|Type||Boot sector virus|
|Place of Origin||Alameda, California, USA|
Alameda, also known as Yale is an early boot sector virus that appeared in 1987. It is considered poorly coded and some virus experts have called its coder "lousy". Like many early viruses, it has many names.
Alameda is introduced to a system when the computer boots from an infected 5.25 inch floppy disk. The virus becomes memory resident, taking up a kilobyte of space. Rebooting the machine with Control-Alt-Delete will not remove the virus from memory, in fact, it will activate it. If an uninfected disk is inserted, it will infect that disk. The virus moves the original boot sector to track 39, head 0, sector 8.
The original Alameda virus uses a POP CS instruction. This instruction will only work on 8080 and 8086 machines. 286 and later machines are not affected. It is also limited by its inability to infect anything other than 360 kilobyte 5.25 inch floppy disks in the A: drive. Pingpong was similarly limited. These limitations lead some virus researchers to believe the virus was created using an A86 assembler on an 8080 or 8086.
There are several variants of this virus. A few variants remove and work around the POP CS instruction so it will work on 286 and later machines. Others may format the hard disk after a certain number of infections.
It is unlikely that this virus got very far or caused any damage. It was first detected at Merritt College in California. It was also detected at Yale University, where it became famous.
As with many early viruses, Alameda's name does not conform to the CARO naming standards. It also has gone by the name Yale (probably used more often than Alameda), Merritt, Peking and Seoul. It was called Yale after it appeared at the University. It is unclear where its other aliases came from.
NCSA. Virus Report, Alameda Virus. (OWWCD)
F-Secure Antivirus, F-Secure Virus Descriptions : Yale.