The following text is copyright (c) 1987-1990 CompuServe Magazine
and may not be reproduced without the express written permission of CompuServe.

CompuServe Magazine's Virus History Timeline

CompuServe Magazine is published monthly by the CompuServe Information
Service, the world's largest on-line information service with over 600,000
subscribers worldwide.

If you would like to become a CompuServe subscriber, call
1-800-848-8199 to receive a copy of the CompuServe Information Service
membership kit.

- 1987 -


"VIRUS" INFECTS COMMODORE COMPUTERS

  (Nov. 20)
  A "virus" has been infecting Commodore's Amiga computers, and what was once
considered an innocent bit of hacking has turned into a disaster for some users.
  The "virus" is a secret modification to the boot block, an area on many disks
using operating system facilities of the Amiga. In addition to its transparent
purpose --- starting the operating system -- the virus contains code that can
infect other disks.  Once a virus infected disk is used on a computer, the
computer's memory becomes a breeding ground and all other bootable disks that
find their way to that computer will eventually become infected. Any exchange of
diskettes with another computer then infects the new computer.
  Although the original intention of the virus apparently was benign, it may
have spread to thousands of Amiga computers and disrupted their normal
operations. Since some commercial software developers use coded information in
the boot block of their distribution disks, the virus can inadvertently damage
these disks and render the software useless. Knowledgeable users say the virus
was meant to be a high-tech joke that displayed a message after it had
completely infiltrated a user's disks library.
  According to Amiga technical support personnel, the only sure way for users to
keep the virus out of their systems is to avoid warm starting the computer. It
should always be ¸'wered down first.
  --James Moran


VIRUS MOVES TO IBM COMPUTERS

  (Dec. 7)
  On the heels of the Amiga virus, reported recently in Online Today, a new
apparently less benign virus has been making the rounds of IBM personal
computers. The IBM-related virus was first noted at Lehigh University where,
last week, a representative in the User Services section reported its discovery
by student consultants.
  As with other similar viruses, this one is spread by means of an infected
system file. In this case, a hacked version of IBM's COMMAND.COM processor is
the host that harbors the virus.  Once infected, the host PC will then infect
the first four computers with which it comes in contact. In all cases, the virus
is spread through an illegally modified version of the IBM command processor.
  Once the host has infected four other computers, the host virus is reported to
purposely destroy the boot tracks and allocation tables for all disks and
diskettes that are online to the host computer. The action renders the disks
completely unreadable, even when reconstructs are attempted with popular disk
repair software.
  The consultant at Lehigh University who first alerted general users to the
virus says that it can be detected by examining the date on the COMMAND.COM
file. A recent date would suggest that the file had been illegally modified.
  --James Moran


CHRISTMAS GREETINGS MESSAGE TIES UP IBM'S ELECTRONIC MAIL SYSTEM

  (Dec. 12)
  IBM nearly lost its Christmas spirit yesterday. It seems that a digital
Christmas card sent through its electronic mail system jammed computers at
plants across the United States for up to 90 minutes.
  The Associated Press quotes IBM spokesman Joseph Dahm as saying the incident
caused no permanent damage, but forced the company to turn off links between
computer terminals for a while.
  AP says, "Curious employees who read the message discovered an illustration of
a Christmas tree with 'Holiday Greetings' superimposed on it. A caption advised,
'Don't browse it, it's more fun to run it.' Once a person opened the computer
message on their screen, it rarely accepted a command to stop the message from
unfolding on the screen. As a result, several people shut off their computers
and lost reports or mail that had not previously been filed."
  Apparently the message also automatically duplicated itself and was sent to
other workstations.
  Online plants in Texas and New York were affected, Dahm said. Meanwhile,
sources said that other facilities in Charlotte, N.C.; Lexington, Ky.;
California and Europe also received the message.
  Federal agents even may investigate the incident, the wire service says, since
the message apparently crossed state lines.
  --Charles Bowen

