Arelocs
Arelocs
Type File virus
Creator Mark Ludwig
Date Discovered 1995
Place of Origin Show Low, Arizona, USA
Source Language
Platform OS/2
File Type(s) .dll, .exe

Arelocs also known as Aep is one of a few viruses for IBM's OS/2 operating system. It is considered "the first known virus that affects OS/2 files in the 'right way'" as it writes itself to the file and modifies the NewEXE header and other system areas.

Behavior

When executed, the virus searches for .dll and .exe files with an "NE" stamp and OS/2 marker in the NewEXE header. The virus then finds the number of the entry point segment and makes it larger by shifting down the other segments. Arelocs then writes its code there. /it then fixes the name and relocation tables and returns control to the host program.

The virus contains the following text string:

(C) 1995 American Eagle Publications Inc., All rights reserved.

Origin

Text found within the virus indicates it is a creation of American Eagle Publications (from which it gets one of its aliases, AEP) of Show Low, Arizona in the southwest United States. The owner of this publishing company, Dr. Mark Ludwig, had published the source code for many viruses in several books, many of them his own creation.

Other Facts

At the time of Arelocs's discovery, there were so few OS/2 viruses that they could be counted on one hand. The other two relatively well-known ones were Jiskefet and Myname. One of its aliases, Aep, is shared by another virus for 16-bit Windows.

Sources

Kaspersky Lab. Securelist.com, Virus.OS2.AEP.a. 1996.06.26

John F. Morar, David M. Chess. High Integrity Computing Laboratory, IBM Thomas J. Watson Research Center, The effect of computer viruses on OS/2 and Warp. 1995.09.20-22

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License