lotus



previous page: 7.1 Mac-specific system and file infectors (Viruses and the Mac)
  
page up: Viruses and the Mac FAQ
  
next page: 7.3 Mac Trojan Horses (Viruses and the Mac)

7.2 HyperCard infectors (Viruses and the Mac)




Description

This article is from the Viruses and the Mac FAQ, by David Harley D.Harley@icrf.icnet.uk with numerous contributions by others.

7.2 HyperCard infectors (Viruses and the Mac)

These are a somewhat esoteric breed, but a couple have been seen
since Disinfectant was last upgraded in 1995, and most of the
commercial scanners detect them.

Dukakis - infects the Home stack, then other stacks used
subsequently. Displays the message "Dukakis for President", then
deletes itself, so not often seen.

HC 9507 - infects the Home stack, then other running stacks and
randomly chosen stacks on the startup disk. On triggering, displays
visual effects or hangs the system. Overwrites stack resources, so
a repaired stack may not run properly.

HC 9603 - infects the Home stack, then other running stacks. No
intended effects, but may damage the Home stack.

HC "Two Tunes" (referred to by some sources as "Three Tunes") -
infects stack scripts. Visual/Audio effects: 'Hey, what are you
doing?' message; plays the tune "Muss I denn"; plays the tune
"Behind the Blue Mountains"; displays HyperCard toolbox and pattern
menus; displays 'Don't panic!' fifteen minutes after activation.
Even sources which describe this virus as "Three Tunes" seem to
describe the symptoms consistently with the description here, but
we will, for completeness, attempt to resolve any possible
confusion when time allows. This virus has no known with the PC
file infector sometimes known as Three Tunes.

MerryXmas - appends to stack script. On execution, attempts to
infect the Home stack, which then infects other stacks on access.
There are several strains, most of which cause system crashes and
other anomalies. At least one strain replaces the Home stack script
and deletes stacks run subsequently. Variants include Merry2Xmas,
Lopez, and the rather destructive Crudshot. [Ken Dunham discovered
the merryXmas virus. His program merryxmasWatcher 2.0 was very
popular and still can eradicate the most common two strains,
merryXmas and merry2Xmas. merryxmasWatcher 2.0 is outdated for the
rest this family.]

Antibody is a recent virus-hunting virus which propagates between
stacks checking for and removing MerryXmas, and inserting an
inoculation script.

Independance (sic) Day - reported in July, 1997. It attempts to
to be destructive, but fortunately is not well enough written to be
more than a nuisance. More information at:
<http://www.hyperactivesw.com/Virus1.html#IDay>

Blink - reported in August, 1998. Nondestructive but spreads;
infected stacks blink once per second starting in January, 1999.

 

Continue to:















TOP
previous page: 7.1 Mac-specific system and file infectors (Viruses and the Mac)
  
page up: Viruses and the Mac FAQ
  
next page: 7.3 Mac Trojan Horses (Viruses and the Mac)