Red October 1.7 Link Virus - Amiga Virus Encyclopedia


  Amiga Virus Encyclopedia
  Red October 1.7 Link Virus

  Red October 1.7 Linkvirus:

  -Kickstart 3.x: Yes
  -MC68040      : Yes

  -Infected files become 1296 bytes longer
  -No changed vectors

  The virus allocates the memory for the to  be infected file. It does not
  path a DOS  vector, it simply tries to infect  files via EXNext etc. The
  virus  recognizes itself using the first codehunk and the first longword
  in this hunk ($4e714e71).

  The virus  does not correct  any Relochuncs an d most infected programms
  crash. It simply  copies its codehunk  before  the  first  codehunk  and
  increases  the  length. The  virus  is very  simple,  but I  decided  to
  recognize this one, too. This virus is very old.

  Around offset 1100 in the first hunk, you can read:


  The original first infected file is 1296 bytes long and will be
  cleared completely (`cause there is nothing more to fix`).

  To this virus, there exists a documentation, which was spread years ago
  together with this virus:

  The Red October Virus 1.7 (901029)

  This virus program is for demonstration and testing purpose only.

  The Red October virus is a non-overwriting virus a nd was developed
  and tested under AmigaDOS 1.3.

  The following points influenced the development of the program:

    1. The virus should infect other programs only  when system clock
       seconds are evenly divisible by three.

    2. All of the infected files should continue to work properly.

    3. The manipulation task in  the virus causes a system crash when
       the  system  clock seconds are 16, 32  or 48 (evenly divisible
       by sixteen).

    4. The virus  only infects  files  which  are  shorter than 50000
       bytes in the current directory.

  Delete the virus and the infected programs on the computer when you

  Test by Markus Schmall                   Detection tested 12.2.1995


Virum Help Team
Denmark & Canada
Copyright © All rights reserved