Virdem
Virdem
Type File virus
Creator Ralf Burger
Date Discovered 1986.12
Place of Origin Hamburg, Germany
Source Language Assembly
Platform DOS
File Type(s) .com
Infection Length 1,336 bytes

Virdem was the first file virus for the DOS operating system. It appeared almost a year after the Pakistani Brain boot sector virus.

Behavior

When a file infected with Virdem is executed, it overwrites the beginning of a .com file and appends the rest of its code to the file. It infects files on the A: drive, but avoids the first file it finds at the root of the drive. Virdem also stops infecting at the second subdirectory of the disk. It is a direct infector that does not install itself into the memory.

After the virus infects the file, it plays a game with the infected computer's user. It displays the text:

  VirDem Ver.: 1.06 (Generation #) aktive.
  Copyright by R.Burger 1986,1987
  Phone.: D - 05932/5451

  This is a demoprogram for
  computerviruses. Please put in a
  number now.
  If you're right, you'll be
  able to continue.
  The number is between
  0 and x

The "x" is the generation number of the virus. If the user guesses the wrong number, it displays the message:
  Sorry, you're wrong
  More luck at next try

If the user guesses right, it displays the message:
  Famous. You're right.
  You'll be able to continue.

After all possible files have been infected, it displays the message:
  All your programs are 
  struck by VIRDEM.COM now.

Variants

There are two versions of the original virus, the only differences being that their text strings are in German and English. There are also two variants which have a smaller infection length, 792 and 824 bytes. These two display no messages and may be earlier versions of the virus. There is a variant named Virdem.Killer, which has slightly different text strings.

Variants of this virus were being created as late as 1993, six or seven years after the original was created.

Origin

Virdem was created by Ralf Burger, author of the book, "Computer Viruses: A High-Tech Disease". He presented the working model of Virdem to the Chaos Computer Club, an underground hacker forum, in Germany. Most of the forum members were interested in the VAX/VMS platform, but they still took interest in the idea of a virus. Burger is quoted as saying about viruses that "used properly may bring about a new generation of self-modifying computer operating systems".

Sources

F-Secure Antivirus, F-Secure Virus Descriptions : Virdem.

Online VSUM, Virdem Virus.

Jim Bates. The Virus Information Service, Virdem Virus. 1990.06

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License