Twenty Year Anniversary

ciac-02.columbus-day-virus

ciac-02.columbus-day-virus
Posted Sep 23, 1999

ciac-02.columbus-day-virus

tags | virus
MD5 | d0b2608d360eb64482dfe3e169c69d4e

ciac-02.columbus-day-virus

Change Mirror Download

____________________________________________________
C I A C
Computer Incident Advisory Capability
____________________________________________________
September 8, 1989

Notice of Columbus Day Virus
Affecting IBM PCs and PC Clones

The DOE Computer Incident Advisory Capability (CIAC) has learned
that there is a Columbus Day Virus which may attack MS-DOS (PC-
DOS) personal computers on or after October 12 or October 13, 1989.
Note that October 13 is a Friday the thirteenth. You should make the
information in this notice available to appropriate personnel at your
site so that the virus can be detected and eradicated.

The Columbus Day Virus has been isolated and may actually be one
of a series of related viruses. It most closely resembles the DataCrime
Virus. Contrary to speculation in a recent Federal Computing Weekly
article, however, the Columbus Day Virus does not appear to be
closely related to the Icelandic or West German virus. The Columbus
Day Virus searches through the DOS directory for .COM files other
than COMMAND.COM. It attaches to the end of a .COM file, which
increases the size of the file by 1168 bytes. The virus infects any
given .COM file only once. However, it will infect any uninfected .COM
file that it encounters. If the virus executes, it will display the
message:

DATACRIME VIRUS
RELEASED:l MARCH 1989

and then do a low-level format on track zero. Since this is the boot
area of the disk, the hard disk will be unbootable.

Detection of this virus is difficult because ASCII strings in the virus
code are encrypted. Therefore, utilities that search files for particular
ASCII strings are useless. There are two methods you can use to
detect this virus. The first method is to check for a size increase of
1168 bytes in .COM files. Another possible method is to use
VIRUSCAN*, (see below) which should report the existence of this
virus as well as several other viruses. If a machine is infected, users
must copy over all infected .COM files using their original .COM files.
This must be accomplished at one sitting to prevent re-infection. You
should also examine backups to see if they are infected. You should
repeat whatever detection method you decide to use every time you
load a new .COM file or database into your PC or PC clone.

If the boot sector is destroyed, it can be restored with Disk Doctor, a
utility in Norton Utilities Version 4.5 (Advanced Edition). Note that a
restoration is possible only if the Disk Doctor utility had been
previously run.

The DOE Center for Computer Security at Los Alamos has recently
published a pamphlet, "Computer Viruses and the Personal Computer
User" (CCS-89-03). CIAC recommends that you read and follow the
excellent guidelines contained in this pamphlet .

Because VIRUSCAN is produced and distributed by a commercial
developer, CIAC cannot at this time send copies of this software
directly to you. To obtain a copy of VIRUSCAN, you need to send $15
with your name, address and phone number to:

McAfee Associates
4423 Cheeney St.
Santa Clara, CA 95054
Phone: (408) 988-3832

For further information contact David S. Brown at CIAC. David's
phone is (415) 4239878 or (FTS) 533-9878. He can also be reached
at the CIAC number, (415) 422-8193 or (FTS) 532-8193. David's e-
mail address is:

brown@pantera.llnl.gov

* - The University of California neither endorses VIRUSCAN nor
guarantees the effectiveness of this software package. CIAC will test
this package in the near future to determine whether it provides
adequate detection of the Columbus Day virus.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    40 Files
  • 23
    May 23rd
    64 Files
  • 24
    May 24th
    55 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close