Brain (computer virus)

Brain
Surname	Brain
Aliases	Pakistani, (c) Brain
Known since	1986
First location	Pakistan
Virus type	Boot sector virus
Authors	Basit Farooq Alvi, Amjad Farooq Alvi
File size	512 KB
Host files	Boot sectors
Polymorph	No
Stealth	No
system	MS-DOS with FAT file system
info	First known in-the-wild virus ; for MS-DOS

Brain refers to a group of boot sector viruses , the original version of which was known as the first uncontrolled malware for PCs . The virus infects the boot sector of floppy disks formatted with the DOS FAT file system .

A forerunner named Ashar was written back in January 1986.

Aliases

The virus is also known under the names Lahore , Pakistani , Pakistani Brain , Brain.A , Brain-A , (c) Brain and UIUC .

The Business Week magazine called Brain in an article reisserisch the Pakistani flu , suggesting German Pakistani flu bedeudet.

Versions and derivatives

Ashar wasn't discovered until after Brain, but is an earlier version of Brain. The code changes and the version number make it clear that the Ashar variant was developed first. Brain.A became known as the first virus in-the-wild .

In addition to Brain.A, there are five other known derivatives of the virus group. Most of the time, only the message text was changed.

function

Hexdump of a boot sector infected with (c) Brain

The virus infects the computer by replacing the boot sector with a copy of itself. The actual boot sector is moved to another sector, which is marked as defective. Infected floppy disks usually have three kBytes of defective sectors. The disk name is changed to (c) Brain . Infected floppy disks have the following text in the boot sector:

Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS !! BEWARE OF THE er..VIRUS: this program is catching program follows after these messages…. $ # @% $ @ !!

Translation: Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd VIRUS SHOE_RECORD V9.0 Dedicated to the dynamic memories of millions of viruses that are no longer with us. - Luckily! Beware of the uh .. virus: this program infects programs after this message ... $ # @% $ @ !!

Brain has a feature to properly handle hard drive partitions and avoid infecting hard drives by checking the most significant bit of the BIOS drive number. Brain does not infect drives that have this bit deleted. Other viruses from this period did not recognize hard drives and consistently destroyed the data on the hard drive by treating them like floppy disks. Brain was often not discovered due to its non-destructive behavior, especially if the user was not paying attention to the slow diskette access.

The virus code included the address of the authors, three phone numbers and a message informing the user that their system was infected and that they should contact the brothers for removal:

    Welcome to the Dungeon © 1986 Basit & Amjads (pvt). BRAIN COMPUTER SERVICES 730 NIZAM
    BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS .... Contact us for vaccination ...

There are many minor and major variations of the text. The virus slows down the floppy disk drive and makes seven kilobytes of conventional memory inaccessible to DOS.

the authors

Brain was written by two brothers, Basit Farooq Alvi and Amjad Farooq Alvi, who lived in the Pakistani city of Chahmiran , Lahore . The brothers told Time magazine that they wrote the virus to protect their medical software from being pirated and that it was only intended to hit copyright infringers.

When the brothers received large numbers of calls from people in the United States, Great Britain, and elsewhere asking them to clean their systems, the brothers were stunned and tried to explain to the indignant callers that they had no bad intentions. Eventually, they terminated their phone line and regretted that they had released the contact details. However, it has also been speculated that the brothers wrote the virus to promote their operation.

The Farooq Alvi brothers run their business in Pakistan, the Internet provider Brain Limited , to this day (as of August 2020).

Individual evidence

↑ Computer Knowledge - Robert Slade: Chapter 7 - (c) Brain ( Memento of March 8, 2009 in the Internet Archive )

Web links

Website of Brain Limited (English)
Description of (c) Brain on the F-Secure page (English)
Information on (c) Brain and the variants (English)

[1] Computer Knowledge - Robert Slade: Chapter 7 - (c) Brain ( Memento of March 8, 2009 in the Internet Archive )