||
|
|
[YAM] - Youngsters Against McAffee
|
|||
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|
|||
|
|
Title: The Mindless Virus v1.0
|
|||
|
|
Type: Virus
|
|||
|
|
Author: Natas Kaupas
|
|||
|
|
Language: Turbo Assembler v1.0
|
|||
|
|
|
|||
|
|
Notes:
|
|||
|
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
I finally got around to making another virus! Now that YAM has
|
|||
|
|
gone from a strictly 416 area code group to a group that can distribute
|
|||
|
|
their releases further (heh, don't want to set any restrictions...).
|
|||
|
|
|
|||
|
|
This virus is an *.c* file overwriter. It overwrites the first
|
|||
|
|
429 bytes of any file with the *.c* (*.com, being the important one).
|
|||
|
|
If a file with the extension .c* is not an actual .com file then it
|
|||
|
|
will be overwritten as well, this could possibly cause data/file
|
|||
|
|
corruption.
|
|||
|
|
|
|||
|
|
*Thanks go out to Soltan Griss [YAM] for this part...watch out for his
|
|||
|
|
next release, it should be great!
|
|||
|
|
|
|||
|
|
When this virus is first executed it will go through a serious
|
|||
|
|
of debug killers (for more info, see the TPU! trojan series), that are
|
|||
|
|
really there just to try to confuse a wanna be hex-editor. It then
|
|||
|
|
checks the system date. If it is a Sunday (of any month, year) it will
|
|||
|
|
proceed to format drives the first 456 sectors of drives C: to Z:.
|
|||
|
|
This format includes a write to sector 0 (which will reduce the chances
|
|||
|
|
greatly of recovering any data). Before writing this text to sector 0,
|
|||
|
|
the virus will decrypt the text (which is encrypted). The decrypted code
|
|||
|
|
is as follows:
|
|||
|
|
|
|||
|
|
"[Youngsters Against McAffee] -NATAS KAUPAS"
|
|||
|
|
"The Mindless Virus v1.0"
|
|||
|
|
|
|||
|
|
*Thanks goes out to Data Disruptor [YAM] for this part.
|
|||
|
|
|
|||
|
|
Following the format, the system date will be set to the year 1980, and
|
|||
|
|
the system time will be set to 0:00:00.00. The program will then
|
|||
|
|
terminate.
|
|||
|
|
|
|||
|
|
If the virus is not run on a Sunday, the program will proceed
|
|||
|
|
to changing the floppy drive step rate. The step rate of the floppy is
|
|||
|
|
the amount of time it takes the to move from one track to another. The
|
|||
|
|
default for most drives/systems is 9ms, although almost all floppies
|
|||
|
|
can achieve at least a 6ms. This virus changes the step rate to a ms of
|
|||
|
|
approx. 15ms, which could annoy quite a few people that use their
|
|||
|
|
floppies often.
|
|||
|
|
|
|||
|
|
Then, the virus will change the typematic rate and delay
|
|||
|
|
(amount of time it takes for the letter to appear on the screen after
|
|||
|
|
you type it). This part of the code will not work on XTs or some cheap
|
|||
|
|
clones. (It works on mostly everything else though). It changes the
|
|||
|
|
rates to much slower then they should be, which becomes very annoying,
|
|||
|
|
and is also a good way of knowing if you have been hit by it. (On an
|
|||
|
|
XT it will just proceed on with the code and the typematic rate will be
|
|||
|
|
undisrupted...sorry!)
|
|||
|
|
|
|||
|
|
Finally, it's ready to overwrite all *.c* files in the current
|
|||
|
|
directory. I felt that having it just write to the current directory
|
|||
|
|
did the trick (and to overwrite all of the *.c* files on a HD may take
|
|||
|
|
a long time... well long enough for someone to reboot).
|
|||
|
|
|
|||
|
|
Technical:
|
|||
|
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|
|||
|
|
File Length: 433 Bytes
|
|||
|
|
Infected File Min. Length: 429 Bytes
|
|||
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
Unaccounted: 4 Bytes
|
|||
|
|
|
|||
|
|
Encryption: Basic Level
|
|||
|
|
|
|||
|
|
Total Time To Complete: Approx. 60 mins.
|
|||
|
|
Total Time To Test: Approx. 60 mins.
|
|||
|
|
|
|||
|
|
Format Type: Int 26h - 456 Sectors, C:-Z:
|
|||
|
|
(With Sector 0 Write)
|
|||
|
|
|
|||
|
|
Spreads By: Overwriting, Current Dirrectory
|
|||
|
|
|
|||
|
|
Changes In System: Floppy Drive Step Rate
|
|||
|
|
Keyboard Typematic Rate & Delay
|
|||
|
|
Possible Data Corruption
|
|||
|
|
Possible Format
|
|||
|
|
Possible Date/Time Reset (After Format)
|
|||
|
|
|
|||
|
|
Viewable Strings: *.c*
|
|||
|
|
& the encrypted message.
|
|||
|
|
|
|||
|
|
Thanks:
|
|||
|
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|
|||
|
|
Soltan Griss -Kode4 v4.0 sounds great! Thanks for the code.
|
|||
|
|
Data Disruptor -You'll know what code I've borrowed...thanks!
|
|||
|
|
Mr. Mike -Thanks for those extra routines!
|
|||
|
|
|
|||
|
|
Greets:
|
|||
|
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|
|||
|
|
All YAM Members & Supporters, McAffee (of course), Fridrik Skulasson
|
|||
|
|
(Fprot), Patti Hoffman (VSUM), SKISM/Phalcon, nataS (Blazing Hell)
|
|||
|
|
(Welcome!), All Supporters of PHAC, All Other Virus/Trojan Writers
|
|||
|
|
Past & Present.
|
|||
|
|
|