Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!wuarchive!waikato.ac.nz!comp.vuw.ac.nz!actrix!tower!johnv
From: johnv@tower.actrix.gen.nz (John Veldthuis)
Newsgroups: comp.sys.amiga.programmer
Subject: What the Saddam Virus does
Message-ID: <4917.tnews@tower.actrix.gen.nz>
Date: 7 May 91 09:06:18 GMT
Organization: Amiga Virus Extermination Services, NZAmigaUG :).
Lines: 27

I have worked out what the Saddam virus does and it is very nasty. There
are a few different stages to it so I will go through it.
It infects your machine by AmigaDOS using the Disk-Validator on the disk
you insert in the drive.
When you write to the root directory of any drive the virus will move the
BitMap page pointer to another slot. If the virus is active then when the
root block is read it moves it back so AmigaDOS thinks the disk is okay. If
the virus is not running AmigaDOS will see no BitMap pages and run the
Disk-Validator on the disk and infecting your machine again.
When AmigaDOS writes to Data blocks the virus will change the first bit to
IRAK and encode the rest of the block. If the virus is running when the
block is read it replaces in memory the IRAK with the proper number (8) and
decode the data block. If the virus is not running you will get a read
write error as AmigaDOS can't find a valid DATA block there.
No comes the worst bit.
When the virus is triggered it will (if the disk is write enabled) wipe out
both sides of the disk with random data (what ever is in memory at the
time) by writing to every track on the disk. It will then bring up an
Alert() telling you it is the SADDAM virus and reboot the machine once the
alert is canceled.

So beware this virus and try to wipe it out early.

Please CBM fix this little loophole before you finish 2.0 so that the
Disk-Validator is got from L: instead of :L/ first
--
*** John Veldthuis, NZAmigaUG.         johnv@tower.actrix.gen.nz       ***