CHAPTER 1: THIS WEEK'S VIRUS ALERT
(Dark Avenger in Disguise and biting hard!)
FACT: Did you know that there are over 586 Unique viruses and over 1300 total viruses including strains?
Thank you ...
Thank you for waiting for this new version of THE VIRUS INFORMER. Some of you might know that my wife and I had our first child, a big boy, and I took time off from the newsletter to be with my new family member.
THE DARK AVENGER is becoming quite popular these days among computer virus watchers and anti-virus programmers. What has made this virus, which interestingly enough is among the older computer viruses discovered way back in 1989, a BIG worry among those in the virus industry?
For starters, the Dark Avenger has recently evolved into what is commonly known today as the 'Dark Avenger Mutation Engine.' Similar as to what it sounds, this ENGINE is a new kind of computer virus and a threat, indeed.
This MUTATING ENGINE can be used by virtually anyone to create a mutating virus, or what some call a polymorphic virus. Unfortunately to the good name of BBSes, this Engine, or program, was discovered and distributed via BBSes. Anyone can get their hands on it.
In addition, this virus uses some fancy encryption procedures that make it very difficult to even detect. Believe it or not, and as this engine is readily available, conventional viruses are turning up at a rate of 10 to 20 new viruses per week. According to Steve Gibson in a recent issue of INFOWORLD, "the sophistication of the Mutation Engine is amazing and even staggering."
HISTORY OF DARK AVENGER: Discoverd first in the U.S. in 1989 by UC Davis, the Dark Avenger had it origin seated back in Bulgaria. It has many alias names such as: Black Avenger, Boroda, Eddie, Diana, Rabid Avenger, VAN Soft, Dark Avenger 1801, Evil Men, PS!K0, and Dark Avenger-C.
Dark Avenger is not a Mr. Nice Guy in any sense of the word. It is a viscious and damaging computer virus. It infects quickly one's .COM and .EXE type files including overlay files and your Command.com file.
This virus even becomes memory resident and will install itself into your system memory becoming memory resident even after you turn your power off. And as you might already know, many of your DOS files have the etension of .EXE and .COM. So using your DOS COPY command or XCOPY would greatly spread this virus around quickly.
Once your file(s) is infected by the Dark Avenger virus, it will randomly overwrite a sector on your disk with a portion of this virus code poisoning your files. And if the randomly chosen sector is a portion of one of your programs, forget it! Programs and data files once infected by a sector being overwritten are permanently damaged and cannot be repaired since the original sector has now been lost.
HOW TO KNOW YOU'VE GOT IT? Generally once infected many of your files will increase in size by lengths of an additional 1800 bytes. Also, messages such as, "The Dark Avenger, copyright 1988, 1989," as well as "This program was written in the city of Sofia. Eddie lives ... somewhere in Time!" Crazy!
If your computer and files do become infected with this virus, power off your system and then reboot with a CLEAN WRITE PROTECTED boot diskette, usually your original DOS disk as it's write protected. Following, carefully use a disinfector like McAfee's CLEAN program. Make sure to re-scan all files again and floppies. Stick a big RED STICKER on those floppies that are clean and have been checked out okay.
WANT TO KNOW IF ANTIVIRUS SOFTWARE CAN ACTUALLY DETECT THIS VIRUS?
Read chapter 4 of this issue of THE VIRUS INFORMER for an informative look into this virus written by William S. McKiernan, Vice President of McAfee Associates--world leaders in antivirus protection.
- end -