informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/DOCUMENTATION/r-11.txt

81 lines
4.5 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

----------------------------------------------------------------
* DataRape! v1.1 Documentation * - (C) 1991 RABID, International
----------------------------------------------------------------
DataRape! v1.1 is the second in a new-line of RABID viruses produced
in the United States by Zodiac of RABID, USA. It is a memory-resident
stealth-brand virus that attaches onto Interrupt 21h.
This documentation will cover the features of v1.0, and not simply the
additions for that version shall hence be regarded as a "beta-test"
version of the skeleton of this virus code.
Upon loading, DataRape! will load itself in high-memory, and no apparent
memory loss will be visible. This is accomplished by allocating a portion
of the "free" memory control block that is at the end of the memory chain
by changing its PSP so it can not be allocated by another program. Program
execution then continues normally.
Upon file execution, DataRape! will infect .COM files if they are above
1000 bytes and below 63000 bytes in length. It preserves file date and time
settings, with the exception of the seconds stamp. This second stamp marking
is new to this version. The justification for this modification shall be
provided below.
Upon a common directory listing("DIR"), all .COM files listed will be infected.
This is a NEW form of file infection NEVER implemented by ANY OTHER virus EVER.
This technique, though somewhat tedious in implementation, should be cloned by
all virus writers for it has proved to be very effective.
Also during directory listings, the increase in size of infected files is not
visible. In order to speed-up directory listings, the second stamp of infected
files is modified, as was mentioned above. The save second stamp as in the
Vienna Virus(62 Seconds) is utilized, for a non-occuring second stamp is
necessary, and 60 seconds is used far to often by many viruses. Since the
Vienna Virus is rather archaic, and the majority of Vienna "Hacks"( Grither,
Violator ) use different time stamps, 62 seconds seems most appropriate.
There have been several skeleton code modifications in this version. A
somewhat insignificant change was the implementation of a relative call
in order to provide the pointer("$") to the virus code, as opposed to
retrieving it from the original call. Also, the time-stamp is used to
detect whether a file has been infected as opposed to calculating the virus
code's existence from the original jump. This method was generally good,
but when .EXE infection is implemented it would have been required as would
the relative call. Also, the encryption base for the strings contained
has been changed.
The same FAT table destruction is contained as in the first version, but
is now more effective. It occurs with a frequency of 2% when files are
attempted to be infected, and will render all disks unusable. This HAS
been tested, and does work. Such tends to be the major cause of bugs for
virus writers, but some nice person unknowingly yet graciously accepted to
beta-test this code, and found it quite effective.
A feature that I know we were all looking forward to was finally implemented.
Whenever any LoL(Legion of Lucifer(Lamers)) files are located, the FAT table
destruction mentioned above is automatically issued. This is due to the
spite RABID holds towards one Michael Turner(Captain Swashbucker) who runs
a BBS in the 213 area code called H.M.S. Queen Mary's Revenge. It is believed
he is 15 years old and attends Le Lycee, a PRIVATE school in the Beverly Hills
area. This information will be verified and released more confidently with
the Militia Virus and the Turner Virus are publically released, though they
are now under development.
The source to this virus will be publically released 6 months from the
release of this documentation.
A word now to RABID members. Keep up the good work, and make sure this
spreads. I'll have .EXE infection within a month or so, I wish to make
a few more 1.X versions of this virus first. Encryption, timer-grabbing,
message-flashing, and a more artistic "You've been.." screen will be
the up-coming features. EXE infection will require a major re-write
of this code, but it will definetely be worth it. We could totally
ruin the image of a certain egotistical pirate group, featuring our good
friend Ken Sallot(The Slavelord). But I am no longer in the "scene", and
may not be for quite a while. See you all at Comdex, I hope.
-- Zodiac, 04/08/91

Reference in New Issue View Git Blame Copy Permalink