|
|
| June_4th Virus
|
| Written by yangying |
| February 21, 2008 13:20
|
| Alias: | Bloody | | Strain: | Stoned strain | | detected when: | | | where: | | | Classification: | Master-boot record (HD) infector, DBR (Floppy)- infector | | Length: | 2 kilobyte(s) |
Preconditions | | Operating System(s): | MS-DOS | | Version/Release: | None | | Computer model(s): | PC's | | Caroname: | Stoned.June_4th |
Attributes | | Easy identification: | | Type of Infection: | Bootsector infection. Selfrec in memory: None Selfrec on disk: Compare (M,F)BR[0..5] | | Infection Technique: | | | Infection Trigger: | AtBoot (hard), Int13Read (floppy), Int13Write (floppy)INFECTION_CRIT: | | Storage Media affected: | Harddisks, Disketts | | Interrupts hooked: | 13h/02, 13h/03h | | Stealth: | | | Tunneling/Selfprot: | | | Oligo/Polymorphism: | | | Encoding Method: | | | Damage: | Transient: Display of message during bootup Permanent: None | | Damage Trigger: | Transient: After (128 + 8n) boots, n = 0, 1, 2.. Permanent: n/a | | Particularities: | None Displayed text: "Bloody! Jun. 4 1998" June_4th ruins the BPB of floppies it infects, whichis often problematic.The virus counts the number of reboots since the harddisc was infected by incrementing a counter in the MBRand writing the MBR back to disc. If the number ofreboots is 128, 128+8, 128+16, etc, then the messageis displayed.Floppy infection is attempted on *every* Int13Read andInt13Write, causing a noticeable surfeit of floppydrive activity on infected machines. | | Similarities: | |
Agents | | Countermeasures: | | | Standard means: | |
Acknowledgements | | Location: | Virus Test Center, University Hamburg, FRG | | Classification by: | Paul Ducklin | | Documentation by: | Paul Ducklin | | Date: | | | Information Source: | Caroentry (autom.converter by S.Freitag) |
|
| German : June_4th Virus |
| Spanish : June_4th Virus |
| French : Virus June_4th |
| Japanese : June_4thウイルス |
| Russian : June_4th Касперского |
|
|
| | |