Viral Rewind: Virus.DOS.Odious

preview_player
Показать описание
-----------------------------------------------------------
. Odious (which I've found is misleadingly called "Creeper" sometimes due to a piece of text within the viral code) is a direct-action infector of .COM files in DOS. When run it searches out a .COM file in the present directory and infects it.

Payload: When it's the month of May and the day falls on a Monday, after multiple instances of Odious is loaded from infected .COM programs it will "remove" one character from the DOS character set making them "invisible". This will build progressively as more instances of Odious are run; more and more characters will no longer appear "visible" and this condition extends to fullscreen DOS programs like the MS-DOS text editor. Exiting from the DOS command prompt to a shell or something similar seems to reset the payload effect.

Odious does not appear to affect displaying numbers; only letters and special characters.

#virus #dos #malware
-----------------------------------------------------------

  1. MB Education
  2. malware
  3. virus
  4. dos
  5. odious
Рекомендации по теме
Viral Rewind: Virus.DOS.Odious 0:12:27

Viral Rewind: Virus.DOS.Odious

Viral Rewind: Virus.DOS.MTZ 0:04:56

Viral Rewind: Virus.DOS.MTZ (1907)

Viral Rewind: Virus.DOS.Lucas 0:06:52

Viral Rewind: Virus.DOS.Lucas

Virus.MSWord.Armadillon [Armadillon Macro 0:02:21

Virus.MSWord.Armadillon [Armadillon Macro Virus]

Virus.MSWord.Brenda [Brenda Macro 0:02:29

Virus.MSWord.Brenda [Brenda Macro Virus]

Virus.MSWord.WallPaper 0:01:15

Virus.MSWord.WallPaper

Email-Worm.Win32.Happy99 0:02:50

Email-Worm.Win32.Happy99

Worm.VBS.Monopoly 0:01:56

Worm.VBS.Monopoly

Комментарии
Автор

I use a function for changing the pixel of eight 8x16 character capital letter from A-H:

@echo off
REM Panda.bat
echo a>tmp.deb
echo mov ax, 1110>>tmp.deb
echo mov bp, 118>>tmp.deb
echo mov cx, 8>>tmp.deb
echo mov dx, 41>>tmp.deb
echo xor bl, bl>>tmp.deb
echo mov bh, 10>>tmp.deb
echo int 10>>tmp.deb
echo ret>>tmp.deb
echo org 0118>>tmp.deb
echo DB 0, 0, 1, 7, 1f, 3f, 7f, 7f, 7f, 7e, 7c, 7c, 7c, 7c, 7c, 7c>>tmp.deb
echo DB 0, 3f, ff, ff, ff, ff, ff, ff, 1f, f, 7, 7, 7, 7, 7, 7>>tmp.deb
echo DB 0, fc, ff, ff, ff, ff, ff, ff, f8, f0, e0, e0, e0, e0, e0, e0>>tmp.deb
echo DB 0, 0, 80, e0, f8, fc, fe, fe, fe, 7e, 3e, 3e, 3e, 3e, 3e, 3e>>tmp.deb
REM
REM
REM
REM
REM
REM
REM
REM
REM
REM
REM 00001111 11110000
REM
REM
REM
REM
REM
REM
REM
echo DB 7c, 7c, 7c, 7c, 7c, 3e, 3f, 3f, 1f, 7, 3, 1, 0, 0, 0, 0>>tmp.deb
echo DB 7, 7, 7, 7, 7, 7, 1f, fe, fc, fc, ff, c0, f0, 7f, f, 0>>tmp.deb
echo DB e0, e0, e0, e0, e0, e0, f8, 7f, 3f, 3f, ff, 3, f, fe, f0, 0>>tmp.deb
echo DB 3e, 3e, 3e, 3e, 3e, 7c, fc, fc, f8, e0, c0, 80, 0, 0, 0, 0>>tmp.deb
REM
REM
REM
REM
REM
REM
REM
REM
REM
REM
REM
REM
REM
REM 11110000 00001111
REM
REM 00001111 11110000
REM
REM
echo.>>tmp.deb
echo n Panda.com>>tmp.deb
echo rcx>>tmp.deb
echo 98>>tmp.deb
echo wcs:100>>tmp.deb
echo q>>tmp.deb
debug<tmp.deb>nul
del tmp.deb
Panda.com
del Panda.com
echo ABCD
echo EFGH

maxmuster