Cdef | |
---|---|
Type | File virus |
Creator | |
Date Discovered | 1990.08 |
Place of Origin | Ithaca, New York, USA |
Source Language | |
Platform | MacOS |
File Type(s) | Resource fork extension |
Infection Length | 510 bytes |
Reported Costs |
Cdef is a Macintosh virus from 1990. It was very widespread at Cornell University in Ithaca, the city it originated from. It was the third in a string of definition resource infecting viruses starting with Wdef. Its creator is suspected to be also behind the Mdef virus and there is a small possibility it has a connection to the Mbdf virus a couple years later.
Behavior
Cdef arrives on a system from an infected Desktop file on removable media. The virus is triggered when the Desktop file is executed, which is usually when the media is inserted. It copies itself to all Desktop files on the first three connected volumes as the resource named "CDEF 1".
It does not infect any Macintosh systems beyond OS6.
Effects
Cdef was widespread at Cornell University in 1990 and 1991. As there was no malicious payload, it is unlikely that there was any financial damage. One very insignificant variant appeared in 1993, but was so similar to the original that antivirus vendors did not even create a separate detection for it.
Cdef was at least once preinstalled in vendor software. Virginia-based American Computer Resources accidentally sent the virus in a disk of Seiko PS-X Printer drivers on the first of July in 1991.
Origin
The origins of several Macintosh viruses were traced to a 16-year-old in Ithaca, New York. Cdef was one of the viruses presumed to have been written by this person, but this has never been confirmed. Cornell was also the home of Mdef virus that appeared mere months earlier as well as the Mbdf virus whose discovery lead to the arrest of its creator. It's uncertain if they are related, though they behave similarly. Also, the MacOS virus Zuc made an appearance here, though it originated in Italy and the Unix Morris worm came from here.
Other facts
Clostridium Difficile is a deadly antibiotic-resistant strain of bacteria that sometimes goes by the abbreviation CDF, CDiff or sometimes mistakenly as C-Def. The similarity of the name is likely entirely coincidental.
Sources
Ronald Greinke. Virus Test Center, University Hamburg, CDEF Virus.
F8DY@VAX5.CIT.CORNELL.EDU. Virus-L Digest, "Re: Is virus infection by inserting floppy disk possible?" 1991.04.16 (OWWCD)
John Norstad. Virus-L Digest, "Re: ***CDEF & Disinfectant 2.9 (MAC)*****." 1993.02.16
spaf@cs.purdue.edu. Virus-L Digest, "WARNING: Two new Mac viruses (Mac)." 1993.02.25
Macintosh Support, Meaning of the Desktop DB & Desktop DF Files.
Adam C. Engst. TidBITS, ANTI-B. 1990.10.01
Symantec, CDEF.