|Date Discovered||< 1998|
|Place of Origin||Show Low, Arizona|
|Infection Length||682 bytes|
Jezebel is a Windows 9x virus coded by Mark Ludwig. It is notable for being a demonstration virus that shows adding a code section to the files that it infects. It appeared in the Giant Black Book of Computer Viruses to demonstrate this. It is very similar to the Hillary virus found in the previous chapter of the Black Book.
When Jezebel is executed, it begins searching for .exe files in the current directory. When it finds one, It checks the file for any potential problems with infecting it and makes sure the file is not already infected. One of the issues it may encounter is the fact that PE executables can only accommodate a finite number of section headers, required for each section. The virus edits the file's entry point so that the virus's code will execute first when the file is opened. It adds a new code section to the end of the file named ".jezzy". It then returns control to the host program.
There are at about two variants of this virus. They are about the same in functionality and may simply be different versions created by the author. Their main difference is in their file size, which can be from 676 to 1,024 bytes.
Jezebel is the name of a princess appearing in the Torah and Bible. She encouraged worship of the pagan gods and persecuted the prophets of the Jewish god Yahweh. Historically, she was vilified and associated with prostitutes and loose women. Some people have come to view Jezebel as a rebel however. Various books, films and television shows have featured a character named Jezebel and there is a radical feminist blog bearing that name. Ludwig's reason for naming the virus Jezebel is uncertain, though the fact that his other books not involving viruses show he believed in a very unique form of fundamentalist Christianity could provide a clue.
Mark A. Ludwig. The Giant Black Book of Computer Viruses, Second Edition. Chapter 17, "A Multi-Section Windows Virus", pp 207-214. Show Low, Arizona: American Eagle Publications 1998.
Kaspersky Lab. SecureList, Virus.Win9x.Lud.Jez.676.