HOME

TheInfoList



Click Here for Items Related To - Lamer Exterminator
OR:
Lamer Exterminator on:   [Wikipedia]   [Google]   [Amazon]

Lamer Exterminator is a
computer virus A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and Code injection, inserting its own Computer language, code into those programs. If this replication succeeds, the affected areas ...
created for the
Amiga Amiga is a family of personal computers produced by Commodore International, Commodore from 1985 until the company's bankruptcy in 1994, with production by others afterward. The original model is one of a number of mid-1980s computers with 16-b ...
. It was first detected in Germany in October 1989. It is a
boot block A boot sector is the sector of a persistent data storage device (e.g., hard disk, floppy disk, optical disc, etc.) which contains machine code to be loaded into random-access memory (RAM) and then executed by a computer system's built-in firmwar ...
virus contained in the first 1024 bytes of the disk. It is notable as the first virus known to be defensive. It hooks into the system in such a way that examining a bootblock will return a normal result and upon replicating will also encrypt itself. Variants of the virus are known to use one of three different decrypt routines defined by The Amiga Virus Encyclopedia.The Amiga Virus Encyclopedi
link
/ref> A detection program can look for any of the known decrypt routines on the boot block area of the disk, or alternatively try to blindly brute force decrypt them. The first decrypt routine is a simple
XOR Exclusive or, exclusive disjunction, exclusive alternation, logical non-equivalence, or logical inequality is a logical operator whose negation is the logical biconditional. With two inputs, XOR is true if and only if the inputs differ (one ...
of every byte which only takes a maximum of 256 attempts to decrypt. The next includes an add byte in its decrypt routine, and takes a maximum of 256×256 attempts. The third uses 16 bit words in its decrypt routine, and takes a maximum of 65535×65535 attempts, which makes it less practical to solve. The first two versions (and variants that use the same decrypt routines), can also be identified as containing an identification word 0xABCD, as the last data on the boot block containing anything but zero values.


Symptoms

* Overwrites the bootblock * Remains RAM resident (allocating 1024 bytes and identifying itself: 'The LAMER Exterminator !!!') * Hooks into the system (remaining reset-resident) * Destroys media blocks by overwriting them 84 times with the string 'LAMER!', causing read/write errors on affected storage media. This causes filesystem corruption and data loss, which is unrecoverable.


References


External links


Detailed virus information


Amiga viruses Hacking in the 1980s {{malware-stub