Red October 1.7 Link Virus - Amiga Virus Encyclopedia
VIRUS HELP TEAM
--------------------------
Amiga Virus Encyclopedia
Red October 1.7 Link Virus
--------------------------
Red October 1.7 Linkvirus:
-Kickstart 3.x: Yes
-MC68040 : Yes
-Infected files become 1296 bytes longer
-No changed vectors
The virus allocates the memory for the to be infected file. It does not
path a DOS vector, it simply tries to infect files via EXNext etc. The
virus recognizes itself using the first codehunk and the first longword
in this hunk ($4e714e71).
The virus does not correct any Relochuncs an d most infected programms
crash. It simply copies its codehunk before the first codehunk and
increases the length. The virus is very simple, but I decided to
recognize this one, too. This virus is very old.
Around offset 1100 in the first hunk, you can read:
'timer.device'
'dos.library'
'ram:'
'ram:1'
The original first infected file is 1296 bytes long and will be
cleared completely (`cause there is nothing more to fix`).
To this virus, there exists a documentation, which was spread years ago
together with this virus:
The Red October Virus 1.7 (901029)
This virus program is for demonstration and testing purpose only.
The Red October virus is a non-overwriting virus a nd was developed
and tested under AmigaDOS 1.3.
The following points influenced the development of the program:
1. The virus should infect other programs only when system clock
seconds are evenly divisible by three.
2. All of the infected files should continue to work properly.
3. The manipulation task in the virus causes a system crash when
the system clock seconds are 16, 32 or 48 (evenly divisible
by sixteen).
4. The virus only infects files which are shorter than 50000
bytes in the current directory.
Delete the virus and the infected programs on the computer when you
are done. WORK WITH COPIES ONLY.
Test by Markus Schmall Detection tested 12.2.1995
