Scores (computer virus)

Last updated
Scores
Common nameScores
Technical nameScores
AliasesEric
Vult
NASA
San Jose Flu
FamilyUnknown
Classification Virus
Type Macintosh
SubtypeCategorisation needed
IsolationSpring 1988
Point of isolationUnknown
Point of originUnknown
Author(s)Unknown

Scores was a computer virus affecting Macintosh machines. It was first discovered in Spring 1988. It was written by a disgruntled programmer and specifically attacks two applications that were under development at his former company. These programs were never released to the public. [1] [2] [3]

Overview

Scores infects the System, Notepad, and Scrapbook files under System 6 and System 7. There is a simple way to identify infection. Normal Notepad and Scrapbook icons will have specific icons under System 7, or little Macintosh icons under System 6. If the icons are blank document icons, it is a good indication the system is infected.

Scores begins to spread to other applications two days after infection. The Finder and DA Handler often become infected as well.

The second payload, activated after 4 days, will start causing crashes if programs with the ERIC or VULT signatures are run. Both signatures are found on programs written by Electronic Data Systems of Plano, Texas. If a program from the company is run, the virus will crash the system after 25 minutes.

The third payload activates after 7 days, and will actively try to stop programs with the VULT signature from writing to disk. If no write to disks happen within 10 minutes, the virus will crash the system.

The alleged author of the virus was questioned by the Federal Bureau of Investigation (FBI) soon after the virus was discovered. There were no federal laws with which to charge the author, so they remain free to this day. This loophole resulted in the "Computer Virus Eradication Act of 1988".

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">CIH (computer virus)</span> Windows 9x computer virus

CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows 9x computer virus that first emerged in 1998. Its payload is highly destructive to vulnerable systems, overwriting critical information on infected system drives and, in some cases, destroying the system BIOS. The virus was created by Chen Ing-hau, a student at Tatung University in Taiwan. It was believed to have infected sixty million computers internationally, resulting in an estimated NT$1 billion (US$35,801,231.56) in commercial damages.

<span class="mw-page-title-main">Scareware</span> Malware designed to elicit fear, shock, or anxiety

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Disinfectant was a popular antivirus software program for the classic Mac OS. It was originally released as freeware by John Norstad in the spring of 1989. Disinfectant featured a system extension that would detect virus infections and an application with which users could scan for and remove viruses. New versions of Disinfectant were subsequently released to detect additional viruses. Bob LeVitus praised and recommended Disinfectant in 1992. In May 1998, Norstad retired Disinfectant, citing the new danger posed by macro viruses, which Disinfectant did not detect, and the inability of a single individual to maintain a program that caught all of them.

Jerusalem is a logic bomb DOS virus first detected at Hebrew University of Jerusalem, in October 1987. On infection, the Jerusalem virus becomes memory resident, and then infects every executable file run, except for COMMAND.COM. COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. Executable files grow by 1,808 to 1,823 bytes each time they are infected, and are then re-infected each time the files are loaded until they are too large to load into memory. Some .EXE files are infected but do not grow because several overlays follow the genuine .EXE file in the same file. Sometimes .EXE files are incorrectly infected, causing the program to fail to run as soon as it is executed.

nVIR is an obsolete computer virus which can replicate on Macintosh computers running any System version from 4.1 to OS 8. The source code to the original nVIR has been made widely available, and so numerous variants have arisen. Each variant causes somewhat different symptoms, such as: application crashes, printing errors on laser printers, slow system response time, or unpredictable system crashes. nVIR spreads through any nVIR-infected program, but due to the long period of time nVIR lies basically dormant in a host system, nVIR generally finds its way into system backups and is not detected until the first overt symptoms appear. For example, if a disk used in an infected Macintosh is removed and inserted in a second Macintosh, the other machine will become infected if any application on that disk is executed in the second machine. Further, any method used to transfer programs between Macintoshes will spread nVIR, including file transfer over a network. However, nVIR cannot spread via a print network's hardware.

Blackworm is an Internet worm discovered on January 20, 2006 that infects several versions of Microsoft Windows. It is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a, CME-24, and Kama Sutra.

The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading worm for Mac OS X, discovered by the Apple security firm Intego on February 14, 2006. Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol. On most networks this limits it to a single IP subnet.

Form was a boot sector virus isolated in Switzerland in the summer of 1990 which became very common worldwide. The origin of Form is widely listed as Switzerland, but this may be an assumption based on its isolation locale. The only notable characteristics of Form are that it infects the boot sector instead of the Master Boot Record (MBR) and the clicking noises associated with some infections. Infections under Form can result in severe data damage if operating system characteristics are not identical to those Form assumes.

<span class="mw-page-title-main">Stoned (computer virus)</span> Computer virus

Stoned is a boot sector computer virus created in 1987. It is one of the first viruses and is thought to have been written by a student in Wellington, New Zealand. By 1989 it had spread widely in New Zealand and Australia, and variants became very common worldwide in the early 1990s.

<span class="mw-page-title-main">Ping-Pong virus</span> Boot sector computer virus

The Ping-Pong virus is a boot sector virus discovered on March 1, 1988, at the Politecnico di Torino in Italy. It was likely the most common and best known boot sector virus until outnumbered by the Stoned virus.

<span class="mw-page-title-main">MacMag</span> Computer virus

The MacMag virus, also known by various other names, is a computer virus introduced in 1988 by Richard Brandow, who at the time was editor and publisher of MacMag computer magazine in Montréal.

KoKo Virus is a memory resident computer virus created in March 1991. KoKo's name came from the creator himself, which was a nickname used by his friends. Many on-line virus databases refer to KoKo as Koko.1780. KoKo is written in the Assembly programming language and the executable file usually has an approximate file size of around 1780 bytes.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

The classic Macintosh startup sequence includes hardware tests which may trigger the startup chimes, Happy Mac, Sad Mac, and Chimes of Death.

ANTI is a computer virus affecting Apple Macintosh computers running classic Mac OS versions up to System 6. It was the first Macintosh virus not to create additional resources within infected files; instead, it patches existing CODE resources.

References

  1. "Virus:MacOS/Scores.A". www.microsoft.com. Retrieved 2016-03-23.
  2. "Scores - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2016-03-23.
  3. "Scores Virus". agn-www.informatik.uni-hamburg.de. Retrieved 2016-03-23.