Amiga Virus Encyclopedia
Red October 1.7 Link Virus
Red October 1.7 Linkvirus:
-Kickstart 3.x: Yes
-MC68040 : Yes
-Infected files become 1296 bytes longer
-No changed vectors
The virus allocates the memory for the to be infected file. It does
not path a DOS vector, it simply tries to infect files via EXNext etc.
The virus recognizes itself using the first codehunk and the first
longword in this hunk ($4e714e71).
The virus does not correct any Relochuncs and most infected programms
crash. It simply copies its codehunk before the first codehunk and
increases the length. The virus is very simple, but I decided to
recognize this one, too. This virus is very old.
Around offset 1100 in the first hunk, you can read:
The original first infected file is 1296 bytes long and will be
cleared completely (`cause there is nothing more to fix`).
To this virus, there exists a documentation, which was spread years
ago together with this virus:
The Red October Virus 1.7 (901029)
This virus program is for demonstration and testing purpose only.
The Red October virus is a non-overwriting virus and was developed
and tested under AmigaDOS 1.3.
The following points influenced the development of the program:
1. The virus should infect other programs only when system clock
seconds are evenly divisible by three.
2. All of the infected files should continue to work properly.
3. The manipulation task in the virus causes a system crash when
the system clock seconds are 16, 32 or 48 (evenly divisible
4. The virus only infects files which are shorter than 50000
bytes in the current directory.
Delete the virus and the infected programs on the computer when
you are done. WORK WITH COPIES ONLY.
Test by Markus Schmall Detection tested 12.2.1995.