ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 
The ADN Connection, November/December 1995 The A3C Connection
Nov/Dec 1995 Contents When a Good Computer Goes Bad Word Macro Viruses What viruses are "going around" at UIC today? Mac Viruses
Free Seminars for Spring 1995 More on Pine: Email and a Newsreader, Too Through an X Window Darkly About the ADN Connection  

What viruses are "going around" at UIC today?

 
News and Reviews
Windows Mac Everyone

Thom Clark works in the Computer Center's Small Systems group ("small" as in PCs, Macs, and LAN services). We asked him to write this article because he has a special interest in computer viruses. In fact, one of his hobbies is collecting virus. (Beware of touching anything in the virus directory on his PC!) Over the past five years of working at UIC, Thom tells us that he has collected 165 different viruses, all running on PCs. (Macs are not intrinsically less vulnerable to viruses than PCs, but there are many fewer Mac viruses than PC viruses. This probably has something to do with hackers' general preference for PCs vs. Macs.)

In order of frequency, the most "popular" viruses today are:
 
These viruses are all "in the wild". That's bad. Better viruses are "in the zoo". Viruses are said to be in the wild when they have been found infesting innocent systems. Viruses that are in the zoo are (thankfully) well known only by the people who conduct research on computer viruses. 

Form A (Boot Sector):
remains resident in memory and infects essentially any diskette used later. On the 18th of the month, it can cause a slight clicking when keys are pressed which often goes unnoticed. Affects OS/2, generally making the system non-bootable; IBM AntiVirus generally cleans this up automatically.
Monkey A (Boot Sector):
infects the mbr (Master Boot Record; the hard drive boot sector), and decreases the available free memory. It can cause diskette directory corruption; on the c: drive you will get the message: Invalid Drive specification.
Stealth_C (Boot Sector):
alters hard disk mast boot sectors, and decreases total system and available free memory. Drivers may fail to load into memory.
AntiEXE (Boot Sector):
infects the mbr and alters the partition table; can cause the message: Non system disk when trying to boot from the hard drive. It also decreases the total system and available free memory, causes hard disk corruption, and damages all .exe files.
NYB (Boot Sector):
an infected machine gets seek errors when trying to copy files or run programs, causing a message like: Sector not found error reading drive x : Abort, Retry, Ignore, or Fail; also decreases total system and available free memory.
AntiCMOS (Boot Sector):
alters master boot sector and partition tables, causing hard drive not to boot. Also decreases total system and available free memory. The nastiest thing it does is erase all setup information in the system's CMOS, causing the computer not to boot or function properly.
Stoned No_INT (Boot Sector):
decreases total system and available memory and also corrupts directories.
Stoned Standard (Boot Sector):
this virus has the most mutated strands. Standard Stone virus gives a message like: Your computer is now stoned. It also decreases available memory and can cause slower booting.
SMEG Pathogen (.exe and .com files):
loads into memory when an infected file is run, and infects programs that are run later or copied in certain ways. On Mondays between 5 PM and 6 PM, it sometimes displays the messages: Your hard disk is being corrupted, courtesy of PATHOGEN! and Smoke me a kipper. Scrambles the contents of the system's battery-backed configuration data, and corrupts the first hard disk by writing random data to random places on the disk.
SMEG Queeg (.exe and .com files):
loads into memory when an infected file is run, and infects programs that are later run or copied in certain ways. On Sundays at noon, it sometimes displays a message containing: Queeg and Better than life, and corrupts the first hard disk by writing random data to random places on it.
Vsign (Boot Sector):
in approximately one boot out of eight, the virus displays a V-shaped symbol. It does no intentional damage, but it can overlay your data and perhaps part of the fat (File Allocation Table) when it writes its code to the first two sectors of the hard drive.
Generic MBR (Boot Sector):
this one has many different strands that have different actions, but they all infect the mbr and cause the computer not to boot.
Quox (Boot Sector):
loads into memory when you boot from an infected hard disk or diskette, and infects diskettes used in the a: or b: drives later. It does no intentional damage, but it can overlay existing data when it saves the original boot record elsewhere on the disk.

 

  
 

The ADN Connection, Nov/Dec 1995 Previous: Word Macro Viruses Next: Mac Viruses

1999-7-2  connect@uic.edu
UIC Home Page Search UIC Pages Contact UIC