Misplaced Pages

Alabama (computer virus)

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
The topic of this article may not meet Misplaced Pages's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted.
Find sources: "Alabama" computer virus – news · newspapers · books · scholar · JSTOR (August 2012) (Learn how and when to remove this message)
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Alabama" computer virus – news · newspapers · books · scholar · JSTOR (August 2012) (Learn how and when to remove this message)
This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (March 2010) (Learn how and when to remove this message)
(Learn how and when to remove this message)
Alabama
Technical nameAlabama
AliasAla
TypeDOS
SubtypeDOS file infector
ClassificationVirus
FamilyAlabama
OriginIsrael
AuthorsYsrael Radai

Alabama is a computer virus, discovered in October 1989 on the campus of the Hebrew University of Jerusalem.

Infection

Alabama is a fairly standard file infector outside its odd behaviour of deciding what files to infect. When an infected file is executed, Alabama goes memory resident. Whenever a .EXE file is executed from this point on, Alabama will search out for another file to infect. This is probably intended to place blame on the file that is being executed instead of the virus itself. Files infected by Alabama increase in size by 1,560 bytes.

Symptoms

A number of symptoms are associated with Alabama:

  • EXE files will increase by 1,560 bytes in size upon infection.
  • On Fridays, Alabama will begin to modify the File Allocation Table. As a result, when a file is executed, another may appear in its place. This is potentially dangerous. For more information, see the payload section.
  • One hour after an infected program is run, Alabama will bring up a flashing box with the text: SOFTWARE COPIES PROHIBITED BY INTERNATIONAL LAW..............Box 1055 Tuscambia ALABAMA USA.

The third symptom is by far the clearest indication of an Alabama infection. It is unknown what the PO Box address in the virus refers to. However, the implication of the message is that Alabama was released in an attempt to curb software piracy. Similar motivations led to the creation of the first known PC virus, Brain. This message also suggests that the PO Box may very well not belong to the author: the author clearly meant Tuscumbia, Alabama, as Tuscambia is not a city. This supports the theory that the virus originated in Israel.

Payload

On Fridays, Alabama will begin to modify the File Allocation Table in an odd way. Instead of searching for a file to infect, Alabama searches for a file to cross-reference. The virus modifies the FAT entry so that when the user executes one file, another will appear. For instance, on a machine where Alabama is resident, executing PROGRAM1.EXE on a Friday may cause the virus to search for another program and find PROGRAM2.EXE. Alabama will then modify the FAT so that whenever PROGRAM1.EXE is executed, PROGRAM2.EXE displays instead. This certainly can result in confusion, and may result in programs being lost or incorrectly deleted.

Prevalence

The WildList Archived 2016-12-01 at the Wayback Machine, an organisation tracking computer viruses, never reported Alabama as being in the field. It was isolated spreading in Israel, but this may have been a limited local outbreak.

Since the advent of Windows, even successful DOS viruses have become increasingly rare. As such, Alabama can be considered obsolete.

Variants

There is one known variant of Alabama. Alabama.B was distributed as a modified SDIR.COM. SDIR.COM was a program created to replace the DOS DIR command. Like the original Alabama, the "B" variant does not infect .COM files. The modified SDIR.COM is simply used as a dropper.

References

  1. "Alabama Virus". Informatik.uni-hamburg. Retrieved 15 February 2013.
  2. "Alabama Virus". VSUM. Retrieved 15 February 2013.

External links

Categories: