Date : Wed, 24 Jun 1992 07:02:40 GMT
From : mcsun!Germany.EU.net!nixpbe!uranium!josef@uunet.uu.net (Josef Moellers)
Subject: Re: Virus on CP/M (does it exist?)
In <1992Jun16.235854.6312@usage.csd.unsw.OZ.AU> henryb@aix00.csd.unsw.OZ.AU
(Dr Henry Brancik) writes:
>Does somebody know (or did anybody come across) a computer virus on
>CP/M machines (I mean CP/M-2.* and CP/M-3.*)? I do not think that
>it is possible to have such a "program" that will go into the system
>and not being noticed during the transfer of files and then run on its
>own (without the user actually typing the program name or including it
>in the .SUB files). My claim is that such a program never existed
>on those machines. Can anyone support me on that?
Well, I've never seen a virus on my CP/M machine (actually it's an
SB180FX running ZSYSTEM, but that's compatible to CP/M) but I assume
that one could get a virus into such a system.
A virus does not necessarily have to be a complete "program", virusses
(viri/vira?) can also be attached to existing programs. I have the
impression that this is actually the usual way to have a virus.
There is one big difference between MS/DOS and CP/M that make having a
"free" virus in CP/M a little more difficult: the management of free disk
blocks. CP/M rebuilds (part of) it's free block list every time the
current list drains (call this "garbage collection"). That means that a
virus occupying a disk block that does not belong to a file, will sooner
or later be allocated to a growing file. MS/DOS on the other hand, has
it's FAT, which describes ON THE DISK which blocks are free and which
are in use. Therefore a virus can hide in a "non free" but also "non
allocated" block, pretty much like a "bad block". Under CP/M You would
have to group bad blocks into a file.
Of course, You can always attach a virus to an existing file. All CP/M
executables are "COM"-files, i.e. the entire contents of the file are
placed into memory and then execution commences at address 100h (0x100).
You could place a "JMP virus" there which jumps to the added code and
the added code then returns to e.g. 103h. However, think about what You
can (or cannot) do with a mere 56k of free memory (some CP/M systems
have even less).
As I said, I've never tried to write a virus myself, I've never seen one
on CP/M, and thanks to the widespread (commercial) use of MS/DOS, I
am glad no-one actually cares enough about CP/M to actually launch a
viral attack b-{)
> - Henry Brancik,
>E-mail: henryb@aix00.csd.unsw.oz.au
--
| Josef Moellers | c/o Siemens Nixdorf Informationssysteme AG |
| USA: mollers.pad@sni-usa.com | Abt. STO-XS 113 | Riemekestrasse |
| !USA: mollers.pad@sni.de | Phone: (+49) 5251 835124 | D-4790 Paderborn |