| Alias: | --- | | Strain: | BGS 9 virus strain | | detected when: | MAY 1990 (when VTC received virus code) | | where: | North Germany | | Classification: | link virus (renaming), resident | | Length: | 1. length on storage medium: 2608 byte 2. length in RAM : 2608 byte |
Preconditions | | Operating System(s): | AMIGA-DOS | | Version/Release: | 1.2/33.166, 1.2/33.180, 1.3/34.5 | | Computer model(s): | AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B | | Caroname: | BGS9.Terrorists |
Attributes | | Easy identification: | typical text: "TTV1" at end of virus (length=2608 byte) identification on disk: a file in ROOT- and/or DEVS-directory is named with following unprintable string: $A0,$20,$20,$20,$A0,$20, $20,$A0,$20,$A0,$A0; length of first command in startup-sequence seems to be altered to 2608 byte (because file isnot original anymore) | Type of Infection: | self-identification method: virus searches for a file in devs- or root directory named with this unprintable string: $A0,$20,$20,$20,$A0, $20,$20,$A0,$20,$A0,$A0 system infection: RAM resident, reset resident | | Infection Technique: | | | Infection Trigger: | reset (CONTROL+Left-AMIGA+Right-AMIGA) | | Storage Media affected: | bootable floppy disks (3.5" and 5.25"), bootable RAM disks, bootable hard disks | | Interrupts hooked: | --- | | Stealth: | | | Tunneling/Selfprot: | | | Oligo/Polymorphism: | | | Encoding Method: | | | Damage: | permanent damage: overwriting bootblock; transient damage: screen buffer manipulation: screen becomes black, a graphic with fol- lowing text is displayed: "a computer virus is a disease terrorism is a transgression software piracy is a crime this is the cure BGS9 Bundesgrenzschutz Sektion 9 Sonderkommando 'EDV' " | | Damage Trigger: | permanent damage: reset (CONTROL+LEFT-AMIGA +RIGHT-AMIGA) transient damage: 4 resets (to be run until initial CLI window appears) | | Particularities: | other resident programs using the system resident list (KickTagPointer, KickMem Pointer) are shutdown; name of resident task is "TTV1" (see string in bootblock); when virus doesn't find a DEVS directory, it uses the root; first command in startup- sequence is renamed to a file named with following unprintable string: $A0,$20,$20,$20,$A0,$20,$20,$A0,$20,$A0,$A0 (in DEVS- or root directory if available), and virus is written to directory the command comes from using the same name; next time, virus will be called first before original command is executed | | Similarities: | 100% clone of the BGS 9 virus, only name of the relocated carrier (DEVS:) is different (see above); problems show when other resident programs suc as harddisk devices are installed; same problem (=guru medita- tion when started from startup-sequence) also occurs with BGS 9 |
Agents | | Countermeasures: | CHECKVECTORS 2.3, BGS9-PROTECTOR | | Standard means: | CHECKVECTORS 2.3 with deletion of "no name" file entry (see above) using a disk manager and correction of startup-sequence (removal) and creating two files named with the following unprintable string "$A0,$20,$20, $20,$A0,$20,$20,$A0,$20,$A0,$A0" to vaccinate disk (one file has to be placed in ROOT-, the other in DEVS-directory); BGS9-PROTECTOR |
Acknowledgements | | Location: | Virus Test Center, University Hamburg, Germany | | Classification by: | Alfred Manthey Rojas | | Documentation by: | Alfred Manthey Rojas | | Date: | 10-February-1991 |
In 1932, Franklin Delano Roosevelt, newly elected president, pledged to create a "new deal for the American people." Designed to help the United States out of its worst economic depression, the New Deal was an opportunity to rebuild the American infrastructure. An unprecedented amount of legislation was passed establishing agencies to rebuild America's highways, dams and bridges--the vast majority of which are still used and depended on every day. That investment in physical infrastructure was our greatest ever, and it's now time for a similar investment in the Internet's infrastructure--both in shoring up actual underpinnings and in teaching people how to be more cyberaware. Complete Internet security protection with anti-virus, anti-spyware, anti-phishing, anti-spam and anti-hacker technologies. Plus parental controls and virtual keyboard perfect for home or small office. Key Technologies 0f the Internet Security 2009 Protects from viruses, Trojans, worms, spyware, adware Scans files, email, and Internet traffic Protects instant messengers Protects from unknown threats 2-way Personal Firewall Safe Wi-Fi and VPN Connections Intrusion Prevention System Configuration and Privacy Tools Cleans traces of user activity Application Filter: Access to user resources and data is restricted for risky applications Vulnerability scanning for operating system and installed applications Analyzes and closes Internet Explorer vulnerabilities Disables links to malware sites / phishing sites Global Threat Monitoring (Kaspersky Security Network) Virtual keyboard for safe entry of personal data Blocks all types of Keyloggers Parental Controls Anti-spam protection Blocks unwanted web banners Automatic database updates Free technical support Whitelisting Functionality of the Internet Security 2009 Hourly updates and fastest response times ensure you benefit from the industry's most up-to-date protection. New- Advanced anti-virus engine delivers the industry's fastest scan times (Passmark Security, June 2007). Saves time and improves performance. New - Configuration and privacy tools are designed to help you protect yourself. Intrusion Protection System and 2-way firewall protect you from hackers; protect your privacy. Protects you from the phishing and malware sites that you wouldn't otherwise know were attempting to steal from you. Parental controls filter, block, or report inappropriate content. Limit Internet time to hours and amounts that you set. Kaspersky Security Network allows your computer to report when it discovers a threat that hasn't been seen before. All 250 million Kaspersky users benefit from our combined knowledge! A New Generation of Threat Protection Premium Protection fromKaspersky Lab
"At Kaspersky Lab, we protect over 250 million systems worldwide. In 2007 we saw more malicious threats than in the previous 15 years combined. Kaspersky Internet Security 2009 represents a breakthrough in the way we protect our customers with the strongest, most efficient anti-malware technology in the world. And we back this with the finest support team in the business. Trust Kaspersky Lab."
- Eugene Kaspersky A New Generation of Threat Protection
Kaspersky's Internet Security lab has seen an unprecedented growth in cybercrime attacks. In 2007 alone we responded to more than 2 million new malicious threat samples - more than the prior 15 years combined. These attacks have become remarkably sophisticated, with cybercrimals finding new inventive ways to steal private information, personal identities and financial data.
A Smarter Approach to Security
Kaspersky Lab has raised the bar once again. Kaspersky® Internet Security 2009 offers a thoroughly new approach to keeping you safe. Along with new enhancements to our top-rated detection technology, we've added important new layers of security designed to provide the greatest possible protection. And we did it while making version 2009 up to 7 times faster. It's all about premium protection that lets you make the most of your computer's power. Tags: Kaspersky Internet security 2009, Free Kaspersky Internet Security 2009 Download, internet security, antivirus software, antispyware software, personal firewall, antispam
|