Vienna (computer virus)

from Wikipedia, the free encyclopedia

The Vienna computer virus was probably written in 1987. According to some sources, the virus code was designed as an experiment and programmed by a student from Vienna .

The virus gained notoriety primarily because virus expert Bernd Fix wrote a program that could be used to track down and remove the virus. This tool is considered to be the first antivirus program .

1988 is often given on the Internet as the year Vienna was discovered. Since Bernd Fix's virus tool from 1987 is proven by reliable sources, this date cannot be correct. The virus discovered on April 1st, 1988 in Moscow in a " UNESCO Children's Computer Camp" is probably a later variant of Vienna, and not the original version.

Characteristics

Vienna infects executable files (* .com) under DOS , including COMMAND.COM . When the infected file is executed, another uninfected file in the same directory is infected. The actual "damaging function" only comprises a modification of the time stamp of the affected file. The seconds in the time stamp of the file are changed to the theoretically impossible value "62". At the end of the infected file, the virus attaches itself, adding 648 bytes to the file.

However, one in six cases does not infect the file; H. the virus does not attach itself to the executable file. Instead, the first five bytes are overwritten with the hexadecimal string "EAF0FF00F0". Running these files later can cause serious computer errors that may result in a restart. Since these files are not infected but have been corrupted, it is difficult to find them later with a virus scanner.

However, because there are many different variants of this virus, the characteristics of an infection can differ in individual cases.

history

The virus was first discovered on April 1, 1988 in Moscow in a “ UNESCO Children's Computer Camp”.

The large number of variants and the wide distribution can be explained by the fact that the source code of the virus was published in various books. As a result, the virus had a major impact on the development of other viruses.

variants

  • Lisbon
    This variant was first discovered in Portugal. It has been largely modified to fool anti-virus programs. The beginning of executable files is also overwritten with "@AIDS"
  • New Vienna
    This group of variants comes from Bulgaria, the variants are slightly smaller in size than the original virus. The malicious function has been changed - the hard drive is now being formatted. An “Error Handler” for critical errors has also been added.
  • Arf, Christmas Violator, Violator, Baby
    These group of variants have great source code similarities, so they are assumed to be from the same author.
  • Iraqui Warrior
    This variant contains a program error that prevents the virus from spreading further after the first infection.
    This text is also stored in the source code:

“I come to you from The Ayatollah! (c) 1990, VirusMasters
An Iraqui Warrior is in your computer ”

  • NTKC
    This variant is the longest file-infecting virus to date. Apart from this fact, there are no other characteristics
  • Vienna.Reboot
    This variant overwrites executable files with a small program that reboots the computer.

Other variants

  • Vienna.Ambalama
  • Vienna.Angel
  • Vienna.BboDong
  • Vienna.Bloodspill
  • Vienna.BNB
  • Vienna.Born
  • Vienna.Bua
  • Vienna.BY
  • Vienna.ByteWarrior
  • Vienna.DDrUS
  • Vienna.DearUser
  • Vienna.Dr. Q
  • Vienna.Ender
  • Vienna.Feliz
  • Vienna.FatherChristmas
  • Vienna.Grither
  • Vienna.Gustav
  • Vienna.Gympel
  • Vienna.Hybryd
  • Vienna.IRA
  • Vienna.Kuzmitch
  • Vienna.Monxla / Interceptor
  • Vienna.Norilsk
  • Vienna.Oscar
  • Vienna.Parasite
  • Vienna.Pivi
  • Vienna.Saigon
  • Vienna.SDI
  • Vienna.Sector
  • Vienna.Skate
  • Vienna.SPb
  • Vienna.Sunday
  • Vienna.TheseDays
  • Vienna.Viperize
  • Vienna.Westmont

Web links