In the "old days" virus transmission via floppy disks was quite common. It's less common today simply because sharing via physical media is becoming rare. But, such transmission still exists and sometimes even comes via sources you might trust. Perhaps the best known media transmission was the AIDS Info Disk.
The AIDS Info Disk was a Trojan sent out via a mass mailing. If run, the Trojan replaced the AUTOEXEC.BAT file with one that would count the number of times the computer was booted and at 90 the Trojan would hide directories and encrypt the names of all files on the C: drive. This basically made the system unusable. After doing so, the Trojan would ask the user to "renew" their license by contacting the PC Cyborg Corporation and sending $378US to a Post Office box in Panama to get the decrypting information. (There were other versions of the Trojan that encrypted the disk on the first boot.)
The Trojan then produced a EULA that had some interesting sections...
- If you install [this] on a microcomputer...
- then under terms of this license you agree to pay PC Cyborg Corporation in full for the cost of leasing these programs...
- In the case of your breach of this license agreement, PC Cyborg reserves the right to take legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use...
- These program mechanisms will adversely affect other program applications...
- You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement; your conscience may haunt you for the rest of your life...
- and your [PC] will stop functioning normally...
- You are strictly prohibited from sharing [this product] with others...
Dr. Joseph Popp was identified as the person who sent the disk and was arrested by Scotland Yard.
Eventually, the filename encryption tables were determined and a restoration program was developed and widely spread. AIDSOUT removed the Trojan and CLEARAID recovered encrypted filenames. Fortunately, only the file names were encrypted; the data was left alone.
|