home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 2
/
HACKER2.BIN
/
236.DIOGENES.DOC
< prev
next >
Wrap
Text File
|
1992-09-21
|
3KB
|
60 lines
DIOGENES 2.0 DOCUMENTATION & USER NOTES
DIOGENES is a destructive VCL 1.0 variant that was not created directly
with Nowhere Man's Virus Creation Laboratory, but rather began life as a
first generation descendant of Urnst Kouch's DIARRHEA 4. You'll remember
DIARRHEA 4 from a previous Crypt Newsletter -- it's the tenuous little .COM
infector that displays a colorful "Eat My Diarrhea" ANSI on Fridays.
The Crypt newsletter's magnanimous distribution of such well-commented
source codes as those churned out by VCL 1.0 is of course a boon to
potential virus authors.
DIOGENES is an appending, encrypted .COM infector. When it can find no
more .COMs to infect within the current directory, it will search the system
path for them. COMMAND.COM is a viable target, but its infection will not
crash the system. Infected files become dangerous time bombs -- execution
on the 31st of any month will trigger an overwrite of the C: drive, starting
with sector 1 and continuing through 718. This will eradicate the FAT and
the root directory, as well as whatever other data happens to lie within
those sectors. The overwrite consists of a message written to the disk
over and over. This cheery missive is also displayed to the screen
once before the user is returned politely to the DOS prompt, undoubtedly
leaving the victim with a warm feeling inside that will make him forget all
about his lost data. Diogenes' greeting is as follows:
"DIOGENES 2.0 has visited your hard drive.....
This has been another fine product of the Lehigh Valley.
Watch (out) for future 'upgrades'.
The world's deceit has raped my soul. We melt the plastic
people down, then we melt their plastic town....."
The second line of the message is in homage to the Lehigh Virus. The last
two lines are taken from the song 'Plastic Town' by Powermad. The message
is not visible within the encrypted virus.
As a token of the author's mercy and benevolence, the affected system can
still be rebooted off the C: drive following its Diogenization. However,
recovery of data (that which hasn't been overwritten, that is,) will be a
major undertaking under most circumstances. (Seeker is too kind. The routine
which overwrites your data is thorough. Affected disks are a nightmare
for even powerful tools like Mace Utilities and Norton. Only a masochist
would spend more than 5 minutes checking the disk before wiping it. -URNST)
Additionally, any recovered .COMs would still be infected.
DIOGENES is not scannable by SCAN 95b, with its vaunted ability to spot any
VCL product. Face it -- with a little patience and experimentation, any
viral source code can be altered in such a way as to render the assembled
virus unrecognizable to any given scan-string scanner. Far from being
obsolete, Nowhere Man's VCL, with its generously commented source codes so
valuable and inviting as both raw material and learning aid to the potential
new virus author, has in fact given such scanners a hearty shove towards
their rapidly approaching demise.
--SEEKER