Wednesday, June 3, 2009 Virus dari Malaysia

Malaysia tidak terkecuali daripada menjadi antara negara yang mempunyai penulis virus. Walaupun tidak diketahui secara tepat siapakah penulis virus-virus ini, namun ia dikenali menerusi signature nya seperti KV yang bermaksud Klang Valley dan KL yang bermaksud Kuala Lumpur.

Antara virus-virus ini ialah :

1. Antigus
2. Black Monday
Virus Black Monday adalah antara virus yang paling popular daripada Malaysia.
3. Pendang
Pendang mula ditemui pada tahun 2001, walaupun para pengkaji virus yakin virus ini telah lama berada di dalam dunia komputer. Ia kadang-kala di panggil HLLC.Birthday.10736 bagi sesetengah anti-virus Berikut adalah spesifikasi virus Pendang daripada Pc-Cillin (salah sebuah pengeluar anti-virus ternama).

Virus Name: PENDANG
Alias: none
Language: English
Virus Type: Dos Executable
Platform: DOS /WINDOWS 9X/NT/ 2000

Number of Macros: None

Encrypted: Non encrypted and non compressed.

Size of Virus: 10,736 bytes

Place of Origin: Unknown

Date of Origin: Unknown

Symptoms:
Destructive: No

Trigger Date: None
Trigger Condition: Upon execution
Password: None

Seen in the Wild: Unknown

Payload: none
Detected in Engine: V5.17
.
Detected in Pattern: 831

[DEscriptION]
This is a DOS virus that is direct action infector of all *.exe (both DOS exe and Win32 exe files) in the current directory where it is executed. This is a companion virus , having a backup of the original files.
[Details]

This DOS virus when executed will infect *.EXE files located on the directory where it is executed. The original copy of files has been renamed in x.exe. and the infected one was .exe.
It also drops a Viruslog.dll in the root directory containing a text and the infected file(s). Below is an example:

If you found this file in your disk, Well...seems your disk is
already infected by PENDANG_reboot virus.
I felt sorry for you. Nevermind, this virus do nothing other then
COPIED ITSELF onto your *.Exe files (Gulp! I Guess). So don't worry.
Pendang, Kedah. Malaysia.
31/05/1974
Version 1.05

==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-
Original File: C:\\_VIRUS\\Wscript.EXE
Modified File: WscriptX.EXE
==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-

There are times that it will hung or reboot the system.
There is no checking of file if already infected.

[How to Clean] Scan your system with Trend antivirus and delete all files detected as PENDANG
Check the dropped Viruslog.dll in c:\\ directory. In MS DOS mode, .Delete the infected files specified on the dll file. Then rename all the x.exe to its original name by deleting the file.


Mark Goyena
01.11.2001

Adalah dipercayai bahawa Virus Pendang mengambil nama sempena nama sebuah daerah Pendang, di Kedah. Malaysia.

4.World Peace

Walaupun virus ini tidak mempunyai signature yang mengatakan ia berasal dari Malaysia. Namun ia dianggap berasal dari Malaysia kerana ia mula ditemui di Malaysia pada Mei, 1992.

5. Bomber
7. Fellowship