Virdem | |
---|---|
Type | File virus |
Creator | Ralf Burger |
Date Discovered | 1986.12 |
Place of Origin | Hamburg, Germany |
Source Language | Assembly |
Platform | DOS |
File Type(s) | .com |
Infection Length | 1,336 bytes |
Virdem was the first file virus for the DOS operating system. It appeared almost a year after the Pakistani Brain boot sector virus.
Behavior
When a file infected with Virdem is executed, it overwrites the beginning of a .com file and appends the rest of its code to the file. It infects files on the A: drive, but avoids the first file it finds at the root of the drive. Virdem also stops infecting at the second subdirectory of the disk. It is a direct infector that does not install itself into the memory.
After the virus infects the file, it plays a game with the infected computer's user. It displays the text:
VirDem Ver.: 1.06 (Generation #) aktive.
Copyright by R.Burger 1986,1987
Phone.: D - 05932/5451
This is a demoprogram for
computerviruses. Please put in a
number now.
If you're right, you'll be
able to continue.
The number is between
0 and x
The "x" is the generation number of the virus. If the user guesses the wrong number, it displays the message:
Sorry, you're wrong
More luck at next try
If the user guesses right, it displays the message:
Famous. You're right.
You'll be able to continue.
After all possible files have been infected, it displays the message:
All your programs are
struck by VIRDEM.COM now.
Variants
There are two versions of the original virus, the only differences being that their text strings are in German and English. There are also two variants which have a smaller infection length, 792 and 824 bytes. These two display no messages and may be earlier versions of the virus. There is a variant named Virdem.Killer, which has slightly different text strings.
Variants of this virus were being created as late as 1993, six or seven years after the original was created.
Origin
Virdem was created by Ralf Burger, author of the book, "Computer Viruses: A High-Tech Disease". He presented the working model of Virdem to the Chaos Computer Club, an underground hacker forum, in Germany. Most of the forum members were interested in the VAX/VMS platform, but they still took interest in the idea of a virus. Burger is quoted as saying about viruses that "used properly may bring about a new generation of self-modifying computer operating systems".
Sources
F-Secure Antivirus, F-Secure Virus Descriptions : Virdem.
Online VSUM, Virdem Virus.
Jim Bates. The Virus Information Service, Virdem Virus. 1990.06