Alcon (computer virus)

Last updated
Alcon
Common name Alcon
Technical name Alcon
Aliases RSY, Kendesm, Ken&Desmond, Ether
Family N/A
Classification Virus
Type DOS
Subtype Boot virus
Isolation 1997
Point of isolation Europe
Point of origin Unknown
Author(s) Unknown

Alcon, or RSY (which is more or less as commonly used of a name as Alcon), is a computer virus that was discovered to be spreading in Europe in 1997. It is a boot virus.

Contents

Infection

Alcon is a standard boot sector virus that spreads via floppies. Instead of the MBR, it infects the DBR, making some antivirus programs miss it.

A master boot record (MBR) is a special type of boot sector at the very beginning of partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The concept of MBRs was publicly introduced in 1983 with PC DOS 2.0.

Symptoms

Alcon contains no notable symptoms beyond one extremely damaging one, which is overwriting random information. Assuming that the overwrites are subtle, this may result in significant compounding data overtime, as Alcon is a slow damager.

Alcon contains the text "R.SY".

Prevalence

Alcon was listed as being spreading by the WildList from April 1998 to July 1999. F-Secure lists it as having been common in Europe throughout 1997. Like most boot viruses, it is near extinct, although it was certainly in the last wave of boot viruses, so cases involving Alcon may be false positives, but may also be due to older, unused infected disks resurfacing.

Aliases and variants

Alcon's most common alias is RSY, based on inclusions in the virus code. Other aliases include Kendesm, Ken&Desmond, and Ether. It is unknown where these names are derived from.

This virus is unrelated to W32/Alcon.

Related Research Articles

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target's computer and can take the form of executable code, scripts, active content, and other software. The code is described as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among other terms. Malware has a malicious intent, acting against the interest of the computer user—and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Brain (computer virus) computer virus

Brain is the industry standard name for a computer virus that was released in its first form in January 1986, and is considered to be the first computer virus for MS-DOS. It infects the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system. Brain was written by brothers, Basit Farooq Alvi and Amjad Farooq Alvi, from Lahore, Pakistan.

Antivirus software computer software to defend against malicious computer viruses

Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows 9x computer virus which first emerged in 1998. Its payload is highly destructive to vulnerable systems, overwriting critical information on infected system drives, and in some cases destroying the system BIOS. The virus was created by Chen Ing-hau who was a student at Tatung University in Taiwan. Now he is the chief executive officer and founder of 8tory. Sixty million computers were believed to be infected by the virus internationally, resulting in an estimated US$1 billion in commercial damages.

Abraxas, also known as Abraxas5, discovered in April 1993, is an encrypted, overwriting, file infecting computer virus which infects .COM and .EXE files, although it does not infect command.com. It does not become memory resident. Each time an infected file is executed, Abraxas infects the copy of dosshell.com located in the C:\DOS directory, as well as one EXE file in the current directory. Due to a bug in the virus, only the first EXE file in any directory is infected.

ILOVEYOU, sometimes referred to as Love Bug or Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 5 May 2000 local time in the Philippines when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The latter file extension was most often hidden by default on Windows computers of the time, leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual Basic script. The worm did damage on the local machine, overwriting random types of files, and sent a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook. In contrast, the Melissa virus only sent copies to the first 50 contacts. This made it spread much faster than any other previous email worm.

Infectious salmon anemia (ISA) is a viral disease of Atlantic salmon caused by Salmon isavirus. It affects fish farms in Canada, Norway, Scotland and Chile, causing severe losses to infected farms. ISA has been a World Organisation for Animal Health notifiable disease since 1990. In the EU, it is classified as a non-exotic disease, and is monitored by the European Community Reference Laboratory for Fish Diseases.

In computing, data recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).

The Michelangelo virus is a computer virus first discovered on 4 February 1991 in Australia. The virus was designed to infect DOS systems, but did not engage the operating system or make any OS calls. Michelangelo, like all boot sector viruses, operated at the BIOS level. Each year, the virus remained dormant until March 6, the birthday of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is doubtful that the virus writer intended Michelangelo to be referenced to the virus. The name was chosen by researchers who noticed the coincidence of the activation date. The actual significance of the date to the author is unknown. Michelangelo is a variant of the already endemic Stoned virus.

The Hare Virus was a destructive computer virus which infected DOS and Windows 95 machines in August 1996. It was also known as Hare.7610, Krsna and HD Euthanasia.

AntiCMOS is a boot virus. Its first discovery was at Lenart, Slovenia, which led to its alias of Lenart. It was isolated in Hong Kong several times at the beginning of 1994, but did not become common until it spread to North America in the Spring of 1995. AntiCMOS is a fairly standard boot virus, and is primarily notable for being one of the few DOS viruses to remain in the wild as of 2005.

This article contains all the viruses of Ontario family.

Blackworm is an Internet worm discovered on January 20, 2006 that infects several versions of Microsoft Windows. It is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a, CME-24, and Kama Sutra.

Form was a boot sector virus isolated in Switzerland in the summer of 1990 which became very common worldwide. The origin of Form is widely listed as Switzerland, but this may be an assumption based on its isolation locale. The only notable characteristics of Form are that it infects the boot sector instead of the Master Boot Record (MBR) and the clicking noises associated with some infections. Infections under Form can result in severe data damage if operating system characteristics are not identical to those Form assumes.

Stoned (computer virus) computer virus

Stoned is the name of a boot sector computer virus created in 1987. It is one of the very first viruses and is thought to have been written by a student in Wellington, New Zealand. By 1989 it had spread widely in New Zealand and Australia, and variants became very common worldwide in the early 1990s.

The Ping-Pong virus is a boot sector virus discovered on March 1, 1988 at the Politecnico di Torino in Italy. It was likely the most common and best known boot sector virus until outnumbered by the Stoned virus.

Natas is a computer virus written by James Gentile, a then-18-year-old hacker from San Diego, California who went by the alias of "Little Loc" and later "Priest". The virus was made for a Mexican politician who wanted to win the Mexican elections by affecting all the Mexican Federal Electoral Institute (IFE) computers with a floppy disk.

A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.

The Pikachu virus, sometimes referred to as Poké Virus, was a computer virus believed to be the first computer virus geared at children due to its incorporation of Pikachu from the Pokémon series. It was released on June 28, 2000, and arrived in the form of an e-mail titled "Pikachu Pokemon" [sic] with the body of the e-mail containing the text "Pikachu is your friend." Opening the attached executable met users with an image of Pikachu, along with a message stating, "Between millions of people around the world I found you. Don’t forget to remember this day every time MY FRIEND." The virus itself appeared in the attachment to the email as a file named "PikachuPokemon.exe".

References