Bytebandit is an Amiga boot sector virus. It was very simple and unencrypted, so it became a model for many other Amiga viruses like Lamex. Whether it has any relation to the earlier SCA virus for the Amiga is unknown.

Behavior

When a diskette with Bytebandit on it is booted, the virus becomes memory resident. It stays resident after a warm reboot. It infects the boot blocks of 3.5 inch and 5.25 inch floppy disks any time an uninfected one is accessed.

The virus will check to see if the system has been reset twice and if it has infected 6 disks. If both of these are true, the virus will wait for seven minutes, then the screen will go black and the computer will accept no more keystrokes with one exception. If the user presses the keys LEFT-ALT + LEFT-AMIGA + SPACE + RIGHT-AMIGA + RIGHT ALT, it will end this state.

Variants

Bytebandit was a very simple virus and it spawned many variants. Many viruses that may not be considered variants were modeled on this virus.

Name

Bytebandit is named for the text found in the virus:

 Virus by Byte   Bandit in  9.87.

As the virus is for the Amiga platform, many antivirus products do not even bother to detect this virus, and therefore do not have a name for it.

Other Facts

Bytebandit contains the text "Virus by Byte Bandit in 9.87". Some believe that the 9.87 figure is the date the virus was created (1987 September). The virus was first discovered in 1988 January, and there is no other indication that the virus was created before that date.

Sources

The Amiga Viruses Encyclopedia, Byte Bandit.

Alfred Manthey Rojas, Joerg Kock. University of Hamburg, Virus-Test-Center, BYTE BANDIT Virus. 1996