Tentacle
Tentacle
Type File virus
Creator
Date Discovered 1996
Place of Origin France, United Kingdom?
Source Language
Platform MS Windows, DOS
File Type(s) .exe
Infection Length 1,944 bytes
Reported Costs

Tentacle is a family of viruses targeted at DOS, 16-bit Windows and the Windows 9x series. It is very similar to Shell, another virus allegedly by the same coder. Some variants of this virus use the technique of entry point obscuring to avoid triggering heuristic scanners.

Behavior

tentacle.gif

When a Tentacle infected file is executed, it searches the current working directory along with the Windows directory for .exe files. It infects one in the current working directory and two in Windows.

Tentacle will replace the icon of a file it has infected with its own icon if infection takes place between midnight and a quarter past midnight. This icon has a green tentacle with the text "tentacle" under it. The virus may also corrupt some files and make them unusable.

The virus contains the text string "Virus Alert! This file is infected with Win.Tentacle".

Variants

In addition to a couple variants for 16-bit Windows, there is also one variant for DOS as well as Windows 9x.

Tentacle II

tentacleII.jpg

This is a 10,596-byte variant of Tentacle. It uses a technique known as entry-point obscuring to avoid triggering heuristic scanners. It also drops the file TENTACLE.GIF, an image which will be displayed every time a GIF image is viewed on the system. The image is quite similar to the original Tentacle's icon, with the exception of the message "I'm the Tentacle Virus" written across the top of the image.

It contains the text "Virus Alert! This file is infected with Win.Tentacle_II".

Tentacle II.B

This variant is very similar to Tentacle II, with the exception of the text "INDIPENDENCE VIRUS - By CyberLord '96."

Tentatrickle

This is a DOS version of the virus that appeared in September of 1996. It only infects .exe files. It interferes with the handling of GIF files.

Tentaclell

This one goes by the name Tentaclell or Tenta.2045 and works on Windows 9x systems. Very little information seems to be available on it.

Effects

Tentacle did end up making it into the wild after (or maybe even before) being posted to the alt.cracks newsgroup. By mid May of 1996, the virus had made it to Canada.

Origin

Tentacle first appeared in the UK and France in March of 1996. It first received attention in the US when it was found in a file called dogzcode.zip via the alt.cracks usenet newsgroup.

Sources

Mikko Hypponen. F-Secure, Tentacle.

-. -, TENTATRICKLE.

Long Reaching Virus Still Kicking.

Peter Szor. The Art of Computer Virus Research and Defense, 4.2. File Infection Techniques.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License