what you don't know can hurt you


Posted Sep 23, 1999


tags | virus
MD5 | d0b2608d360eb64482dfe3e169c69d4e


Change Mirror Download

Computer Incident Advisory Capability
September 8, 1989

Notice of Columbus Day Virus
Affecting IBM PCs and PC Clones

The DOE Computer Incident Advisory Capability (CIAC) has learned
that there is a Columbus Day Virus which may attack MS-DOS (PC-
DOS) personal computers on or after October 12 or October 13, 1989.
Note that October 13 is a Friday the thirteenth. You should make the
information in this notice available to appropriate personnel at your
site so that the virus can be detected and eradicated.

The Columbus Day Virus has been isolated and may actually be one
of a series of related viruses. It most closely resembles the DataCrime
Virus. Contrary to speculation in a recent Federal Computing Weekly
article, however, the Columbus Day Virus does not appear to be
closely related to the Icelandic or West German virus. The Columbus
Day Virus searches through the DOS directory for .COM files other
than COMMAND.COM. It attaches to the end of a .COM file, which
increases the size of the file by 1168 bytes. The virus infects any
given .COM file only once. However, it will infect any uninfected .COM
file that it encounters. If the virus executes, it will display the


and then do a low-level format on track zero. Since this is the boot
area of the disk, the hard disk will be unbootable.

Detection of this virus is difficult because ASCII strings in the virus
code are encrypted. Therefore, utilities that search files for particular
ASCII strings are useless. There are two methods you can use to
detect this virus. The first method is to check for a size increase of
1168 bytes in .COM files. Another possible method is to use
VIRUSCAN*, (see below) which should report the existence of this
virus as well as several other viruses. If a machine is infected, users
must copy over all infected .COM files using their original .COM files.
This must be accomplished at one sitting to prevent re-infection. You
should also examine backups to see if they are infected. You should
repeat whatever detection method you decide to use every time you
load a new .COM file or database into your PC or PC clone.

If the boot sector is destroyed, it can be restored with Disk Doctor, a
utility in Norton Utilities Version 4.5 (Advanced Edition). Note that a
restoration is possible only if the Disk Doctor utility had been
previously run.

The DOE Center for Computer Security at Los Alamos has recently
published a pamphlet, "Computer Viruses and the Personal Computer
User" (CCS-89-03). CIAC recommends that you read and follow the
excellent guidelines contained in this pamphlet .

Because VIRUSCAN is produced and distributed by a commercial
developer, CIAC cannot at this time send copies of this software
directly to you. To obtain a copy of VIRUSCAN, you need to send $15
with your name, address and phone number to:

McAfee Associates
4423 Cheeney St.
Santa Clara, CA 95054
Phone: (408) 988-3832

For further information contact David S. Brown at CIAC. David's
phone is (415) 4239878 or (FTS) 533-9878. He can also be reached
at the CIAC number, (415) 422-8193 or (FTS) 532-8193. David's e-
mail address is:


* - The University of California neither endorses VIRUSCAN nor
guarantees the effectiveness of this software package. CIAC will test
this package in the near future to determine whether it provides
adequate detection of the Columbus Day virus.


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    3 Files
  • 21
    Jan 21st
    17 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By