Yes, I know, you hate them, and I hate them too. Which is why I like to study them so much. Know your enemy. But in and of themselves, they sometimes make some fascinating study. Computer viruses come from all over the world, by people from all walks of life, and the different ways they work reflects a scope of engineering that few people think to appreciate. So here’s my little list of the most highly evolved of malicious virtual lifeforms:
Abraxas – First spotted in 1993, this one is so easy to detect that it’s rare these days. Notable for having the text “ABRAXAS-5…For he is not of this day…Nor he of this mind” in the body of infected files, a system display of a splash-screen saying “ABRAXAS” when an infected program is run, and playing an ascending scale on the system speaker.
AIDS II – The successor to the rather unimaginative AIDS computer virus, this one boasts a text string display of “Your computer is infected with Aids Virus II – Signed WOP & PGT of DutchCrack -“, the playing of tonal melodies, and an exploit wherein EXE files are unalterred, but it creates a COM file and uses that as a wrapper around the EXE file, playing an announcement before and after running the affected program.
OneHalf – A particularly nasty one! This virus, first seen in 1994, will encrypt part of the hard drive on the infected machine using a simple XOR algorithm and a random key. Then when you access the file, the virus wakes up and decrypts it on the fly. Now, why should it do this? Because if you get rid of it at any time, it will leave a random selection of your files encrypted! It also quietly lets you know of its existence, by displaying a message in DOS: “Dis is one half. Press any key to continue …”
Ping-Pong – This one’s dead as disco, so no need to worry about it. It first broke out in 1988, infected mainly 286 to 486 Intels, and did little more than show an ASCII bouncing ball onscreen whenever an infected program was executed on the hour. Reasonably benign, but notable for crashing 286s due to an assembly-specific instruction – which was missing from the 286!
RJump – They don’t get much freakier than this. This one is very current, even to this year. It installs a backdoor in Windows systems. It is written in Python! It transmits itself by email attachment, web page infestation, and writable media – everything from floppies to digital cameras. As if that weren’t enough, it also is notable for being the virus that was accidentally shipped on some iPod videos, since Apple contracted with a manufacturer who used Windows.
Win32/Simile – Appearing around 2002, this one is famous for being almost impossible to detect, as it rebuilds itself after each infection and covers its tracks obsessively. It’s sole mission in life seems to be to display a brief political message (I’m omitting it for the controversy). It is notable for only infecting certain files – it is very picky about what letters the file name may contain. The letters it avoids are FPASCDRNOWV, but some of those only at the beginning of the file name. It even checks to avoid the bait files laid down by anti-virus software!
- The Home Computer Security Glossary
- The Storm Botnet: What’s This About?
- Fixing Windows using a Live Linux CD – part three
- What does this key do?
- How to deal with Spywares