Pathogen | |
---|---|
Type | File virus |
Creator | Black Baron |
Date Discovered | 1994.04 |
Place of Origin | Devon, United Kingdom |
Source Language | Assembly |
Platform | DOS |
File Type(s) | .com, .exe |
Infection Length | 7,856 bytes |
Reported Costs | $1,556,000 |
Pathogen is a virus made using the SMEG Virus Construction Kit. SMEG is actually a polymorphic mutation engine, similar to the Dark Avenger Mutation Engine. It became very prolific and its creator was found and sentenced to jail.
Behavior
When Pathogen is executed, the virus becomes memory resident, taking up 7,872 bytes in memory. If any files have a time stamp more then 100 years away from the system date, the virus will not infect them. In order to avoid COMMAND.COM, as well as some antivirus products, it avoids files whose names include the following: co*.*, f-*.*, sc*.*, tb*.*, vi*.*, fs*.*, vp*.*, vs*.*, cl*.*, sm*.* and fl*.*. Pathogen appends itself to the end of the file when files are executed or opened.
Pathogen keeps a counter of how many files it has infected. When 32 files have been infected and the virus is executed on a Monday between 17:00 and 18:00, it will disable the keyboard, corrupt data in the first 256 cylinders of the hard drive, patches the CMOS to disable the disk drives and display a message. The message says:
Your hard-disk is being corrupted, courtesy of PATHOGEN!
Programmed in the U.K. (Yes, NOT Bulgaria!) [C] The Black Baron 1993-4.
Featuring SMEG v0.1: Simulated Metamorphic Encryption Generator!
'Smoke me a kipper, I'll be back for breakfast.....'
Unfortunately some of your data won't!!!!!
Variants
Queeg is similar to Pathogen in all respects with the exception of the text it displays.
-¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
- -» QUEEG «- -
- 23:58, May 2, 2010 (UTC) -
-(C)The Black Baron 1994 -
- -
- Featuring: SMEG v0.2 -
- -
- Better than life..... -
L¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦-
Effects
An unnamed victim of the virus claimed to have lost a half-million pounds (about 800,000 dollars). By 1995.11.16, the virus had caused over 1,000,000 British pounds of damage (at this time, given the exchange rates at that date, is about US$1,556,000).
Origin
"Black Baron" was revealed to be unemployed computer programmer Christopher Pile of Devon in the southwest of England. He was found and pled guilty to five counts of unauthorized access to computers to facilitate crime, another five of unauthorized modifications of computer software and one count of inciting others to spread his viruses. on 1995.11.15 he received 18 months in prison.
Other Facts
Some sources claim Smeg is a virus itself. Others say it is a construction kit. These are both incorrect, as it is a polymorphic engine.
Smeg (sometimes written in all capital letters) has been used as an acronym, a shortened form for a medical condition (Smegma) and even a fictional profanity. Smeg was a profanity used in the British science fiction series "Red Dwarf", which Black Baron was fond of. It can also be a short form or Smegma, collections of usually white crust around the genitals, sometimes also known as "cockcheese". It is also a menu editor for the Unix GNOME desktop among other things.
Sources
Symantec.com, SMEG.Pathogen. 2007.02.13
Ronald B. Standler. Examples of Malicious Computer Programs, Pathogen Virus. 2002.10.05
F-Secure Antivirus, SMEG.
Kaspersky Lab. Securelist, Virus.DOS.SMEG.Pathogen. 2000.06.10
Wolfgang Stiller. University of Hamburg, Virus Test Center, Pathogen.SMEG. 1994.04.04
Eset, Smeg.
Peter Victor. The Independent, 'Black Baron' a self-taught whiz-kid. 1995.11.16
The Black Baron. A general description of the methods behind a polymorph engine.