| Init1984 | |
|---|---|
| Type | File virus |
| Creator | |
| Date Discovered | 1992.03.13 |
| Place of Origin | Ireland? |
| Source Language | |
| Platform | MacOS |
| File Type(s) | |
| Infection Length | 4,342 bytes |
| Reported Costs | |
Init1984 is a dangerous virus for the classic MacOS with the potential to irreparably damage systems. Similar to malware such as Jerusalem and Infosys, it releases its payload on any Friday the 13th, a day with dark connotations in the west. It is believed to be the first Macintosh virus to intentionally harm the system. Because if the type of files it infected, it was unable to spread very far.
Behavior
Init1984 has a counter that helps it determine when to infect a file. It adds an "INIT ID 1984" and "STR ID 1984" resource to infected files. Init1984 works on MacOS System 6 and 7. On older versions with 64K ROMs, it will crash at boot time. The virus body contains the text "SCULLEY MUST DIE!".
Payload
On any Friday the 13th, the virus runs its payload routine. It attempts to rename all files and folders on the system. It will go through the files alphabetically, so some will be renamed twice, while others may not be touched. It will also change the type and creator of the files to random 4-byte values. The creation date will be set to 1904 January 01. Files that can't be renamed will be deleted. It erases around 2% of all files on each run.
Effects
Though having the potential to cause a great deal of damage, Init1984 did not have the opportunity because its spreading ability was quite limited. It did manage to cross an ocean though, being reported in a few locations in Europe (notably the Netherlands and Ireland) and several the United States. In most instances, the systems were severely damaged.
Though it was discovered while it was running its payload routine in March of 1992, it is entirely possible that it originated much earlier but went unnoticed or (if it was running its payload in another month with a Friday the 13th like September of 1991) was not recognized as Init1984 yet.
Infecting only INIT files probably limited the virus's spread more than previous ones, because these are not commonly shared.
Sources
Thomas Piehl, Ronald Greinke. University of Hamburg, Virus Test Center, Computer Virus Catalog 1.2,INIT 1984 Virus. 1992.07.13
Virus-L Digest, Volume 5 : Issue 69, WARNING: New Macintosh virus. 1991.03.19
John Norstad. Virus-L Digest, Disinfectant 2.7. 1992.03.23
Adam C. Engst. TidBITS, INIT 1984 Virus. 1992.03.23
Seguridad Apple, Virus INIT 1984: Un virus de Viernes 13 en Mac OS. 2012.11.09