The world smalest virus ever.
So dudes here is another kick the ass contribution to our zine. Smalest virus in sa world. Enjoy it and don't get infected. So pay attention on your A: drive. Maybe, you get the feeling the contribution is unreal, but remember this is no AF edition....
The smallest virus ever comes. From Slovakia, of course. From Vyvojar, of course. It's so small it can spread oraly. Just tell your friend 8B DE CD 26 and there it is - replicated. Now. The xtra quick intro to writing a virus. All you need is two instructions. First one is variable (polymorphism of fundamental level). So, whether you write 8B DE or B7 01 it doesn't matter that much and the conversation gets more colorful. All you need to get across is to put the right values into right register (the one and only BX). So and one half is done. Press any key to continue... Second instruction is, unfortunatelly, not polymorphic, but it works. It goes CD 26 and simply tells the machine to spread the virus. Virus is now replicated - hopefuly. Extra bonus: it's stealth (a little bit). And heuristics doesn't stand a chance. Possibly it infects archives as well (ZIP, ARJ, RAR etc.) ...
The first attempts to write a short virus date far back. Most of them are overwritting non-TSR tings. There has been a conference (virus-l) on intnet and they concluded the smallest ever was some Trivial.22 chap (gosh, 500% bigger than Kyjacisko).
Note for non-Slovak residents: if you don't know what Kyjacisko (Budzogan respectively) means, consult the Slovak embassy near you. If you don't know who Vyvojar is, you are not supposed to read this mag anyway.
Requirements: Works exclusively with MS-DOS, tested with 5.0+ (no win business, folks). Requires 4b free RAM (except for PSP and tings like that). First instruction sets BX register to 100h. You can achieve tis in several different ways. EG mov bx,si (A alternative), mov bh,01 (alt B) etc etc. Second instruction runs int 26h. Now, we need several tings for tis interrupt. Following registers should be set like dis:
ES:BX buffer to be written down.
CX number of sectors to be written.
DX logical sector number. Dis is all for today.
And now, let's see how did Microsoft set the registers for us.
AL = 0 (mostly) ........................... documented
BX = AX = 0 (we set to 100h, remember?) ... undocumented
CX = FFh .................................. undocumented
DX = ES = PSP segment = base address ...... partially documented
it should be all safe and clear now.
So the virus writes itself (or in fact 255 sectors) somewhere to the disk A:, where "somewhere" is determined by the PSP value. If a starting sector number of .COM or .EXE file is identical with DX value, such file gets infected. Often people start panicking like "how will it all end, what a bunch of data will be lost or it isn't a 4B virus when it writes 255 sectors etc etc". The answer, my friend is written in the empirical facts of other viruses as well as in the definition of a virus itself.
The motto of the day.