filmov
tv
Viral Rewind: Virus.DOS.TPE.Kela (Kela-17)
Показать описание
-----------------------------------------------------------
. Kela-17 (or TPE.Kela) is a virus for DOS that is a memory resident, file infector with the added capabilities of polymorphism and stealth. SO when Kela is first loaded it stores itself in memory where it will infect any .COM and .EXE files when they are run. And since it uses the "Trident Polymorphic Engine" (hence TPE) and stealth infection it attempts to evade user/anti-virus detection. When a .COM or .EXE file is infected the size will not change of the file however with .COM files the overall available disk space will show as less. Kela also infects the COMMAND.COM interpreter when first run thereby allowing the virus to load into memory every time the system is booted.
The payload: Whenever the day of the week is Friday and the day is 13th (Friday the 13th), Kela runs its graphical payload. It displays "KELA" in large letters in the center of the screen while many smaller "KELA" fill the screen behind it. It cycles through several different animated color gradients before starting over. Any keyboard input aside from ctrl-alt-del is blocked and will just result in beeps if too many keys are pressed.
Also since Kela infected COMMAND.COM when first run, if the computer is reset (or more likely first booted) on Friday the 13th, the Kela payload will run at boot.
--------------------------
. Kela-17 (or TPE.Kela) is a virus for DOS that is a memory resident, file infector with the added capabilities of polymorphism and stealth. SO when Kela is first loaded it stores itself in memory where it will infect any .COM and .EXE files when they are run. And since it uses the "Trident Polymorphic Engine" (hence TPE) and stealth infection it attempts to evade user/anti-virus detection. When a .COM or .EXE file is infected the size will not change of the file however with .COM files the overall available disk space will show as less. Kela also infects the COMMAND.COM interpreter when first run thereby allowing the virus to load into memory every time the system is booted.
The payload: Whenever the day of the week is Friday and the day is 13th (Friday the 13th), Kela runs its graphical payload. It displays "KELA" in large letters in the center of the screen while many smaller "KELA" fill the screen behind it. It cycles through several different animated color gradients before starting over. Any keyboard input aside from ctrl-alt-del is blocked and will just result in beeps if too many keys are pressed.
Also since Kela infected COMMAND.COM when first run, if the computer is reset (or more likely first booted) on Friday the 13th, the Kela payload will run at boot.
--------------------------