F-Secure Virus Descriptions : Brain
| NAME: |
Brain |
| TYPE: |
Resident Stealth Boot sectors |
| ORIGIN: |
Pakistan |
This is the oldest PC virus known, first detected in January '86. Several variants of this virus are known, but most of them are fairly harmless. This virus is rather large and most of it is located in sectors that are marked as "bad" in the FAT.
Before this virus infects diskettes, it looks for a "signature". This makes it possible to "inoculate" against it, just by putting the signature in the correct place in the boot sector.
The Brain virus tries to hide from detection by hooking into INT 13. When an attempt is made to read an infected boot sector, Brain will just show you the original boot sector instead. This means that if you look at the boot sector using DEBUG or any similar program, everything will look normal, if the virus is active in memory. This means the virus is the first "stealth" virus as well.
The major effect of this virus is a (fairly harmless) change of the volume label. It usually becomes
(c) Brain
but one variant of the virus changes the text into
(c) ashar
One of the most interesting details regarding the Brain virus is the following text, which appears inside it:
Welcome to the Dungeon
(c) 1986 Basit & Amjad (pvt) Ltd.
BRAIN COMPUTER SERVICES
730 NIZAB BLOCK ALLAMA IQBAL TOWN
LAHORE-PAKISTAN
PHONE :430791,443248,280530.
Beware of this VIRUS....
Contact us for vaccination............ $#@%$@!!
In another version of the virus, the text looks like this:
Welcome to the Dungeon
(c) 1986 Brain & Amjads (pvt) Ltd.
VIRUS_SHOE RECORD v9.0
Dedicated to the dynamic memories
of millions of virus who are no longer with us today -
Thanks GOODNESS!!
BEWARE OF THE er..VIRUS :This program is catching
program follows after these messeges..... $#@%$@!!
These messages have led to considerable speculation regarding the possible author(s) of the virus.
One harmful variant has been reported, which will attack on May 5. 1992.
Nowadays Brain is extinct.
