Arelocs | |
---|---|
Type | File virus |
Creator | Mark Ludwig |
Date Discovered | 1995 |
Place of Origin | Show Low, Arizona, USA |
Source Language | |
Platform | OS/2 |
File Type(s) | .dll, .exe |
Arelocs also known as Aep is one of a few viruses for IBM's OS/2 operating system. It is considered "the first known virus that affects OS/2 files in the 'right way'" as it writes itself to the file and modifies the NewEXE header and other system areas.
Behavior
When executed, the virus searches for .dll and .exe files with an "NE" stamp and OS/2 marker in the NewEXE header. The virus then finds the number of the entry point segment and makes it larger by shifting down the other segments. Arelocs then writes its code there. /it then fixes the name and relocation tables and returns control to the host program.
The virus contains the following text string:
(C) 1995 American Eagle Publications Inc., All rights reserved.
Origin
Text found within the virus indicates it is a creation of American Eagle Publications (from which it gets one of its aliases, AEP) of Show Low, Arizona in the southwest United States. The owner of this publishing company, Dr. Mark Ludwig, had published the source code for many viruses in several books, many of them his own creation.
Other Facts
At the time of Arelocs's discovery, there were so few OS/2 viruses that they could be counted on one hand. The other two relatively well-known ones were Jiskefet and Myname. One of its aliases, Aep, is shared by another virus for 16-bit Windows.
Sources
Kaspersky Lab. Securelist.com, Virus.OS2.AEP.a. 1996.06.26
John F. Morar, David M. Chess. High Integrity Computing Laboratory, IBM Thomas J. Watson Research Center, The effect of computer viruses on OS/2 and Warp. 1995.09.20-22