4K (computer virus)
Encyclopedia
4k is a computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

 which infects COM file
COM file
In many computer operating systems, a COM file is a type of executable file; the name is derived from the file name extension .COM. Originally, the term stood for "Command file", a text file containing commands to be issued to the operating system , on many of the Digital Equipment Corporation mini...

s and EXE files. The virus was one of the first to employ stealth tactics. Infected systems will hang
Hang (computing)
In computing, a hang or freeze occurs when either a single computer program, or the whole system ceases to respond to inputs. In the most commonly encountered scenario, a workstation with a graphical user interface, all windows belonging to the frozen program become static, and though the mouse...

, after September 22 every year, which is also the date of birth Bilbo Baggins
Bilbo Baggins
Bilbo Baggins is the protagonist and titular character of The Hobbit and a supporting character in The Lord of the Rings, two of the most well-known of J. R. R...

, a character from the The Lord of the Rings
The Lord of the Rings
The Lord of the Rings is a high fantasy epic written by English philologist and University of Oxford professor J. R. R. Tolkien. The story began as a sequel to Tolkien's earlier, less complex children's fantasy novel The Hobbit , but eventually developed into a much larger work. It was written in...

. The code was intended to display the message Frodo
Frodo Baggins
Frodo Baggins is a fictional character in J. R. R. Tolkien's legendarium.He is the main protagonist of Tolkien's The Lord of the Rings. He was a hobbit of the Shire who inherited Sauron's Ring from Bilbo Baggins and undertook the quest to destroy it in the fires of Mount Doom...

 Lives
, but hangs in all known variants.

This virus was spread without the aid of the Internet. It was ported between systems by floppy disk
Floppy disk
A floppy disk is a disk storage medium composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic carrier lined with fabric that removes dust particles...

s.

History

It first appeared in 1989. The first U.S. specimen was contracted in Dallas, TX, and quarantined with verification given by antivirus professionals. Reporters and TV crews recorded this in the local area news in August 1990. Its trail led from Dallas back to New York via a professional at a software firm creating software for lawyers. Virus firms had been tracking it previously in London a month or two before getting calls from New York. No specimens were quarantined or properly recorded in New York.

Raymond Glath of Phoenix, AZ, was the developer and owner of the Vi-Spy product which continued production until mid-release of Windows 95. Reports to McAfee antivirus and Vi-Spy antivirus firms resulted in only one product properly detecting the virus, Vi-Spy.

Operation

The virus added itself to the system in a way which defied normal infection processes. Because of this, it was able to infect a system without using system subroutines, which is what most antivirus products were watching. This is why the virus received the additional name 'stealth'. The infection process used a mathematical algorithm to determine the letters E-X-E & C-O-M. When a file was opened by the OS, the virus checked the extension of the file, and sometimes, other extension letters would be identified as a program file causing the virus to infect a data file and obviously corrupting its contents.

Because the virus appended itself to a file, while hiding the increase in file length, the system could cross-link files and diagnostics on the disks would report allocation errors. This would damage programs and data alike. The description of the problems found while trying correct the 'stupid-looking errors' would cause most computer professionals to erase the system and start over. A few days later the problems would arise again. Diagnostic disks and installation disks used to fix the computer would commonly be infected with the virus and this would aid in the spread.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK