| Alias: | Mount-972 | | Strain: | | | detected when: | 7/1995 | | where: | Austria | | Classification: | Link virus, memory-resident, not reset-resident | | Length: | 1. Length on storage medium: 972 Bytes 2. Length in RAM: 972 Bytes |
Preconditions | | Operating System(s): | AMIGA-DOS | | Version/Release: | 2.04 and above (V37+) | | Computer model(s): | all models/processors (MC68000-MC68040) | | Caroname: | BEOL |
Attributes | | Easy identification: | None | Type of Infection: | Self-identification method in files: - Searches for -$17 in the first Hunk. Self-identification method in memory: - Checks for -$17 in the (private) lastalert entry in the execbase. System infection: - RAM resident, infects the launch code of volume tasks (of course this is system- private code) Infection preconditions: - File to be infected is smaller than 192K - The name of the Volume doesn't contain "MS" at position 3 and 4 (backdoor of the virus- programmer!) ("MS" can be spelled in any case) - The file is not already infected ($-17 found) - HUNK_HEADER and HUNK_CODE are found - JSR in Word-length to virus-start is found in the codehunk. The codshunk must have a JSR in the last $7fff instructions. - There are 8 blocks free on the volume - Existence of a ".backdrop" file in the root of this volume or existance of c/mount on the volume. | | Infection Technique: | | | Infection Trigger: | Accessing the volume | | Storage Media affected: | all DOS-devices | | Interrupts hooked: | The virus infects the launch routine of volume tasks. Due to that it gets control every time a volume is accessed. The launch code is an normally unused feature of tasks wich can contain special initialisation code. | | Stealth: | | | Tunneling/Selfprot: | | | Oligo/Polymorphism: | | | Encoding Method: | | | Damage: | Permanent damage: - None Transient damage: - The Virus writes a file with the name "README" on the disk. This file contains the following text: "B.E.O.L. 1995! Don't be angry!!" The length of this file is 1152 bytes. | | Damage Trigger: | Permanent damage: - None Transient damage: - Infection-Counter | | Particularities: | The crypt/decrypt routines are aware of processor caches and cleares them if necessary. If the Launch routine gets control the virus creates a kind of infection process. This process is completely re-entrant so that this virus can infect several files and volumes simultaneously. The virus is programmed very effective, the author uses excessively V37+ functions and unusual coding methods. Anyway the programmer left some tracks behind - "MS" in the volume name, and the magic number of -$17 =-23 used for several purposes should make it possible to find the author. I think only a dozend people worldwide can program like this. The linking method is very poor compared to the other functions in this virus - it recognises very few filetypes. Maybe this virus is only a test-baloon. | | Similarities: | Link-method is like the one of infiltrator-virus |
Agents | | Countermeasures: | All of the above | | Standard means: | - |
Acknowledgements | | Location: | (C) Virus Test Center, University Hamburg, Germany | | Classification by: | S. Freitag, Markus Schmall, Karim Senoucci | | Documentation by: | S. Freitag | | Date: | August,21. 1995 | | Information Source: | Reverse engineering of original virus |
A New Generation of Threat Protection Premium Protection fromKaspersky Lab
"At Kaspersky Lab, we protect over 250 million systems worldwide. In 2007 we saw more malicious threats than in the previous 15 years combined. Kaspersky Internet Security 2009 represents a breakthrough in the way we protect our customers with the strongest, most efficient anti-malware technology in the world. And we back this with the finest support team in the business. Trust Kaspersky Lab."
- Eugene Kaspersky A New Generation of Threat Protection
Kaspersky's Internet Security lab has seen an unprecedented growth in cybercrime attacks. In 2007 alone we responded to more than 2 million new malicious threat samples - more than the prior 15 years combined. These attacks have become remarkably sophisticated, with cybercrimals finding new inventive ways to steal private information, personal identities and financial data.
A Smarter Approach to Security
Kaspersky Lab has raised the bar once again. Kaspersky® Internet Security 2009 offers a thoroughly new approach to keeping you safe. Along with new enhancements to our top-rated detection technology, we've added important new layers of security designed to provide the greatest possible protection. And we did it while making version 2009 up to 7 times faster. It's all about premium protection that lets you make the most of your computer's power. Tags: Kaspersky Internet Security 2009, Free Kaspersky Internet Security 2009 Download, internet security, antivirus software, antispyware software, personal firewall, antispam
|